Wavlink WL-WN578W2 sub_404850 function OS Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An operating system command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter deletelist in the function sub404850 in the file /cgi-bin/wireless.cgi that fails to correctly...

Beauty Parlour Management System readenq.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/readenq.php. An attacker can exploit th...

Wavlink WL-WN578W2 Authorization Issues Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An authorization issue vulnerability exists in Wavlink WL-WN578W2 version 221110, which stems from improper privilege management of the parameter newpass/confpass in the file /sysinit.html, which can be exploited by an attacker t...

Wavlink WL-WN578W2 Access Control Error Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An access control error vulnerability exists in the Wavlink WL-WN578W2 version 221110, which originates from an incorrect access control in the file /liveonline.shtml, which can be exploited by an attacker to cause information...

Wavlink WL-WN578W2 sub_409184 Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter selEncrypTyp of the function sub409184 in the file /wizardrep.shtml that fails to correctly filter the constructor...

Wavlink WL-WN578W2 sub_401C5C function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. Wavlink WL-WN578W2 221110 version exists a command injection vulnerability, the vulnerability stems from the parameter pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled of the function...

Wavlink WL-WN578W2 sub_401340 function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

Unmark Code Issues Vulnerabilities

Unmark is an open source to-do list application for bookmarking. A code issue vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from incorrect manipulation of the parameter url in the file /application/controllers/Marks.php, which could lead to server-side request forgery. An...

Unmark Marks.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...

Unmark info.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. A cross-site scripting vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file application/views/marks/info.ph...

Unspecified vulnerability in SueamCMS (CNVD-2025-21440)

SueamCMS is SueamCMS open source a content management system . A security vulnerability exists in SueamCMS version 0.1.2, which can be exploited by an attacker and may lead to the execution of arbitrary code...

Online Shopping Portal Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store. A cross-site scripting vulnerability exists in Online Shopping Portal, which can be exploited by an attacker to cause a cross-site scripting attack, due to a failure to clean inputs to the quantity parameter when adding items to the shopping cart...

Beauty Parlour Management System view-enquiry.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter viewid in file /admin/view-enquiry.php. An attacker can exploi...

Gazelle Cross-Site Scripting Vulnerability

Gazelle is a web framework for private BitTorrent trackers. Gazelle suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Message in the file /sections/tools/managers/changelog.php, which can be...

Flowise Access Control Error Vulnerability

Flowise is a FlowiseAI open source tool for easily building LLM applications. An Access Control Error vulnerability exists in Flowise 3.0.5 and prior versions, which stems from the forgot-password endpoint returning a password reset token without authentication, and can be exploited by an attacke...

D-Link DIR-823x Command Injection Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...

CRMEB server-side request forgery vulnerability in Xi'an Zhongbang Network Technology Co.

CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...

Unspecified Vulnerability in AXIS BANK Axis Mobile App

AXIS BANK Axis Mobile App is a mobile banking application by AXIS BANK India. AXIS BANK Axis Mobile App version 9.9 has a security vulnerability that can be exploited by an attacker that may lead to the disclosure of account information, balances, transaction history and other data...

Siemens Mobility Trainguard End-of-Train and Head-of-Train Weak Authentication Vulnerability

The Trainguard End-of-Train EOT is a new generation of end-of-train devices for connecting on-board telemetry.The Trainguard Head-of-Train HOT is a front-of-train device. These devices communicate using the S-9152 standard. A weak authentication vulnerability exists in Siemens Mobility Trainguard...

Unspecified vulnerability in curl (CNVD-2025-21413)

curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...

Wavlink WL-WN578W2 sub_404DBC Function OS Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. The Wavlink WL-WN578W2 221110 version has an operating system command injection vulnerability, which originates from the parameter macAddr in the sub404DBC function of the file /cgi-bin/wireless.cgi that fails to correctly filter...

Unmark searchform.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions suffer from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in the file...

Unspecified Vulnerability in Dreamer CMS (CNVD-2025-21438)

Dreamer CMS is a dreamer content management system. A security vulnerability exists in Dreamer CMS 4.1.3.2 and earlier versions, which stems from improper handling of the file /admin/user/updatePwd, which could lead to weak password requirements. No details of the vulnerability are provided at th...

Delta Electronics DIALink Directory Traversal Vulnerability (CNVD-2025-22947)

Delta Electronics DIALink is an industrial automation communication gateway from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIALink, which can be exploited by an attacker to cause authentication bypass...

WordPress WP Easy FAQs plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

WordPress Mixtape plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

openDCIM Cross-Site Scripting Vulnerability

openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...

Delta Electronics DIALink Directory Traversal Vulnerability (CNVD-2025-22948)

Delta Electronics DIALink is an industrial automation communication gateway from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIALink, which can be exploited by an attacker to cause authentication bypass...

