Adobe Commerce Input Validation Error Vulnerability (CNVD-2025-24434)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. An input validation error vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a denial of service...

Siemens Mendix SAML Account Hijacking Vulnerability

Siemens Mendix SAML is an authentication module provided by the Siemens Mendix platform for single sign-on SSO functionality. An account hijacking vulnerability exists in Siemens Mendix SAML, which stems from insufficient signature verification and binding checks, and can be exploited by an...

Tenda AC15 Data Forgery Issue Vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol and is mainly designed for home network environment. Tenda AC15 is vulnerable to a data forgery issue, which stems from insufficient data authenticity...

Adobe Animate Post-Release Reuse Vulnerability

Adobe Animate is a professional 2D animation software developed by Adobe, formerly known as Flash Professional, which supports HTML5, WebGL and other formats, and is widely used in game development, web design and interactive content creation. Adobe Animate suffers from a post-release reuse...

Intel Clock Jitter Tool Elevation of Privilege Vulnerability

Intel Clock Jitter Tool is a clock jitter analysis tool developed by Intel based on mathematical physics methodology. Intel Clock Jitter Tool suffers from an elevation of privilege vulnerability that stems from an uncontrolled search path, which can be exploited by an attacker to cause an elevati...

Intel 800 Series Ethernet Integer Overflow Vulnerability

Intel 800 Series Ethernet is a new generation of high-speed Ethernet technology from Intel that supports 25GbE and 100GbE speeds and is backward compatible with 10GbE. Intel 800 Series Ethernet suffers from an integer overflow vulnerability that stems from an integer overflow or wrap-around error...

WordPress plugin Classified Listing cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting vulnerability exists in WordPress plugin Classified Listing 5.0.0 and earlier...

WordPress Plugin StoryChief File Upload Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin StoryChief file upload vulnerability , the vulnerability stems from the...

Travel Management System /updatepackage.php File SQL Injection Vulnerability

Travel Management System is a travel management system. Travel Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter s1 in file /updatepackage.php. An attacker can exploit this vulnerability to execute...

Adobe Illustrator Out-of-Bounds Write Vulnerability

Adobe Illustrator is an industry-standard vector graphic design software developed by Adobe, mainly used for creating and editing vector graphics, illustrations, logo design, etc., widely used in publishing, multimedia and online image fields. Adobe Illustrator suffers from an out-of-bounds write...

Apache Superset Authorization Problem Vulnerability (CNVD-2025-19101)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper access control on the /explore endpoint, which could be exploited by an attacker to obtain metadata abou...

Dell PowerEdge Platform 14G AMD BIOS Information Disclosure Vulnerability

Dell PowerEdge Platform 14G AMD BIOS is a BIOS system from Dell USA. The Dell PowerEdge Platform 14G AMD BIOS suffers from an information disclosure vulnerability that originates from end-of-buffer memory location access, which can be exploited by an attacker to gain access to internal system...

Intel Xeon Processors Elevation of Privilege Vulnerability (CNVD-2025-21340)

Intel Xeon Processors is a family of processors launched by Intel for the enterprise-class server, workstation, and high-performance computing HPC markets, mainly serving data centers, cloud computing, artificial intelligence, and other areas. Intel Xeon Processors is vulnerable to an elevation o...

Visitor Management System visitor_out.php File SQL Injection Vulnerability

Visitor Management System is a visitor access management system. Visitor Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /visitorout.php. An attacker can exploit this...

Visitor Management System query_data.php File SQL Injection Vulnerability

Visitor Management System is a visitor access management system. Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter dateF/dateP in the file /querydata.php. An attacker can exploit...

Dell SupportAssist for Home PCs Elevation of Privilege Vulnerability

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA that provides automated, proactive and predictive techniques for troubleshooting and more. An elevation of privilege vulnerability exists in Dell SupportAssist for Home PCs, which arises from improper privile...

Hostel Management System hostel_manage.exe File Stack Buffer Overflow Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a stack buffer overflow vulnerability that stems from the parameter uname in the file hostelmanage.exe not properly validating the length of input data, which can be exploited by an attacker to cause a...

Hostel Management System hostel_manage.exe file improper authentication vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from an improper authentication vulnerability that originates from a misbehavior of the file hostelmanage.exe that results in improper authentication, no details of the vulnerability are available at this tim...

WordPress Billplz Addon for Contact Form 7 plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Billplz Addon for Contact Form 7 plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escapin...

WordPress BetterDocs plugin unauthorized access vulnerability

WordPress BetterDocs plugin platform, a plugin, mainly used to create and manage online knowledge base, support document categorization, search, permission settings and other functions. An unauthorized access vulnerability exists in WordPress BetterDocs plugin, which stems from a lack of capabili...

WordPress BaiduXZH Submit plugin cross-site scripting vulnerability

WordPress BaiduXZH Submit plugin is a third-party WordPress plugin, mainly used for automatic submission of website content to Baidu Bear Paw, to achieve rapid inclusion within 24 hours, and support for original protection features. WordPress BaiduXZH Submit plugin has a cross-site scripting...

WordPress B Slider plugin information disclosure vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress B Slider plugin has an information disclosure vulnerability, the vulnerability stems from a sensitive information disclosure in the getactiveplugins function, which ca...

WordPress Assistant for NextGEN Gallery plugin path traversal vulnerability

The WordPress Assistant for NextGEN Gallery plugin is a WordPress plugin that focuses on migrating the image uploading, processing and album management features of NextGEN Gallery from a website/browser to a desktop application running on a more powerful desktop system. The WordPress Assistant fo...

