WordPress Service Finder Bookings plugin elevation of privilege vulnerability

WordPress Service Finder Bookings plugin is a booking management tool designed for WooCommerce to automate the process of converting common products into bookable services. An elevation of privilege vulnerability exists in the WordPress Service Finder Bookings plugin, which stems from an...

WordPress NinjaScanner plugin file path validation deficiency vulnerability

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

WordPress HT Mega - Absolute Addons For Elementor plugin Information Disclosure Vulnerability

WordPress HT Mega - Absolute Addons For Elementor plugin is an Elementor page builder plugin designed specifically for WordPress, offering over 100 custom widgets, 360+ preset modules, and multiple templates for blogs, sliders , collapsible menus and other page elements. A vulnerability exists in...

WordPress Blockspare plugin cross-site scripting vulnerability

WordPress Blockspare plugin is a visual page builder plugin for WordPress that focuses on simplifying the website building process through drag and drop operations. WordPress Blockspare plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress All in One Time Clock Lite plugin cross-site scripting vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

AUO DIR-605L Buffer Overflow Vulnerability

The AUO DIR-605L is the first cloud router from AUO designed for home and small office networks. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the insecure use of sprintf when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogi...

D-Link DI-8200 yyxz_dlink_asp function buffer overflow vulnerability

D-Link DI8200 is an Internet behavior management router designed by D-Link for small and medium-sized network environments, which supports multi-line bandwidth overlay, PPPoE authentication billing, and intelligent traffic control. D-Link DI8200 suffers from a buffer overflow vulnerability, which...

D-Link DI-8200 ipsec_road_asp function buffer overflow vulnerability

D-Link DI8200 is an Internet behavior management router designed by D-Link for small and medium-sized network environments, which supports multi-line bandwidth overlay, PPPoE authentication billing, and intelligent traffic control. The D-Link DI8200 suffers from a buffer overflow vulnerability,...

D-Link DI-8200 ipsec_net_asp function buffer overflow vulnerability

D-Link DI8200 is an Internet behavior management router designed by D-Link for small and medium-sized network environments, which supports multi-line bandwidth overlay, PPPoE authentication billing, and intelligent traffic control. The D-Link DI8200 suffers from a buffer overflow vulnerability th...

WordPress Sina Extension for Elementor Plugin Cross-Site Scripting Vulnerability

WordPress Sina Extension for Elementor Plugin is a visual editor extension plugin for the WordPress platform, designed for Elementor page builder, providing rich feature modules and layout tools to help users quickly build professional web pages. WordPress Sina Extension for Elementor Plugin...

Unspecified Vulnerability in NVIDIA GPU Display Driver (CNVD-2025-21194)

NVIDIA GPU Display Driver is a driver software from NVIDIA for interactive support of graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver, which can be exploited by attackers to potentially cause a denial of service...

Unspecified Vulnerability in NVIDIA GPU Display Driver (CNVD-2025-21193)

NVIDIA GPU Display Driver is a driver software from NVIDIA for interactive support of graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver, which can be exploited by attackers to potentially cause code execution, denial of service,...

NVIDIA GPU Display Driver Information Disclosure Vulnerability

NVIDIA GPU Display Driver is a display driver from NVIDIA. A security vulnerability exists in NVIDIA GPU Display Driver, which can be exploited by attackers to potentially cause an information leak...

Unspecified Vulnerability in NVIDIA GPU Display Driver (CNVD-2025-21191)

NVIDIA GPU Display Driver is a display driver from NVIDIA. A security vulnerability exists in NVIDIA GPU Display Driver, which can be exploited by attackers to potentially cause an information leak...

Unspecified Vulnerability in NVIDIA GPU Display Driver (CNVD-2025-21190)

NVIDIA GPU Display Driver is a display driver from NVIDIA. A security vulnerability exists in NVIDIA GPU Display Driver, which can be exploited by attackers to potentially cause an information leak...

Unspecified Vulnerability in NVIDIA GPU Display Driver (CNVD-2025-21184)

NVIDIA GPU Display Driver is a display driver from NVIDIA. The NVIDIA GPU Display Driver contains a security vulnerability that can be exploited by attackers to potentially cause code execution, denial of service, elevation of privilege, information disclosure, or data manipulation...

Unspecified Vulnerability in NVIDIA GPU Display Driver (CNVD-2025-21183)

NVIDIA GPU Display Driver is a display driver from NVIDIA. The NVIDIA GPU Display Driver contains a security vulnerability that can be exploited by attackers to potentially cause elevation of privilege, code execution, information disclosure, denial of service, or data manipulation...

Unspecified Vulnerability in NVIDIA GPU Display Driver

NVIDIA GPU Display Driver is a display driver from NVIDIA. The NVIDIA GPU Display Driver contains a security vulnerability that can be exploited by attackers to potentially cause elevation of privilege, denial of service, code execution, information disclosure, and data tampering...

Alpine iLX-507 Command Injection Vulnerability (CNVD-2025-20812)

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a command injection vulnerability that can be exploited by an attacker to execute code in the context of the device...

Vehicle Management addcompany.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter company in the file /addcompany.php. An attacker can exploit this vulnerability to execute...

Alpine iLX-507 Stack Buffer Overflow Vulnerability

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in a root context...

Online Medicine Guide pharsignup.php File SQL Injection Vulnerability

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter phuname in the file /pharsignup.php. The vulnerability can be exploited by an attacker to...

Vehicle Management print.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter sno in the file /print.php. An attacker can exploit this vulnerability to execute illegal S...

WordPress AI Engine plugin code execution vulnerability

WordPress AI Engine plugin is a WordPress plugin that integrates artificial intelligence features, providing chatbots, content generation, image generation and other features, supporting docking with OpenAI and other platforms. WordPress AI Engine plugin has a code execution vulnerability that...