Unspecified Vulnerability in Microsoft Visual Studio Code (CNVD-2025-22193)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A security vulnerability exists in Microsoft Visual Studio Code that originates from insufficiently filtered or validated user-supplied data and can be exploited by an attacker to remotely execute arbitrary code...

Unspecified vulnerability in Xen (CNVD-2025-21353)

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

Unspecified vulnerability in Xen (CNVD-2025-21354)

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

Unspecified vulnerability in Xen (CNVD-2025-21331)

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

Unspecified vulnerability in Xen (CNVD-2025-21370)

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

WordPress WP Import plugin unauthorized access vulnerability

WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...

WordPress Maspik - Ultimate Spam Protection plugin Cross-Site Request Forgery Vulnerability

WordPress Heateor Maspik - Ultimate Spam Protection plugin is an anti-spam plugin designed specifically for WordPress that protects contact forms, comment areas and signup forms from spam through a variety of technical means. The WordPress Maspik - Ultimate Spam Protection plugin suffers from a...

Cisco IOS XR Access Control Error Vulnerability (CNVD-2025-21251)

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from an Access Control Error vulnerability that stems from improper access control of the management interface ACL, which can be exploited by an attacker to cau...

JEPaaS Access Control Error Vulnerability

JEPaaS is a low-code rapid development platform for building enterprise-class applications. A security vulnerability exists in JEPaaS 7.2.8, which stems from the doFilterInternal function of the Filter Handler component not properly enforcing access control. The vulnerability can be exploited by ...

ChanCMS SQL Injection Vulnerability

ChanCMS is a content management system. ChanCMS 3.3.0 and earlier versions suffer from a SQL injection vulnerability, which originates from the lack of validation of the Search parameter key in the app/modules/api/service/Api.js function against external input SQL statements. An attacker can...

WordPress Duplicate Page and Post plugin SQL Injection Vulnerability

WordPress Duplicate Page and Post plugin is a plugin for quickly duplicating pages or posts, supporting one-click cloning of existing content and saving it to draft, private or public status, for users who need to batch process website content. WordPress Duplicate Page and Post plugin suffers fro...

Cisco IOS XR Resource Management Error Vulnerability (CNVD-2025-21253)

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a Resource Management Error vulnerability that arises from uncontrolled resource consumption by an application, which can be exploited by an attacker to...

Cisco IOS XR Data Forgery Issue Vulnerability (CNVD-2025-21252)

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a data forgery vulnerability that arises from incomplete file validation during installation, which can be exploited by an attacker to cause unsigned...

WordPress Testimonial Plugin SQL Injection Vulnerability

WordPress Testimonial Plugin is a plugin for displaying customer feedback, testimonials or user reviews in your website, mainly for enhancing website trust and social proof. WordPress Testimonial Plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping ...

WordPress Responsive Filterable Portfolio plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Responsive Filterable Portfolio plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation in the HdnMediaSelectionimage fiel...

WordPress NitroPack plugin unauthorized modification vulnerability

WordPress NitroPack plugin is a speed optimization plugin that is mainly used to improve the loading speed of your website. WordPress NitroPack plugin has an unauthorized modification vulnerability that stems from a lack of capability check in the function nitropacksetcompressionajax, which can b...

WordPress MyBrain Utilities plugin cross-site scripting vulnerability

WordPress MyBrain Utilities plugin is a plugin for enhancing the functionality of your website, mainly for optimizing the performance and user experience. A cross-site scripting vulnerability exists in the WordPress MyBrain Utilities plugin that stems from insufficient input cleanup and output...

WordPress Maspik plugin authorization issue vulnerability

WordPress Maspik plugin is an anti-spam plugin for WordPress that is mainly used to protect website contact forms, comment areas and signup forms from spam. WordPress Maspik plugin suffers from an authorization issue vulnerability that stems from a lack of capability check in the function...

WordPress Heateor Login plugin cross-site scripting vulnerability

WordPress Heateor Login plugin is a social login plugin for WordPress, which supports users to realize one-click login and registration function through 23 social networks such as Facebook, Twitter, LinkedIn, Google and so on. A cross-site scripting vulnerability exists in the WordPress Heateor...

Tenda F3 goform/setWifi file buffer overflow vulnerability

Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability that originates from the goform/setWifi file failing to properly validate the length size of the input data, which can be exploited by an...

Tenda F3 goform/setQoS file buffer overflow vulnerability

Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability that originates from the QosList parameter of the goform/setQoS file failing to properly validate the length size of the input data, which can...

Tenda F3 macFilterList Parameter Buffer Overflow Vulnerability

Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability, which stems from the goform/setNAT file macFilterList parameter failing to properly validate the length size of the input data, which can be...