Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/09/02 12:0 a.m.•7 views

Apartment Management System utility_bill_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtGasBill in the file /setting/utilitybillsetup.php. An attacker can...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/02 12:0 a.m.•4 views

QNAP Qsync Central Null Pointer Dereference Vulnerability (CNVD-2025-23638)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A null pointer dereference vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to cause a deni...

6.5CVSS6.7AI score0.0034EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/02 12:0 a.m.•4 views

WordPress Solwin Blog Designer PRO plugin file inclusion vulnerability

WordPress Solwin Blog Designer PRO plugin is a WordPress plugin, mainly used for customizing the design of blog pages, without coding to achieve a variety of style adjustments. A file inclusion vulnerability exists in the WordPress Solwin Blog Designer PRO plugin, which stems from not effectively...

8.1CVSS6.6AI score0.00436EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/02 12:0 a.m.•6 views

QNAP Qsync Central SQL Injection Vulnerability (CNVD-2025-23620)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A SQL injection vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to execute unauthorized co...

8.8CVSS8.4AI score0.00427EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/02 12:0 a.m.•6 views

QNAP Qsync Central Unlimited Resource Allocation Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. An unrestricted resource allocation vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to...

7.1CVSS6.9AI score0.00419EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/01 12:0 a.m.•5 views

Sports Management System /login.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates in the /login.php file that does not securely filter the User parameter. An attacker can exploit this vulnerability by constructing malicious SQL statements...

9.8CVSS7.7AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•4 views

Tenda AC10 Stack Buffer Overflow Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the getparentControllistInfo function fails to correctly valida...

7.5CVSS7.5AI score0.00365EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•4 views

Apartment Management System bill_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/billinfo.php. An attacker can exploit this vulnerability...

9.8CVSS8.3AI score0.00465EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•1 views

WordPress bidorbuy Store Integrator plugin code injection vulnerability

WordPress bidorbuy Store Integrator plugin is a plugin for integrating WordPress websites with the Bidorbuy e-commerce platform, allowing users to quickly synchronize products to the Bidorbuy platform and automatically update product information. The WordPress bidorbuy Store Integrator plugin...

9.1CVSS8AI score0.00346EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•2 views

WordPress BetPress plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress BetPress plugin suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming...

7.1CVSS6.8AI score0.00115EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•1 views

WordPress Plugin AutoWP Access Control Break Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin AutoWP, which stems from a lac...

4.3CVSS6.7AI score0.0022EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•1 views

WordPress Plugin ATT YouTube Widget Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin ATT YouTube Widget, no detaile...

7.1CVSS6.8AI score0.00118EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•2 views

WordPress Plugin Advance Food Menu Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Advance Food Menu has a cross-site scripting vulnerability, the vulnerability stems fro...

5.9CVSS6.2AI score0.0021EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•5 views

WordPress Plugin Ajax Search Lite Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Ajax Search Lite has an information disclosure vulnerability, the vulnerability stems...

5.9CVSS6.2AI score0.00286EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•5 views

Tenda AC10 R7WebsSecurityHandler function stack buffer overflow vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the R7WebsSecurityHandler function in the Password parameter...

5.3CVSS7.5AI score0.00479EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•4 views

Tenda AC10 Improper Access Control Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an improper access control vulnerability, which originates from improper access control of the /goform/ate endpoint, and c...

5.3CVSS7AI score0.00222EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•2 views

Apartment Management System unit_status_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter usid in the file /report/unitstatusinfo.php. An attacker can exploit...

9.8CVSS7.9AI score0.00409EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•3 views

WordPress Plugin Beaver Builder Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Beaver Builder has a cross-site scripting vulnerability that can be exploited by an...

6.1CVSS6.1AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•4 views

Apartment Management System complain_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/complaininfo.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•3 views

WordPress Plugin All Bootstrap Blocks Access Control Break Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin All Bootstrap Blocks, which...

6.5CVSS6.7AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•8 views

TOTOLINK X2000R Use of Default Credentials Vulnerability

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics TOTOLINK, which supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion. The TOTOLINK X2000R suffers from a Use Default Credentials vulnerability, which originates from an unknown functi...

7CVSS6.9AI score0.00193EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•8 views

Tenda AC10 sub_46284C Function Stack Buffer Overflow Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the security5g parameter in the sub46284C function fails to...

5.3CVSS7.5AI score0.00546EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•4 views

WordPress plugin Add Code To Head cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Code To Head exists cross-site scripting vulnerability, the vulnerability stems fro...

5.9CVSS6.5AI score0.00204EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•3 views

IBM Watson Studio on Cloud Pak for Data Cross-Site Scripting Vulnerability

IBM Watson Studio on Cloud Pak for Data is an intelligent search and text analytics platform from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Watson Studio on Cloud Pak for Data versions 4.0 and 5.0, which stems from the application's lack of effective...

5.4CVSS5.9AI score0.00166EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•3 views

WordPress Plugin B Slider Access Control Break Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in WordPress plugin B Slider, which stems from a lack ...

