131179 matches found
Apartment Management System utility_bill_setup.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtGasBill in the file /setting/utilitybillsetup.php. An attacker can...
QNAP Qsync Central Null Pointer Dereference Vulnerability (CNVD-2025-23638)
QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A null pointer dereference vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to cause a deni...
WordPress Solwin Blog Designer PRO plugin file inclusion vulnerability
WordPress Solwin Blog Designer PRO plugin is a WordPress plugin, mainly used for customizing the design of blog pages, without coding to achieve a variety of style adjustments. A file inclusion vulnerability exists in the WordPress Solwin Blog Designer PRO plugin, which stems from not effectively...
QNAP Qsync Central SQL Injection Vulnerability (CNVD-2025-23620)
QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A SQL injection vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to execute unauthorized co...
QNAP Qsync Central Unlimited Resource Allocation Vulnerability
QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. An unrestricted resource allocation vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to...
Sports Management System /login.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates in the /login.php file that does not securely filter the User parameter. An attacker can exploit this vulnerability by constructing malicious SQL statements...
Tenda AC10 Stack Buffer Overflow Vulnerability
Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the getparentControllistInfo function fails to correctly valida...
Apartment Management System bill_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/billinfo.php. An attacker can exploit this vulnerability...
WordPress bidorbuy Store Integrator plugin code injection vulnerability
WordPress bidorbuy Store Integrator plugin is a plugin for integrating WordPress websites with the Bidorbuy e-commerce platform, allowing users to quickly synchronize products to the Bidorbuy platform and automatically update product information. The WordPress bidorbuy Store Integrator plugin...
WordPress BetPress plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress BetPress plugin suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming...
WordPress Plugin AutoWP Access Control Break Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin AutoWP, which stems from a lac...
WordPress Plugin ATT YouTube Widget Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin ATT YouTube Widget, no detaile...
WordPress Plugin Advance Food Menu Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Advance Food Menu has a cross-site scripting vulnerability, the vulnerability stems fro...
WordPress Plugin Ajax Search Lite Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Ajax Search Lite has an information disclosure vulnerability, the vulnerability stems...
Tenda AC10 R7WebsSecurityHandler function stack buffer overflow vulnerability
Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the R7WebsSecurityHandler function in the Password parameter...
Tenda AC10 Improper Access Control Vulnerability
Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an improper access control vulnerability, which originates from improper access control of the /goform/ate endpoint, and c...
Apartment Management System unit_status_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter usid in the file /report/unitstatusinfo.php. An attacker can exploit...
WordPress Plugin Beaver Builder Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Beaver Builder has a cross-site scripting vulnerability that can be exploited by an...
Apartment Management System complain_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/complaininfo.php. An attacker can exploit this...
WordPress Plugin All Bootstrap Blocks Access Control Break Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin All Bootstrap Blocks, which...
TOTOLINK X2000R Use of Default Credentials Vulnerability
TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics TOTOLINK, which supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion. The TOTOLINK X2000R suffers from a Use Default Credentials vulnerability, which originates from an unknown functi...
Tenda AC10 sub_46284C Function Stack Buffer Overflow Vulnerability
Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 has a stack buffer overflow vulnerability, the vulnerability stems from the security5g parameter in the sub46284C function fails to...
WordPress plugin Add Code To Head cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Code To Head exists cross-site scripting vulnerability, the vulnerability stems fro...
IBM Watson Studio on Cloud Pak for Data Cross-Site Scripting Vulnerability
IBM Watson Studio on Cloud Pak for Data is an intelligent search and text analytics platform from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Watson Studio on Cloud Pak for Data versions 4.0 and 5.0, which stems from the application's lack of effective...
WordPress Plugin B Slider Access Control Break Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in WordPress plugin B Slider, which stems from a lack ...
Tenda AC10 Elevation of Privilege Vulnerability
Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an elevation of privilege vulnerability, which stems from an ate service input validation flaw that results in elevation t...
