Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/09/16 12:0 a.m.•6 views

Unspecified Vulnerability in Dreamer CMS (CNVD-2025-21438)

Dreamer CMS is a dreamer content management system. A security vulnerability exists in Dreamer CMS 4.1.3.2 and earlier versions, which stems from improper handling of the file /admin/user/updatePwd, which could lead to weak password requirements. No details of the vulnerability are provided at th...

3.1CVSS4.5AI score0.0022EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•4 views

Unmark searchform.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions suffer from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in the file...

6.1CVSS4.7AI score0.00385EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•2 views

Gazelle Cross-Site Scripting Vulnerability

Gazelle is a web framework for private BitTorrent trackers. Gazelle suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Message in the file /sections/tools/managers/changelog.php, which can be...

5.1CVSS4.4AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•3 views

Unspecified vulnerability in SueamCMS (CNVD-2025-21440)

SueamCMS is SueamCMS open source a content management system . A security vulnerability exists in SueamCMS version 0.1.2, which can be exploited by an attacker and may lead to the execution of arbitrary code...

9.8CVSS7.1AI score0.00825EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•2 views

Beauty Parlour Management System readenq.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/readenq.php. An attacker can exploit th...

9.8CVSS7.9AI score0.00383EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•4 views

Wavlink WL-WN578W2 Authorization Issues Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An authorization issue vulnerability exists in Wavlink WL-WN578W2 version 221110, which stems from improper privilege management of the parameter newpass/confpass in the file /sysinit.html, which can be exploited by an attacker t...

6.9CVSS5.7AI score0.00439EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•13 views

RuoYi License Issue Vulnerability

RuoYi is a backend management system for individual developers in China RuoYi RuoYi. RuoYi 4.8.1 and previous versions of the authorization problem vulnerability, the vulnerability stems from the file / system / role / authUser / cancelAll in the parameter roleId and userIds there is improper...

5.5CVSS5.5AI score0.00338EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•3 views

Siemens Mobility Trainguard End-of-Train and Head-of-Train Weak Authentication Vulnerability

The Trainguard End-of-Train EOT is a new generation of end-of-train devices for connecting on-board telemetry.The Trainguard Head-of-Train HOT is a front-of-train device. These devices communicate using the S-9152 standard. A weak authentication vulnerability exists in Siemens Mobility Trainguard...

7.2AI score
Exploits0
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•5 views

Unmark info.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. A cross-site scripting vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file application/views/marks/info.ph...

5.4CVSS4.5AI score0.00244EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•3 views

CRMEB server-side request forgery vulnerability in Xi'an Zhongbang Network Technology Co.

CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...

8.8CVSS6.7AI score0.00297EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•2 views

Unmark Marks.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...

5.4CVSS4.5AI score0.00262EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•4 views

Axios Resource Management Error Vulnerability

Axios is Axios open source a Promise asynchronous programming a solution based on the HTTP client . Axios versions prior to 1.11.0 have a resource management error vulnerability that stems from unrestricted memory allocation when handling data scheme URLs, which can be exploited by an attacker to...

7.5CVSS6.4AI score0.0106EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•4 views

Unmark Code Issues Vulnerabilities

Unmark is an open source to-do list application for bookmarking. A code issue vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from incorrect manipulation of the parameter url in the file /application/controllers/Marks.php, which could lead to server-side request forgery. An...

9.8CVSS6.5AI score0.00396EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•4 views

Wavlink WL-WN578W2 sub_401340 function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

8.8CVSS6.9AI score0.06789EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•5 views

Beauty Parlour Management System view-enquiry.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter viewid in file /admin/view-enquiry.php. An attacker can exploi...

9.8CVSS7.9AI score0.0041EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•8 views

Delta Electronics DIALink Directory Traversal Vulnerability (CNVD-2025-22948)

Delta Electronics DIALink is an industrial automation communication gateway from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIALink, which can be exploited by an attacker to cause authentication bypass...

10CVSS7.1AI score0.01217EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•3 views

Unspecified vulnerability in Xen (CNVD-2025-21370)

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

9.8CVSS6.3AI score0.00341EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•3 views

Unspecified vulnerability in Xen (CNVD-2025-21331)

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

9.8CVSS6.3AI score0.00435EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•2 views

WordPress WP Easy FAQs plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

6.4CVSS6.3AI score0.0028EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•2 views

openDCIM Cross-Site Scripting Vulnerability

openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...

