Lucene search
+L

225 matches found

cnvd
cnvd
added 2025/12/15 12:0 a.m.2 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-30927)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.3 views

Microsoft Word Code Execution Vulnerability (CNVD-2025-30663)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8AI score0.00603EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.9 views

Microsoft Exchange Server Input Validation Error Vulnerability (CNVD-2025-3057284)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A security vulnerability exists in Microsoft Exchange Server. An attacker could exploit the...

7.5CVSS6.7AI score0.01021EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.4 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30654)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...

7.8CVSS8AI score0.00491EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.5 views

Google Android elevation of privilege vulnerability (CNVD-2025-3067712)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause an elevation of physical privileges...

6.8CVSS6.6AI score0.00118EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/08 12:0 a.m.4 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-987341)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
added 2025/12/03 12:0 a.m.3 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976458)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
added 2025/12/03 12:0 a.m.5 views

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30345)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

6.2CVSS6.1AI score0.00182EPSS
Exploits1References1
cnvd
cnvd
added 2025/11/25 12:0 a.m.5 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30132)

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...

4.3CVSS6.8AI score0.00168EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/25 12:0 a.m.7 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30131)

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...

5.3CVSS6.9AI score0.00253EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/25 12:0 a.m.4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-924158)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
added 2025/11/18 12:0 a.m.5 views

D-Link DIR-823G Command Injection Vulnerability (CNVD-2025-30949)

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

5.4CVSS8.3AI score0.01495EPSS
Exploits1References1
cnvd
cnvd
added 2025/11/18 12:0 a.m.12 views

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from insufficient validation of the sysconf binary when...

6.5CVSS7.7AI score0.01017EPSS
Exploits1References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.5 views

ZOHO ManageEngine Exchange reporter Plus cross-site scripting vulnerability (CNVD-2025-29922)

ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...

7.3CVSS6.2AI score0.00478EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28712)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

8.1CVSS6.8AI score0.00251EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

ZOHO ManageEngine OpManager Cross-Site Scripting Vulnerability (CNVD-2025-29925)

ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ZOHO ManageEngine OpManager, no detailed vulnerability details are available at this time...

6.5CVSS6.3AI score0.00413EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29962)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00474EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.7 views

Intel CIP Improper Access Control Vulnerability (CNVD-2025-28482)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an Improper Access Control vulnerability that can be exploited by an attacker to cause information disclosure...

4.4CVSS6.7AI score0.00245EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.6 views

Adobe InDesign Desktop Heap Buffer Overflow Vulnerability (CNVD-2025-28657)

Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

7.8CVSS7.7AI score0.00303EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.10 views

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28643)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

5.5CVSS6.4AI score0.00194EPSS
Exploits0References1
Rows per page
Query Builder