WordPress Anber Elementor Addon plugin cross-site scripting vulnerability (CNVD-2025-19195)

WordPress Anber Elementor Addon plugin is an Elementor plugin extension for WordPress, designed to provide more customization for website design. WordPress Anber Elementor Addon plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering...

WordPress Anber Elementor Addon plugin cross-site scripting vulnerability

WordPress Anber Elementor Addon plugin is an Elementor plugin extension for WordPress, designed to provide more customization for website design. WordPress Anber Elementor Addon plugin suffers from a cross-site scripting vulnerability that stems from insufficient parameter input cleanup, which ca...

WordPress Alobaidi Captcha plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Alobaidi Captcha plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress Alike plugin cross-site scripting vulnerability

WordPress Alike plugin is a WordPress plugin that is mainly used for custom comparison function of articles or posts, supporting any post type or custom type e.g. property, car, etc., adding data presentation through flexible logic generator. WordPress Alike plugin suffers from a cross-site...

WordPress AI Tools plugin missing license vulnerability

WordPress AI Tools plugin is a WordPress plugin based on Artificial Intelligence technology, which is mainly used to optimize website content generation, automate task processing and improve website performance. WordPress AI Tools plugin suffers from a lack of authorization vulnerability, no...

WordPress Advanced iFrame plugin cross-site scripting vulnerability

WordPress Advanced iFrame plugin is a plugin for WordPress platform which is mainly used for embedding iframe content in websites. The WordPress Advanced iFrame plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress Advanced Google Universal Analytics Missing Authorization Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress Advanced Google Universal Analytics, which can be exploited by an attacker to cause access control security levels to b...

WordPress 12 Step Meeting List plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress 12 Step Meeting List plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress plugin Chartify cross-site request forgery vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Chartify 3.5.3 and earlier version...

Intel 700 Series Ethernet Denial of Service Vulnerability (CNVD-2025-19268)

Intel 700 Series Ethernet is a family of high-performance Ethernet controllers from Intel Corporation. A denial of service vulnerability exists in Intel 700 Series Ethernet, which arises from uncontrolled resource consumption and can be exploited by an attacker to cause a denial of service...

Intel 700 Series Ethernet Denial of Service Vulnerability

Intel 700 Series Ethernet is a family of high-performance Ethernet controllers from Intel Corporation. A denial of service vulnerability exists in Intel 700 Series Ethernet, which arises from uncontrolled resource consumption and can be exploited by an attacker to cause a denial of service...

WordPress Plugin CF7 Spreadsheets Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin CF7 Spreadsheets 2.3.2 and prior version...

WordPress Plugin CaptionPix Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin CaptionPix 1.8 and earlier versions, whi...

Intel 700 Series Ethernet Input Validation Error Vulnerability

Intel 700 Series Ethernet is a family of high-performance Ethernet controllers from Intel Corporation. An input validation error vulnerability exists in Intel 700 Series Ethernet, which can be exploited by an attacker to cause an elevation of privilege...

WordPress Plugin Button Block Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Button Block 1.2.0 and prior...

Intel 700 Series Ethernet Elevation of Privilege Vulnerability

Intel 700 Series Ethernet is a family of high-performance Ethernet controllers from Intel Corporation. An elevation of privilege vulnerability exists in Intel 700 Series Ethernet that stems from insufficient control flow management and can be exploited by an attacker to cause an elevation of...

Adobe Substance3D Painter Out-of-Bounds Read Vulnerability

Adobe Substance3D Painter provides real-time 3D texture painting with intelligent material system and physical rendering viewport, supporting 8K resolution material output. An out-of-bounds read vulnerability exists in Adobe Substance3D Painter, which can be exploited by attackers to cause...

WordPress plugin Blogger Buzz cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Blogger Buzz 1.2.6 and previous versions of cross-site scripting vulnerability , the...

WordPress plugin Blocksy cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Blocksy 2.1.6 and previous versions of cross-site scripting vulnerability , the...

WordPress Plugin BizCalendar Web PHP Remote File Inclusion Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin BizCalendar Web 1.1.0.50 and previous versions of the PHP remote file inclusion...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2025-19103)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the chart visualization feature. An attacker could exploit the...

WordPress Plugin Barcode Scanner with Inventory & Order Manager Path Traversal Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress plugin Barcode Scanner with Inventory & Order...

WellChoose Organization Portal System Path Traversal Vulnerability (CNVD-2025-19589)

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. A path traversal vulnerability exists in the WellChoose Organization Portal System, which can be exploited by an attacker to download arbitrary system files, due to a failure of the...

WellChoose Organization Portal System Cross-Site Scripting Vulnerability (CNVD-2025-19588)

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a cross-site scripting vulnerability that originates from the application's lack of effective filtering and escaping of...

WellChoose Organization Portal System Cross-Site Scripting Vulnerability

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. A cross-site scripting vulnerability exists in the WellChoose Organization Portal System that can be exploited by an attacker to execute arbitrary JavaScript code in a user's browser...

D-Link DIR-825 Buffer Overflow Vulnerability

The D-Link DIR-825 is a router from China-based AUO D-Link. The D-Link DIR-825 suffers from a buffer overflow vulnerability that originates from the incorrect operation of the parameter pingipaddr in the file pingresponse.cgi, which can be exploited by an attacker to crash the system by corruptin...

WellChoose Organization Portal System Path Traversal Vulnerability

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a path traversal vulnerability that can be exploited by an attacker to download arbitrary system files...