5.1CVSS5.1AI score0.00246EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•6 views

Unspecified vulnerability in Xen (CNVD-2025-21354)

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

7.5CVSS6.3AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•11 views

Unspecified Vulnerability in Microsoft Visual Studio Code (CNVD-2025-22193)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A security vulnerability exists in Microsoft Visual Studio Code that originates from insufficiently filtered or validated user-supplied data and can be exploited by an attacker to remotely execute arbitrary code...

9.8CVSS7.3AI score0.00849EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•5 views

WordPress Mixtape plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

6.4CVSS6.3AI score0.0018EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•5 views

Unspecified vulnerability in Xen (CNVD-2025-21353)

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

7.5CVSS6.3AI score0.0042EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/15 12:0 a.m.•6 views

Delta Electronics DIALink Directory Traversal Vulnerability (CNVD-2025-22947)

Delta Electronics DIALink is an industrial automation communication gateway from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIALink, which can be exploited by an attacker to cause authentication bypass...

7.3CVSS7.1AI score0.13174EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•3 views

Tenda F3 goform/setParentControl file buffer overflow vulnerability

Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability, which stems from the goform/setParentControl file failing to properly validate the length size of input data, which can be exploited by an...

5.6CVSS7.3AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•4 views

Google Chrome post-release reuse vulnerability (CNVD-2025-22931)

Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from a post-release reuse vulnerability that stems from the presence of post-release reuse in...

8.8CVSS6.7AI score0.00589EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•3 views

Unspecified Vulnerability in Dell PowerProtect Data Manager (CNVD-2025-22168)

Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. A security vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which can be exploited by...

7.8CVSS7.4AI score0.0012EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•6 views

Dell PowerProtect Data Manager Operating System Command Injection Vulnerability

Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. A security vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which can be exploited by...

8.2CVSS7AI score0.00474EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•2 views

Cisco IOS XR Data Forgery Issue Vulnerability (CNVD-2025-21252)

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a data forgery vulnerability that arises from incomplete file validation during installation, which can be exploited by an attacker to cause unsigned...

6CVSS6.5AI score0.00096EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•6 views

Dell PowerProtect Data Manager Elevation of Privilege Vulnerability

Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. An elevation of privilege vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which stem...

7.8CVSS7AI score0.00095EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•3 views

Cisco IOS XR Access Control Error Vulnerability (CNVD-2025-21251)

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from an Access Control Error vulnerability that stems from improper access control of the management interface ACL, which can be exploited by an attacker to cau...

5.3CVSS6.5AI score0.00294EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•3 views

WordPress Responsive Filterable Portfolio plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Responsive Filterable Portfolio plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation in the HdnMediaSelectionimage fiel...

7.2CVSS6.9AI score0.00526EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•5 views

IBM Security Verify Information Queue Elevation of Privilege Vulnerability

IBM Security Verify Information Queue is a microservices architecture integration platform that leverages Kafka technology and a publish/subscribe model to integrate data between IBMSecurity products, acting as a cross-product data exchange hub. An elevation of privilege vulnerability exists in I...

6.8CVSS7AI score0.00194EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•1 views

WordPress MyBrain Utilities plugin cross-site scripting vulnerability

WordPress MyBrain Utilities plugin is a plugin for enhancing the functionality of your website, mainly for optimizing the performance and user experience. A cross-site scripting vulnerability exists in the WordPress MyBrain Utilities plugin that stems from insufficient input cleanup and output...

6.4CVSS5.9AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•2 views

WordPress Maspik plugin authorization issue vulnerability

WordPress Maspik plugin is an anti-spam plugin for WordPress that is mainly used to protect website contact forms, comment areas and signup forms from spam. WordPress Maspik plugin suffers from an authorization issue vulnerability that stems from a lack of capability check in the function...