5.8CVSS6.7AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/31 12:0 a.m.•5 views

Tenda AC10 Elevation of Privilege Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an elevation of privilege vulnerability, which stems from an ate service input validation flaw that results in elevation t...

5.3CVSS7.5AI score0.00973EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•4 views

Apartment Management System addvisitor.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /visitor/addvisitor.php. An attacker can exploit this...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•5 views

CGM CLININET SQL Injection Vulnerability (CNVD-2025-19811)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the UserID parameter of the OpenReportWindow.pl file. An attacker can exploit this...

9.4CVSS8AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•2 views

Apartment Management System addbranch.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /branch/addbranch.php. An attacker can exploit this...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•4 views

Unspecified vulnerability in CGM CLININET (CNVD-2025-19818)

CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET, which can be exploited by attackers to gain unauthorized access to sensitive information...

9.4CVSS6.7AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•3 views

DELL ThinOS 10 Parameter Injection Vulnerability

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from a parameter injection vulnerability that stems from improper parameter delimiter...

8.4CVSS7.3AI score0.00196EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•2 views

CGM CLININET Information Disclosure Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. An information disclosure vulnerability exists in CGM CLININET. The vulnerability stems from a configuration file that contains database login information and can be read by a local user, which can be exploited by an...

9.4CVSS5.9AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•2 views

Apartment Management System rented_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter rsid in the file /report/rentedinfo.php. An attacker can exploit this...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•1 views

Unspecified Vulnerability in CGM CLININET

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET has a security vulnerability that can be exploited by attackers to potentially cause information leakage...

9.4CVSS6.7AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•1 views

CGM CLININET Access Control Error Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an Access Control Error vulnerability that originates from improper access control in the /cgi-bin/CliniNET.prd/utils/dblogstat.pl endpoint, which can be exploited by an attacker to gain...

9CVSS6.8AI score0.00165EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•3 views

CGM CLININET Code Injection Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...

9.4CVSS8AI score0.00737EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•3 views

CGM CLININET SQL Injection Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an SQL injection vulnerability that originates from the lack of validation of the pesel parameter of the getPatientIdentifier function against externally entered SQL statements. An attacker can...

9.4CVSS8.1AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•4 views

Tenda AC6 fromSetIpMacBind Function Buffer Overflow Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 suffers from a buffer overflow vulnerability that originates from the list parameter in the...

6.5CVSS7.5AI score0.00231EPSS
Exploits1References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•3 views

CGM CLININET Access Control Error Vulnerability (CNVD-2025-19816)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an Access Control Error vulnerability that originates from improper access control in /cgi-bin/CliniNET.prd/utils/userlogxls.pl, which can be exploited by an attacker to gain unauthorized access t...

9.4CVSS6.8AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•4 views

DELL ThinOS 10 Unauthorized Access Vulnerability

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from an unauthorized access vulnerability that stems from unvalidated ownership, which can be...

7.8CVSS6.8AI score0.00119EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•2 views

CGM CLININET Cross-Site Scripting Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Death Diagnosis Description field in the Oddzial module, which can be...

9.4CVSS6.2AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•2 views

CGM CLININET Code Injection Vulnerability (CNVD-2025-19814)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from a system function that fails to properly filter special elements of a constructed code segment. An attacker can exploit this vulnerability to execute...

9.4CVSS8AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•3 views

CGM CLININET Code Injection Vulnerability (CNVD-2025-19815)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the uhcPrintServerPrint function failing to properly filter special elements of the constructed code segment. An attacker could exploit this...

9.4CVSS8AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•4 views

CGM CLININET Access Control Error Vulnerability (CNVD-2025-19813)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an Access Control Error vulnerability that originates from improper access control in the serverConfig endpoint, which can be exploited by an attacker to gain unauthorized access to sensitive...

9.4CVSS6.8AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•3 views

CGM CLININET Code Injection Vulnerability (CNVD-2025-19812)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the RunCommand function failing to properly filter the special elements of the constructor code segment. An attacker can exploit this vulnerability t...

9.4CVSS8AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•5 views

CGM CLININET SQL Injection Vulnerability (CNVD-2025-19809)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the getPerfServiceIds function. An attacker can exploit this vulnerability to...

9.4CVSS8.1AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•3 views

CGM CLININET Trust Management Issue Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a trust management issue vulnerability that stems from the decodeParam function not verifying the signature algorithm, which can be exploited by an attacker to generate arbitrary user sessions...

9.4CVSS6.8AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•4 views

CGM CLININET Access Control Error Vulnerability (CNVD-2025-19807)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an access control error vulnerability that originates from improper access control in /cgi-bin/CliniNET.prd/GetActiveSessions.pl, which can be exploited by an attacker to gain unauthorized access ...

9.4CVSS6.8AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•8 views

CGM CLININET SQL Injection Vulnerability (CNVD-2025-19810)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of the UserID parameter of the getUserInfo function against external input SQL statements. An attacker can exploit this...

9.4CVSS8.1AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/08/29 12:0 a.m.•3 views

Apartment Management System visitor_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/visitorinfo.php. An attacker can exploit this...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References1
Total number of security vulnerabilities131179