Lucene search
K

43 matches found

CNVD
CNVD
added 2025/11/14 12:0 a.m.4 views

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28712)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

8.1CVSS6.8AI score0.00222EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/15 12:0 a.m.4 views

QNAP Qsync Central Unlimited Resource Allocation Vulnerability (CNVD-2025-30289)

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...

7.1CVSS6.9AI score0.0034EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/19 12:0 a.m.4 views

NVIDIA Triton Inference Server Input Validation Error Vulnerability

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from an input validation error vulnerability that originates from loading a misconfigured model, whi...

7.5CVSS6.7AI score0.00322EPSS
Exploits0References1
CNVD
CNVD
added 2025/06/11 12:0 a.m.2 views

Dairy Farm Shop Management System /add-company.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter companyname in the file...

9.8CVSS7.9AI score0.00498EPSS
Exploits1References1
CNVD
CNVD
added 2024/07/12 12:0 a.m.5 views

NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37585)

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

6.1CVSS6.1AI score0.004EPSS
Exploits1References1
CNVD
CNVD
added 2024/03/05 12:0 a.m.21 views

IBM QRadar WinCollect Agent Resource Management Error Vulnerability

IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM for collecting and sending Windows event logs. A resource management error vulnerability exists in IBM QRadar WinCollect Agent that stems from vulnerability to server-side request forgery attacks. No detailed...

4.4CVSS4.6AI score0.00169EPSS
Exploits0References1
CNVD
CNVD
added 2024/01/11 12:0 a.m.10 views

GTKWave Code Execution Vulnerability (CNVD-2024-37208)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in gtkwave Files version 3.3.118, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

7.8CVSS7.2AI score0.00414EPSS
Exploits1References1
CNVD
CNVD
added 2023/11/30 12:0 a.m.20 views

Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...

7.9CVSS5.9AI score0.01212EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/06 12:0 a.m.33 views

Google Chrome Code Execution Vulnerability (CNVD-2023-63464)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by use after release in Blink Task Scheduling. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to...

8.8CVSS7.9AI score0.0112EPSS
Exploits0References1
CNVD
CNVD
added 2023/07/12 12:0 a.m.20 views

IBM DB2 Denial of Service Vulnerability (CNVD-2023-64878)

IBM DB2 Denial of Service Vulnerability CNVD-2023-64879...

7.5CVSS6.8AI score0.01129EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/07 12:0 a.m.5 views

Zammad Access Control Error Vulnerability (CNVD-2023-97829)

Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad version v5.3.0, which stems from an improper access control error in the component /api/v1/mentions, and can be exploited by an authenticated attacker with proxy...

4.3CVSS6.2AI score0.00496EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.21 views

lettersanitizer Denial of Service Vulnerability

lettersanitizer is a DOM-based HTML email cleaner for in-browser email rendering. A denial of service vulnerability exists in lettersanitizer versions prior to 1.0.2. The vulnerability stems from a failure to properly handle incoming error messages and can be exploited by an attacker to cause a...

7.5CVSS7.2AI score0.01383EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.24 views

todo-regex denial of service vulnerability

todo-regex is a regular expression used to match TODO statements in strings. todo-regex v0.1.1 is vulnerable to denial of service, which can be exploited by attackers to cause a denial of service when matching carefully crafted invalid TODO statements...

7.5CVSS5AI score0.00979EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.28 views

Tenda G1 and G3 Buffer Overflow Vulnerability (CNVD-2022-16179)

The Tenda G1 and G3 are routers from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda G1 and G3, which can be exploited by an attacker to cause a denial of service via the manualTime parameter...

7.8CVSS7.5AI score0.01175EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.19 views

JerryScript js-scanner-util.c denial-of-service vulnerability

JerryScript, a lightweight JavaScript engine from the JerryScript project, has a denial-of-service vulnerability in version 3.0.0, which stems from an assertion failure in /jerry-core/parser/js/js-scanner-util.c. An attacker could use this vulnerability to launch a denial of service...

5.5CVSS2.9AI score0.0077EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.15 views

JerryScript ecma-helpers-value.c denial-of-service vulnerability

JerryScript, a lightweight JavaScript engine from the JerryScript project, has a denial-of-service vulnerability in version 3.0.0, which stems from a failed assertion in /jerry-core/ecma/base/ecma-helpers-value.c , an attacker could use this vulnerability to launch a denial of service...

5.5CVSS3AI score0.00621EPSS
Exploits1References1
CNVD
CNVD
added 2021/11/22 12:0 a.m.30 views

Wireshark null pointer dereference vulnerability (CNVD-2021-90092)

Wireshark is a network packet analysis software. Wireshark uses WinPCAP as an interface to exchange data packets directly with the network card.A null pointer dereference vulnerability exists in the IPPUSB parser in Wireshark versions 3.4.0 - 3.4.9. An attacker could exploit this vulnerability to...

7.5CVSS4.3AI score0.01516EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/07 12:0 a.m.8 views

GitLab Access Control Error Vulnerability (CNVD-2021-49056)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An Access Control Error vulnerability exists in GitLab...

6.5CVSS6.2AI score0.00922EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/23 12:0 a.m.8 views

Unauthorized Access Vulnerability in MX-M362N at Sharp Trading (China) Co.

The MX-M362N is a digital composite printer from Sharp Trading China Co. An unauthorized access vulnerability exists in the Sharp Trading China Ltd MX-M362N, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/06/18 12:0 a.m.15 views

CAJViewer 7.3 suffers from a binary vulnerability (CNVD-2021-45253)

CAJViewer 7.3 is a specialized full-text format viewer for China Journal Network CJN, which supports CJN's TEB, CAJ, NH, KDH and PDF format files. A binary vulnerability exists in CAJViewer 7.3, which can be exploited by attackers to cause a denial of service...

7AI score
Exploits0
Rows per page
Query Builder