Alpine iLX-507 Input Validation Error Vulnerability

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from an input validation error vulnerability, which stems from improper validation of the TIDAL music streaming application credentials, that can be exploited by an attacker to execute arbitrary code in the ro...

WordPress HT Mega plugin has unspecified vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress, offering over 100 custom widgets, 360+ preset modules, and a variety of templates for blogs, sliders, collapsible menus, and other page elements. A security vulnerability exists in WordPress HT Mega plugin, which...

WordPress IDonate plugin unauthorized access vulnerability

WordPress IDonate plugin is a WordPress plugin designed for blood donation management, mainly used to create blood donation related website features. An unauthorized access vulnerability exists in WordPress IDonate plugin, which stems from the application's inadequate protection of sensitive...

Apache JSPWiki Image plugin cross-site scripting vulnerability

Apache JSPWiki is the United States Apache Apache Foundation of a Java, Servlet and JSP-based open source WikiWiki engine to build . A cross-site scripting vulnerability exists in the Apache JSPWiki Image plugin, which can be exploited by an attacker to execute javascript in the victim's browser...

Alpine iLX-507 Stack Buffer Overflow Vulnerability (CNVD-2025-20811)

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in a root context...

Exam Form Submission update_s5.php file SQL injection vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter credits in file /admin/updates5.php. An attacker can exploit this vulnerability to execute illegal SQL...

WordPress Service Finder SMS System plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Service Finder SMS System plugin that originates from an account takeover and can be exploited by an attacker to...

Online Admission System viewdoc.php File SQL Injection Vulnerability

Online Admission System is an online admission system. The Online Admission System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID in the file /viewdoc.php. An attacker can exploit this vulnerability to...

1Panel Command Injection Vulnerability

1Panel is an open source Linux server operation and maintenance management panel of the Chinese 1Panel community . 1Panel suffers from a command injection vulnerability that stems from incomplete certificate validation, which can be exploited by an attacker to cause remote code execution...

GNU GRUB Buffer Overflow Vulnerability (CNVD-2025-17795)

GNU GRUB is a Linux system boot program from the GNU community. A buffer error vulnerability exists in GNU GRUB, which originates in the grub-core/gettext module, where the system does not properly limit the size of the data, and can be exploited by an attacker to run arbitrary code in the contex...

DELL Client Platform BIOS Weak Authentication Vulnerability

The DELL Client Platform BIOS is a BIOS system developed by Dell for its client devices e.g., laptops, desktops, etc.. The DELL Client Platform BIOS has a weak authentication vulnerability that can be exploited by an attacker to elevate privileges...

GNU GRUB Out-of-Bounds Write Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from an out-of-bounds write vulnerability, which stems from an unvalidated UFS symbolic link length, that can be exploited by attackers to inject malicious code and tamper with critical data in memory...

GNU GRUB Resource Management Error Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. A resource management error vulnerability exists in GNU GRUB, which originates from a module uninstallation without clearing hooks, and can be exploited by an attacker to initiate a large number of requests, consuming system resource...

Human Resource Integrated System action.php File Cross-Site Scripting Vulnerability

Human Resource Integrated System is a human resource management system. A cross-site scripting vulnerability exists in Human Resource Integrated System, which originates from the unspecified parameter content not being security filtered in the /insert-and-view/action.php file. An attacker could...

Vehicle Management edit1.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter sno in the file /edit1.php. An attacker can exploit this vulnerability to execute illegal S...

Vehicle Management /filter3.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from an SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the parameter company in file /filter3.php. An attacker can exploit this vulnerability to execute illega...

WordPress Smart Slider plugin SQL Injection Vulnerability

WordPress Smart Slider plugin is a powerful WordPress plugin that is mainly used to create responsive slideshows/sliders that support images, videos, posts and other forms of content presentation. WordPress Smart Slider plugin suffers from a SQL injection vulnerability that stems from the...

IBM Aspera Faspex Access Control Error Vulnerability

IBM Aspera Faspex is IBM's high-performance file transfer solution designed for fast, secure transfer of large-volume data. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12.1, which originates from a client not properly implementing server-side security mechanism...

Exam Form Submission delete_s7.php file SQL injection vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter ID in file /admin/deletes7.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

Online Farm System categoryvalue.php File SQL Injection Vulnerability

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Value in the file /categoryvalue.php. The vulnerability can be exploited by an attacker to...

Online Farm System register.php File SQL Injection Vulnerability

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Username in the file /register.php. An attacker can exploit this vulnerability to execute...

Apple macOS Sequoia has an unspecified vulnerability (CNVD-2025-18408)

Apple macOS Sequoia is an operating system from the American company Apple Apple. A security vulnerability exists in Apple macOS Sequoia, which can be exploited by an attacker to cause a sandboxed process to bypass sandboxing restrictions...

Exam Form Submission /register.php File SQL Injection Vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter USN in the file /register.php. An attacker can exploit this vulnerability to execute illegal SQL...

Unspecified Vulnerability in Apple macOS (CNVD-2025-18450)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A security vulnerability exists in Apple macOS, which can be exploited by an attacker to modify protected portions of the file system...

Unspecified Vulnerability in Apple macOS (CNVD-2025-22274)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that can be exploited by an attacker to break through sandbox restrictions...

GLPI Privilege License and Access Control Issues Vulnerability (CNVD-2025-17791)

GLPI is a free asset and IT management software suite that provides ITIL service desk functionality, license tracking and software auditing. A security vulnerability exists in GLPI versions 9.1.0 through 10.0.18, which stems from a failure to perform privilege checks on specific resource deletion...