131179 matches found
Unspecified Vulnerability in Dreamer CMS (CNVD-2025-21438)
Dreamer CMS is a dreamer content management system. A security vulnerability exists in Dreamer CMS 4.1.3.2 and earlier versions, which stems from improper handling of the file /admin/user/updatePwd, which could lead to weak password requirements. No details of the vulnerability are provided at th...
Unmark searchform.php file cross-site scripting vulnerability
Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions suffer from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in the file...
Gazelle Cross-Site Scripting Vulnerability
Gazelle is a web framework for private BitTorrent trackers. Gazelle suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Message in the file /sections/tools/managers/changelog.php, which can be...
Unspecified vulnerability in SueamCMS (CNVD-2025-21440)
SueamCMS is SueamCMS open source a content management system . A security vulnerability exists in SueamCMS version 0.1.2, which can be exploited by an attacker and may lead to the execution of arbitrary code...
Beauty Parlour Management System readenq.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/readenq.php. An attacker can exploit th...
Wavlink WL-WN578W2 Authorization Issues Vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An authorization issue vulnerability exists in Wavlink WL-WN578W2 version 221110, which stems from improper privilege management of the parameter newpass/confpass in the file /sysinit.html, which can be exploited by an attacker t...
RuoYi License Issue Vulnerability
RuoYi is a backend management system for individual developers in China RuoYi RuoYi. RuoYi 4.8.1 and previous versions of the authorization problem vulnerability, the vulnerability stems from the file / system / role / authUser / cancelAll in the parameter roleId and userIds there is improper...
Siemens Mobility Trainguard End-of-Train and Head-of-Train Weak Authentication Vulnerability
The Trainguard End-of-Train EOT is a new generation of end-of-train devices for connecting on-board telemetry.The Trainguard Head-of-Train HOT is a front-of-train device. These devices communicate using the S-9152 standard. A weak authentication vulnerability exists in Siemens Mobility Trainguard...
Unmark info.php file cross-site scripting vulnerability
Unmark is an open source to-do list application for bookmarking. A cross-site scripting vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file application/views/marks/info.ph...
CRMEB server-side request forgery vulnerability in Xi'an Zhongbang Network Technology Co.
CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...
Unmark Marks.php file cross-site scripting vulnerability
Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...
Axios Resource Management Error Vulnerability
Axios is Axios open source a Promise asynchronous programming a solution based on the HTTP client . Axios versions prior to 1.11.0 have a resource management error vulnerability that stems from unrestricted memory allocation when handling data scheme URLs, which can be exploited by an attacker to...
Unmark Code Issues Vulnerabilities
Unmark is an open source to-do list application for bookmarking. A code issue vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from incorrect manipulation of the parameter url in the file /application/controllers/Marks.php, which could lead to server-side request forgery. An...
Wavlink WL-WN578W2 sub_401340 function command injection vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...
Beauty Parlour Management System view-enquiry.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter viewid in file /admin/view-enquiry.php. An attacker can exploi...
Delta Electronics DIALink Directory Traversal Vulnerability (CNVD-2025-22948)
Delta Electronics DIALink is an industrial automation communication gateway from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIALink, which can be exploited by an attacker to cause authentication bypass...
Unspecified vulnerability in Xen (CNVD-2025-21370)
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...
Unspecified vulnerability in Xen (CNVD-2025-21331)
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...
WordPress WP Easy FAQs plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...
openDCIM Cross-Site Scripting Vulnerability
openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...
Unspecified vulnerability in Xen (CNVD-2025-21354)
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...
Unspecified Vulnerability in Microsoft Visual Studio Code (CNVD-2025-22193)
Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A security vulnerability exists in Microsoft Visual Studio Code that originates from insufficiently filtered or validated user-supplied data and can be exploited by an attacker to remotely execute arbitrary code...
WordPress Mixtape plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...
Unspecified vulnerability in Xen (CNVD-2025-21353)
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...
Delta Electronics DIALink Directory Traversal Vulnerability (CNVD-2025-22947)
Delta Electronics DIALink is an industrial automation communication gateway from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIALink, which can be exploited by an attacker to cause authentication bypass...
Tenda F3 goform/setParentControl file buffer overflow vulnerability
Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability, which stems from the goform/setParentControl file failing to properly validate the length size of input data, which can be exploited by an...
Google Chrome post-release reuse vulnerability (CNVD-2025-22931)
Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from a post-release reuse vulnerability that stems from the presence of post-release reuse in...
Unspecified Vulnerability in Dell PowerProtect Data Manager (CNVD-2025-22168)
Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. A security vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which can be exploited by...
Dell PowerProtect Data Manager Operating System Command Injection Vulnerability
Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. A security vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which can be exploited by...
Cisco IOS XR Data Forgery Issue Vulnerability (CNVD-2025-21252)
Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a data forgery vulnerability that arises from incomplete file validation during installation, which can be exploited by an attacker to cause unsigned...
