WordPress Eventin plugin elevation of privilege vulnerability

WordPress Eventin plugin is an event management plugin designed for WordPress that supports event creation, registration, ticketing and calendar synchronization for offline, online and mixed event management. An elevation of privilege vulnerability exists in WordPress Eventin plugin, which stems...

WordPress Advanced Custom Fields Plugin HTML Injection Vulnerability

WordPress Advanced Custom Fields Plugin is a powerful custom fields plugin for WordPress that allows you to add many types of custom fields such as images, checkboxes, files, text, etc. to posts, pages, categories, users, and other objects, and supports exporting to XML or PHP code, and can be...

OpenBao suffers from an unspecified vulnerability (CNVD-2025-18607)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which stems from the TOTP key engine being able to accept valid code multiple times, and no details of the vulnerability are provided at this time...

OpenBao has an unspecified vulnerability (CNVD-2025-18599)

OpenBao is OpenBao open source a sensitive data management software . OpenBao has a security vulnerability that can be exploited by attackers to cause a brute-force crack...

OpenBao has an unspecified vulnerability (CNVD-2025-18598)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao 2.3.1 and earlier versions, which can be exploited by attackers to cause MFA requirements to be bypassed...

OpenBao has an unspecified vulnerability (CNVD-2025-18597)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by attackers to cause elevation of privilege...

Open5GS has an unspecified vulnerability (CNVD-2025-18568)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited by an attacker to cause reachable assertions via the function ngapbuilddownlinknastransport in the...

Open5GS Denial of Service Vulnerability (CNVD-2025-18567)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service via the function gmmstateexception in the file...

WordPress WP Private Content Plus plugin information disclosure vulnerability

WordPress WP Private Content Plus plugin is a WordPress plugin that is mainly used for permission control of website content and supports access restrictions on posts, pages, custom content types, navigation menus, plugins and attachments. WordPress WP Private Content Plus plugin suffers from an...

WordPress Wp chart generator plugin cross-site scripting vulnerability

WordPress Wp chart generator plugin is a plugin for generating charts in WordPress blogs. Users can create multiple charts through the backend admin interface and embed them in posts or pages using the generated shortcode. A cross-site scripting vulnerability exists in the WordPress Wp chart...

WordPress WooCommerce Purchase Orders plugin Arbitrary File Deletion Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress WooCommerce Purchase Orders plugin suffers from an arbitrary file deletion vulnerability that stems from the program failing to properly filter for special element...

WordPress UiCore Elements plugin arbitrary file read vulnerability

WordPress UiCore Elements plugin is a plugin designed for the Elementor page builder to extend its functionality and enhance website design capabilities. An arbitrary file read vulnerability exists in the WordPress UiCore Elements plugin, which stems from the application's inadequate protection o...

WordPress Software Issue Manager plugin cross-site scripting vulnerability

The WordPress Software Issue Manager plugin is a project-based WordPress plugin for tracking software defects, issues, tasks, and product feature requests, with support for customized reporting. The WordPress Software Issue Manager plugin suffers from a cross-site scripting vulnerability that ste...

WordPress Simple Responsive Slider plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Simple Responsive Slider plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

Unspecified Vulnerability in WordPress Simple Local Avatars plugin

WordPress Simple Local Avatars plugin is a WordPress plugin mainly used to allow users to upload and manage local avatars, replacing the default Gravatar service. A security vulnerability exists in the WordPress Simple Local Avatars plugin, which stems from a lack of capability checking, and can ...

GNU libcdio csp_eth_init function buffer overflow vulnerability

GNU libcdio is an American GNU community library for CD-ROM and CD image access. A buffer overflow vulnerability exists in GNU libcdio version 2.0, which stems from the failure of the ifname parameter in the cspethinit function to properly validate the length and size of the input data, and can b...

WordPress WPExperts Post SMTP plugin authentication bypass vulnerability

WordPress WPExperts Post SMTP plugin is a plugin for optimizing the WordPress email sending process. The main features include custom email services, email logging, DNS authentication and OAuth authorization. An authentication bypass vulnerability exists in the WordPress WPExperts Post SMTP plugi...

WordPress The7 plugin cross-site scripting vulnerability

WordPress The7 plugin is a highly customizable WordPress theme. WordPress The7 plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary web...

GNU libopts Buffer Overflow Vulnerability

GNU libopts is a C language library for parsing command line options from the US GNU community. A buffer overflow vulnerability exists in GNU libopts version 27.6 and earlier, which stems from a boundary error in the function strstrsse2 when processing untrusted input. An attacker could exploit...

GNU cflow Buffer Overflow Vulnerability

GNU cflow is a flowchart generator for the US GNU community that reads C source files and generates externally referenced flowcharts. A buffer overflow vulnerability exists in GNU cflow version 1.8 and earlier, which originates from a boundary error when the application handles untrusted input. A...

WordPress RT Easy Builder - Advanced addons for Elementor plugin cross-site scripting vulnerability

WordPress RT Easy Builder - Advanced addons for Elementor plugin is a plugin designed for WordPress websites, mainly used to extend the design features of Elementor pages. The WordPress RT Easy Builder - Advanced addons for Elementor plugin suffers from a cross-site scripting vulnerability that...

