Simple Grading System edit_student.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editstudent.php. An attacker can exploit this vulnerability to execute...

Directory Management System Cross-Site Scripting Vulnerability

Directory Management System is a directory management system. Directory Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter fullname in the file /admin/add-directory.php, which can ...

QNAP QTS and QuTS hero path traversal vulnerability (CNVD-2025-27805)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Apartment Management System month_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter txtMonthName in the file /setting/monthsetup.php. An attacker c...

Apartment Management System updateProfile.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter userid in the file /ajax/updateProfile.php. An attacker can exploit...

Human Resource Integrated System login_attendance2.php File SQL Injection Vulnerability

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter employeeid/date in the file loginattendance2.php. A...

Apartment Management System year_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtXYear in the file /setting/yearsetup.php. An attacker can...

QNAP QTS and QuTS hero out-of-bounds write vulnerabilities

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Simple Grading System delete_student.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /deletestudent.php. An attacker can exploit this vulnerability to execute...

Simple Grading System login.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /login.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

WordPress Mojoomla School Management plugin file upload vulnerability

WordPress Mojoomla School Management plugin is a WordPress plugin mainly used for school management system, support class management, student attendance, grade management, fee collection and other functions. WordPress Mojoomla School Management plugin has a file upload vulnerability, which stems...

TRENDnet TV-IP410 Command Injection Vulnerability

TRENDnet TV-IP410 is an Internet TV from TRENDnet. The TRENDnet TV-IP410 suffers from a command injection vulnerability that stems from misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause arbitrary command execution...

WordPress Amministrazione Trasparente plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Amministrazione Trasparente plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

Sports Management System /login.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates in the /login.php file that does not securely filter the User parameter. An attacker can exploit this vulnerability by constructing malicious SQL statements...

WordPress Plugin Beaver Builder Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Beaver Builder has a cross-site scripting vulnerability that can be exploited by an...

WordPress plugin Add Code To Head cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Code To Head exists cross-site scripting vulnerability, the vulnerability stems fro...

Apartment Management System bill_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/billinfo.php. An attacker can exploit this vulnerability...

IBM Watson Studio on Cloud Pak for Data Cross-Site Scripting Vulnerability

IBM Watson Studio on Cloud Pak for Data is an intelligent search and text analytics platform from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Watson Studio on Cloud Pak for Data versions 4.0 and 5.0, which stems from the application's lack of effective...

Tenda AC10 sub_46284C Function Stack Buffer Overflow Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the security5g parameter in the sub46284C function fails to...

Tenda AC10 Stack Buffer Overflow Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the getparentControllistInfo function fails to correctly valida...

Apartment Management System complain_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/complaininfo.php. An attacker can exploit this...

TOTOLINK X2000R Use of Default Credentials Vulnerability

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics TOTOLINK, which supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion. The TOTOLINK X2000R suffers from a Use Default Credentials vulnerability, which originates from an unknown functi...

WordPress bidorbuy Store Integrator plugin code injection vulnerability

WordPress bidorbuy Store Integrator plugin is a plugin for integrating WordPress websites with the Bidorbuy e-commerce platform, allowing users to quickly synchronize products to the Bidorbuy platform and automatically update product information. The WordPress bidorbuy Store Integrator plugin...

WordPress BetPress plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress BetPress plugin suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming...

WordPress Plugin B Slider Access Control Break Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in WordPress plugin B Slider, which stems from a lack ...

WordPress Plugin AutoWP Access Control Break Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin AutoWP, which stems from a lac...

WordPress Plugin ATT YouTube Widget Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin ATT YouTube Widget, no detaile...

WordPress Plugin All Bootstrap Blocks Access Control Break Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin All Bootstrap Blocks, which...

WordPress Plugin Advance Food Menu Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Advance Food Menu has a cross-site scripting vulnerability, the vulnerability stems fro...

Tenda AC10 Improper Access Control Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an improper access control vulnerability, which originates from improper access control of the /goform/ate endpoint, and c...

Tenda AC10 Elevation of Privilege Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an elevation of privilege vulnerability, which stems from an ate service input validation flaw that results in elevation t...

WordPress Plugin Ajax Search Lite Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Ajax Search Lite has an information disclosure vulnerability, the vulnerability stems...

Apartment Management System unit_status_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter usid in the file /report/unitstatusinfo.php. An attacker can exploit...

Tenda AC10 R7WebsSecurityHandler function stack buffer overflow vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the R7WebsSecurityHandler function in the Password parameter...

CGM CLININET SQL Injection Vulnerability (CNVD-2025-19809)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the getPerfServiceIds function. An attacker can exploit this vulnerability to...

CGM CLININET SQL Injection Vulnerability (CNVD-2025-19810)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of the UserID parameter of the getUserInfo function against external input SQL statements. An attacker can exploit this...

CGM CLININET SQL Injection Vulnerability (CNVD-2025-19811)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the UserID parameter of the OpenReportWindow.pl file. An attacker can exploit this...

Apartment Management System addvisitor.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /visitor/addvisitor.php. An attacker can exploit this...

Apartment Management System fair_info_all.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter fid in the file /report/fairinfoall.php. An attacker can exploit this...

DELL ThinOS 10 Parameter Injection Vulnerability

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from a parameter injection vulnerability that stems from improper parameter delimiter...

Apartment Management System rented_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter rsid in the file /report/rentedinfo.php. An attacker can exploit this...

Apartment Management System visitor_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/visitorinfo.php. An attacker can exploit this...

DELL ThinOS 10 Unauthorized Access Vulnerability

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from an unauthorized access vulnerability that stems from unvalidated ownership, which can be...

IBM Security Verify Governance Identity Manager Information Disclosure Vulnerability (CNVD-2025-23712)

IBM Security Verify Governance Identity Manager is IBM's identity governance and management solution for centralized management of enterprise user identities and access rights. An information disclosure vulnerability exists in IBM Security Verify Governance Identity Manager 10.0.2, which stems fr...

CGM CLININET Information Disclosure Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. An information disclosure vulnerability exists in CGM CLININET. The vulnerability stems from a configuration file that contains database login information and can be read by a local user, which can be exploited by an...

CGM CLININET Trust Management Issue Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a trust management issue vulnerability that stems from the decodeParam function not verifying the signature algorithm, which can be exploited by an attacker to generate arbitrary user sessions...

CGM CLININET Cross-Site Scripting Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Death Diagnosis Description field in the Oddzial module, which can be...

Unspecified vulnerability in CGM CLININET (CNVD-2025-19818)

CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET, which can be exploited by attackers to gain unauthorized access to sensitive information...

Unspecified Vulnerability in CGM CLININET

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET has a security vulnerability that can be exploited by attackers to potentially cause information leakage...

CGM CLININET Code Injection Vulnerability (CNVD-2025-19815)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the uhcPrintServerPrint function failing to properly filter special elements of the constructed code segment. An attacker could exploit this...