Apartment Management System addvisitor.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /visitor/addvisitor.php. An attacker can exploit this...
CGM CLININET SQL Injection Vulnerability (CNVD-2025-19811)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the UserID parameter of the OpenReportWindow.pl file. An attacker can exploit this...
Apartment Management System addbranch.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /branch/addbranch.php. An attacker can exploit this...
Unspecified vulnerability in CGM CLININET (CNVD-2025-19818)
CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET, which can be exploited by attackers to gain unauthorized access to sensitive information...
DELL ThinOS 10 Parameter Injection Vulnerability
DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from a parameter injection vulnerability that stems from improper parameter delimiter...
CGM CLININET Information Disclosure Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. An information disclosure vulnerability exists in CGM CLININET. The vulnerability stems from a configuration file that contains database login information and can be read by a local user, which can be exploited by an...
Apartment Management System rented_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter rsid in the file /report/rentedinfo.php. An attacker can exploit this...
Unspecified Vulnerability in CGM CLININET
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET has a security vulnerability that can be exploited by attackers to potentially cause information leakage...
CGM CLININET Access Control Error Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an Access Control Error vulnerability that originates from improper access control in the /cgi-bin/CliniNET.prd/utils/dblogstat.pl endpoint, which can be exploited by an attacker to gain...
CGM CLININET Code Injection Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...
CGM CLININET SQL Injection Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an SQL injection vulnerability that originates from the lack of validation of the pesel parameter of the getPatientIdentifier function against externally entered SQL statements. An attacker can...
Tenda AC6 fromSetIpMacBind Function Buffer Overflow Vulnerability
Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 suffers from a buffer overflow vulnerability that originates from the list parameter in the...
CGM CLININET Access Control Error Vulnerability (CNVD-2025-19816)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an Access Control Error vulnerability that originates from improper access control in /cgi-bin/CliniNET.prd/utils/userlogxls.pl, which can be exploited by an attacker to gain unauthorized access t...
DELL ThinOS 10 Unauthorized Access Vulnerability
DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from an unauthorized access vulnerability that stems from unvalidated ownership, which can be...
CGM CLININET Cross-Site Scripting Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Death Diagnosis Description field in the Oddzial module, which can be...
CGM CLININET Code Injection Vulnerability (CNVD-2025-19814)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from a system function that fails to properly filter special elements of a constructed code segment. An attacker can exploit this vulnerability to execute...
CGM CLININET Code Injection Vulnerability (CNVD-2025-19815)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the uhcPrintServerPrint function failing to properly filter special elements of the constructed code segment. An attacker could exploit this...
CGM CLININET Access Control Error Vulnerability (CNVD-2025-19813)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an Access Control Error vulnerability that originates from improper access control in the serverConfig endpoint, which can be exploited by an attacker to gain unauthorized access to sensitive...
CGM CLININET Code Injection Vulnerability (CNVD-2025-19812)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the RunCommand function failing to properly filter the special elements of the constructor code segment. An attacker can exploit this vulnerability t...
CGM CLININET SQL Injection Vulnerability (CNVD-2025-19809)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the getPerfServiceIds function. An attacker can exploit this vulnerability to...
CGM CLININET Trust Management Issue Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a trust management issue vulnerability that stems from the decodeParam function not verifying the signature algorithm, which can be exploited by an attacker to generate arbitrary user sessions...
CGM CLININET Access Control Error Vulnerability (CNVD-2025-19807)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an access control error vulnerability that originates from improper access control in /cgi-bin/CliniNET.prd/GetActiveSessions.pl, which can be exploited by an attacker to gain unauthorized access ...
CGM CLININET SQL Injection Vulnerability (CNVD-2025-19810)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of the UserID parameter of the getUserInfo function against external input SQL statements. An attacker can exploit this...
Apartment Management System visitor_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/visitorinfo.php. An attacker can exploit this...