WordPress Mosaic Generator plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Mosaic Generator plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

WordPress Inline Stock Quotes plugin cross-site scripting vulnerability

WordPress Inline Stock Quotes plugin is a WordPress plugin that allows users to dynamically insert stock quote information into a post or page via the stock shortcode, supporting real-time updates of stock quotes and dynamic data. WordPress Inline Stock Quotes plugin suffers from a cross-site...

WordPress GMap Generator plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress GMap Generator plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress B Slider - Gutenberg Slider Block for WP plugin code execution vulnerability

WordPress B Slider - Gutenberg Slider Block for WP plugin is a core editor plugin that comes with WordPress and is part of the Gutenberg editor that was introduced in WordPress version 5.9. A code execution vulnerability exists in WordPress B Slider- Gutenberg Slider Block for WP plugin, which...

WordPress B Blocks plugin missing authorization vulnerability

WordPress B Blocks plugin is a Gutenberg plugin for WordPress to enhance page editing features. It provides a variety of beautiful blocks such as buttons, sliders, etc., supports highly customizable designs such as fonts, colors, spacing, etc., and includes pre-designed themes and icon libraries...

WordPress AnWP Football Leagues plugin code execution vulnerability

WordPress AnWP Football Leagues plugin is designed for WordPress website soccer tournament management plugin, support a variety of tournament modes such as knockout, round-robin, etc., including player data management, scheduling, match results statistics and other features. A code execution...

Microsoft Word Code Execution Vulnerability (CNVD-2025-18826)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. Microsoft Word Code Execution Vulnerability, the vulnerability is caused due to incorrect conversion between number types. An attacker could exploit this vulnerability to execute arbitrary co...

Microsoft Office Code Execution Vulnerability (CNVD-2025-18818)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which is caused due to a heap buffer overflow wh...

Microsoft Word Code Execution Vulnerability (CNVD-2025-18817)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which is caused due to a post-release usage error when opening a specially crafted file. An attacker could exploit this vulnerability ...

Google Chrome Heap Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability due to improper boundary checking by libaom. An attacker can exploit the vulnerability to overflow a buffer, which can be used to execute arbitrary code on the system o...

Adobe InDesign Desktop Out-of-Bounds Read Vulnerability (CNVD-2025-19247)

Adobe InDesign Desktop is a desktop publishing DTP application developed by Adobe, mainly used for typographic editing of printed materials, supporting the creation of books, magazines, posters, flyers and other printed materials. Adobe InDesign Desktop suffers from an out-of-bounds read...

Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2025-19244)

Adobe InDesign Desktop is a desktop publishing DTP application developed by Adobe, mainly used for typographic editing of printed materials, supporting the creation of books, magazines, posters, flyers and other printed materials. A buffer overflow vulnerability exists in Adobe InDesign Desktop,...

Adobe InCopy Out-of-Bounds Write Vulnerability (CNVD-2025-18937)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code on the system or cause the application to crash...

Adobe InCopy Out-of-Bounds Write Vulnerability (CNVD-2025-18935)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code on the system or cause the application to crash...

Adobe InCopy Out-of-Bounds Write Vulnerability (CNVD-2025-18934)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code on the system or cause the application to crash...

Adobe InCopy Heap Buffer Overflow Vulnerability (CNVD-2025-18932)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Adobe InDesign Desktop Out-of-Bounds Read Vulnerability (CNVD-2025-19764)

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from an out-of-bounds read vulnerability that can be exploited ...

Adobe InDesign Desktop Out-of-Bounds Read Vulnerability

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from an out-of-bounds read vulnerability that can be exploited ...

Adobe InDesign Desktop Out-of-Bounds Write Vulnerability (CNVD-2025-19628)

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from an out-of-bounds write vulnerability that can be exploited...

WordPress GiveWP plugin information disclosure vulnerability

WordPress GiveWP plugin is an open source online donation system plugin , mainly used to help websites to achieve online fundraising functions , support from simple buttons to complex platforms for multi-dimensional needs . WordPress GiveWP plugin suffers from an information disclosure...

Adobe InDesign Desktop Out-of-Bounds Write Vulnerability

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from an out-of-bounds write vulnerability that can be exploited...

Open5GS Denial of Service Vulnerability (CNVD-2025-18545)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by an attacker to cause a denial of service via the functions gmmstatederegistered/gmmstateexception in the file...

Google Chrome Security Bypass Vulnerability (CNVD-2025-24505)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...

Open5GS Denial of Service Vulnerability (CNVD-2025-18544)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a denial of service vulnerability that can be exploited by an attacker to cause a denial of service via the function...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21447)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause an editorial subscription...

Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2025-19241)

Adobe InDesign Desktop is a desktop publishing DTP application developed by Adobe, mainly used for typographic editing of printed materials, supporting the creation of books, magazines, posters, flyers and other printed materials. A buffer overflow vulnerability exists in Adobe InDesign Desktop,...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-18824)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Open5GS Denial of Service Vulnerability (CNVD-2025-18569)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which can be exploited by an attacker to deny service...

Microsoft SharePoint Elevation of Privilege Vulnerability (CNVD-2025-24452)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An elevation of...