4.3CVSS6.6AI score0.0023EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•2 views

WordPress AutoCatSet Cross-Site Request Forgery Vulnerability

AutoCatSet is an automatic post categorization plugin for the WordPress platform. A cross-site request forgery vulnerability exists in AutoCatSet 2.1.4 and earlier versions, which stems from the autocatsetajax function not properly implementing a random number validation mechanism. An attacker ca...

4.3CVSS6.5AI score0.00151EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•6 views

WordPress Evenium plugin cross-site scripting vulnerability

The Evenium plugin is an event management tool for the WordPress platform for creating and integrating Evenium meeting management features. Evenium plugin version 1.3.11 and prior versions suffer from a stored XSS vulnerability that stems from insufficient filtering of shortcode user input...

6.4CVSS6.5AI score0.0018EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•4 views

FoxCMS SQL Injection Vulnerability

FoxCMS is a PHP-based content management system that provides web content management and publishing functions. A SQL injection vulnerability exists in FoxCMS 1.24 and earlier versions, which originates from the batchCope function in the /app/admin/controller/Images.php file that does not securely...

9.8CVSS6.8AI score0.00336EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•4 views

Unspecified Vulnerability in Dell PowerProtect Data Manager (CNVD-2025-22167)

Dell PowerProtect Data Manager PPDM is a set of data protection solutions from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. A security vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which can be...

5CVSS6.7AI score0.00104EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•2 views

InstantCMS Code Issues Vulnerabilities

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

7.2CVSS6.4AI score0.00423EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•2 views

WordPress Heateor Login plugin cross-site scripting vulnerability

WordPress Heateor Login plugin is a social login plugin for WordPress, which supports users to realize one-click login and registration function through 23 social networks such as Facebook, Twitter, LinkedIn, Google and so on. A cross-site scripting vulnerability exists in the WordPress Heateor...

6.4CVSS5.9AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•4 views

Cisco IOS XR Resource Management Error Vulnerability (CNVD-2025-21253)

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a Resource Management Error vulnerability that arises from uncontrolled resource consumption by an application, which can be exploited by an attacker to...

7.4CVSS6.7AI score0.00589EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•4 views

WordPress NitroPack plugin unauthorized modification vulnerability

WordPress NitroPack plugin is a speed optimization plugin that is mainly used to improve the loading speed of your website. WordPress NitroPack plugin has an unauthorized modification vulnerability that stems from a lack of capability check in the function nitropacksetcompressionajax, which can b...

4.3CVSS6.7AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•5 views

DELL PowerProtect Data Manager Path Traversal Vulnerability

DELL PowerProtect Data Manager is a data protection solution from Dell Technologies designed for modern multi-cloud environments, supporting data protection and compliance management for physical, virtual and cloud workloads. A path traversal vulnerability exists in DELL PowerProtect Data Manager...

4.4CVSS6.8AI score0.00148EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•2 views

WordPress Certifica Cross-Site Scripting Vulnerability

Certifica is a certificate generation and management plugin for the WordPress platform. A stored XSS vulnerability exists in Certifica 3.1 and earlier versions, which stems from insufficient input filtering and output escaping of evento parameters. The vulnerability can be exploited to inject a...

6.4CVSS6.1AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•2 views

WordPress Testimonial Plugin SQL Injection Vulnerability

WordPress Testimonial Plugin is a plugin for displaying customer feedback, testimonials or user reviews in your website, mainly for enhancing website trust and social proof. WordPress Testimonial Plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping ...

6.5CVSS8.1AI score0.00258EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•4 views

ChanCMS Server-Side Request Forgery Vulnerability

ChanCMS is a content management system. ChanCMS 3.3.0 version of the existence of server-side request forgery vulnerability, the vulnerability stems from the file / cms/collect/getArticle in the function CollectController parameter taskUrl does not implement a sufficient validation mechanism to...

6.5CVSS6.5AI score0.00649EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•6 views

WordPress WP Import plugin unauthorized access vulnerability

WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...

7.7CVSS6.5AI score0.00266EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/12 12:0 a.m.•7 views

Dell PowerProtect Data Manager OS Command Injection Vulnerability (CNVD-2025-22166)

Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. An operating system command injection vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20...

7.8CVSS7.7AI score0.0054EPSS
Exploits0References1
Total number of security vulnerabilities131179