Dell PowerProtect Data Manager Elevation of Privilege Vulnerability
Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. An elevation of privilege vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which stem...
Cisco IOS XR Access Control Error Vulnerability (CNVD-2025-21251)
Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from an Access Control Error vulnerability that stems from improper access control of the management interface ACL, which can be exploited by an attacker to cau...
WordPress Responsive Filterable Portfolio plugin Arbitrary File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Responsive Filterable Portfolio plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation in the HdnMediaSelectionimage fiel...
IBM Security Verify Information Queue Elevation of Privilege Vulnerability
IBM Security Verify Information Queue is a microservices architecture integration platform that leverages Kafka technology and a publish/subscribe model to integrate data between IBMSecurity products, acting as a cross-product data exchange hub. An elevation of privilege vulnerability exists in I...
WordPress MyBrain Utilities plugin cross-site scripting vulnerability
WordPress MyBrain Utilities plugin is a plugin for enhancing the functionality of your website, mainly for optimizing the performance and user experience. A cross-site scripting vulnerability exists in the WordPress MyBrain Utilities plugin that stems from insufficient input cleanup and output...
WordPress Maspik plugin authorization issue vulnerability
WordPress Maspik plugin is an anti-spam plugin for WordPress that is mainly used to protect website contact forms, comment areas and signup forms from spam. WordPress Maspik plugin suffers from an authorization issue vulnerability that stems from a lack of capability check in the function...
WordPress AutoCatSet Cross-Site Request Forgery Vulnerability
AutoCatSet is an automatic post categorization plugin for the WordPress platform. A cross-site request forgery vulnerability exists in AutoCatSet 2.1.4 and earlier versions, which stems from the autocatsetajax function not properly implementing a random number validation mechanism. An attacker ca...
WordPress Evenium plugin cross-site scripting vulnerability
The Evenium plugin is an event management tool for the WordPress platform for creating and integrating Evenium meeting management features. Evenium plugin version 1.3.11 and prior versions suffer from a stored XSS vulnerability that stems from insufficient filtering of shortcode user input...
FoxCMS SQL Injection Vulnerability
FoxCMS is a PHP-based content management system that provides web content management and publishing functions. A SQL injection vulnerability exists in FoxCMS 1.24 and earlier versions, which originates from the batchCope function in the /app/admin/controller/Images.php file that does not securely...
Unspecified Vulnerability in Dell PowerProtect Data Manager (CNVD-2025-22167)
Dell PowerProtect Data Manager PPDM is a set of data protection solutions from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. A security vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which can be...
InstantCMS Code Issues Vulnerabilities
InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...
WordPress Heateor Login plugin cross-site scripting vulnerability
WordPress Heateor Login plugin is a social login plugin for WordPress, which supports users to realize one-click login and registration function through 23 social networks such as Facebook, Twitter, LinkedIn, Google and so on. A cross-site scripting vulnerability exists in the WordPress Heateor...
Cisco IOS XR Resource Management Error Vulnerability (CNVD-2025-21253)
Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a Resource Management Error vulnerability that arises from uncontrolled resource consumption by an application, which can be exploited by an attacker to...
WordPress NitroPack plugin unauthorized modification vulnerability
WordPress NitroPack plugin is a speed optimization plugin that is mainly used to improve the loading speed of your website. WordPress NitroPack plugin has an unauthorized modification vulnerability that stems from a lack of capability check in the function nitropacksetcompressionajax, which can b...
DELL PowerProtect Data Manager Path Traversal Vulnerability
DELL PowerProtect Data Manager is a data protection solution from Dell Technologies designed for modern multi-cloud environments, supporting data protection and compliance management for physical, virtual and cloud workloads. A path traversal vulnerability exists in DELL PowerProtect Data Manager...
WordPress Certifica Cross-Site Scripting Vulnerability
Certifica is a certificate generation and management plugin for the WordPress platform. A stored XSS vulnerability exists in Certifica 3.1 and earlier versions, which stems from insufficient input filtering and output escaping of evento parameters. The vulnerability can be exploited to inject a...
WordPress Testimonial Plugin SQL Injection Vulnerability
WordPress Testimonial Plugin is a plugin for displaying customer feedback, testimonials or user reviews in your website, mainly for enhancing website trust and social proof. WordPress Testimonial Plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping ...
ChanCMS Server-Side Request Forgery Vulnerability
ChanCMS is a content management system. ChanCMS 3.3.0 version of the existence of server-side request forgery vulnerability, the vulnerability stems from the file / cms/collect/getArticle in the function CollectController parameter taskUrl does not implement a sufficient validation mechanism to...
WordPress WP Import plugin unauthorized access vulnerability
WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...
Dell PowerProtect Data Manager OS Command Injection Vulnerability (CNVD-2025-22166)
Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. An operating system command injection vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20...