Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/08/30 12:0 a.m.•62 views

Tenda AC1206 Buffer Overflow Vulnerability

Tenda AC1206 is a wireless pass-through gigabit router from Tenda, China. tenda AC1206 V15.03.06.23 is vulnerable to a buffer overflow vulnerability caused by improper boundary checking of the fromAddressNat function. An attacker could exploit this vulnerability to overflow the buffer and execute...

9.8CVSS4.3AI score0.01013EPSS
Exploits1References1
CNVD
CNVD
•added 2022/05/07 12:0 a.m.•62 views

QEMU Resource Management Error Vulnerability (CNVD-2022-84160)

QEMU Quick Emulator is a set of emulation processor software by Fabrice Bellard, a French personal developer. A denial of service vulnerability exists in versions prior to QEMU 7.0.0, which stems from EHCI's failure to verify that the buffer pointer overlaps with its MMIO region when transferring...

8.2CVSS4.9AI score0.0053EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/17 12:0 a.m.•62 views

Lychee Cross-Site Scripting Vulnerability

Lychee is a beautiful and easy to use photo management system open sourced by The Lychee Organisation. Lychee has a cross-site scripting vulnerability, and no details of the vulnerability are available...

6.1CVSS1.3AI score0.00851EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/30 12:0 a.m.•62 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-21492)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by local users to gain unauthorized access to certain data...

4.4CVSS3.7AI score0.00515EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/18 12:0 a.m.•62 views

Linux kernel buffer overflow vulnerability (CNVD-2021-92971)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.15.2 and earlier versions have a security vulnerability that can be exploited by an attacker who can introduce a specially crafted device to trigger an out-of-bounds write via a specially...

6.7CVSS4.5AI score0.00513EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•62 views

libde265 Stack Buffer Overflow Vulnerability (CNVD-2021-78433)

libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a stack buffer overflow vulnerability in the putqpelfallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...

6.5CVSS5.9AI score0.01019EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•62 views

Adobe Premiere Elements Memory Out-of-Bounds Access Vulnerability (NVD-C-2021-277709)

Adobe Premiere Elements is a video editing software application. 2021 build 19.0 and earlier versions of Adobe Premiere Elements contain a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...

9.3CVSS6.8AI score0.01646EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/06/17 12:0 a.m.•62 views

Mozilla Thunderbird Permissions and Access Control Issues Vulnerability

Mozilla Thunderbird is an open source email client. Mozilla Thunderbird is vulnerable to permission permission and access control issues, which stem from the way Mozilla maintenance services are installed on the Windows operating system. No detailed vulnerability details are currently available...

6.5CVSS3AI score0.01852EPSS
Exploits0References1
CNVD
CNVD
•added 2016/01/13 12:0 a.m.•62 views

Multiple SQL Injection Vulnerabilities in mccart.xls Bitrix Module

Multiple SQL injection vulnerabilities exist in the mccart.xls Bitrix module. Multiple SQL injection vulnerabilities exist in the Bitrix module due to the "xlsprofile" HTTP GET parameter passed to the "/bitrix/admin/mcartxlsimport.php" script; the "/bitrix/admin/mcartxlsimport.php" script; the...

8CVSS8.4AI score0.02731EPSS
Exploits5References1
CNVD
CNVD
•added 2024/02/01 12:0 a.m.•61 views

Arbitrary File Read Vulnerability in Yonghong One-Stop Big Data BI Platform of Beijing Yonghong Business Intelligence Technology Co.

Yonghong One-Stop Big Data BI Platform is a one-stop big data analysis platform. Beijing Yonghong Business Intelligence Technology Co., Ltd. Yonghong One-Stop Big Data BI Platform suffers from an arbitrary file read vulnerability, which can be exploited by attackers to obtain sensitive informatio...

6.9AI score
Exploits0
CNVD
CNVD
•added 2023/07/20 12:0 a.m.•61 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65501)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server version 8.0.33 and prior versions, which can be exploited by attackers to cause MySQL Server to hang or crash frequently and repeatedly...

4.4CVSS6.3AI score0.01485EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/20 12:0 a.m.•61 views

Adobe Photoshop out-of-bounds read vulnerability (CNVD-2023-13727)

Adobe Photoshop is a set of image processing software from Adobe. Adobe Photoshop has an out-of-bounds read vulnerability that can be exploited by attackers to cause sensitive memory leaks...

5.5CVSS3.9AI score0.00325EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•61 views

Delta Electronics DIAScreen Buffer Overflow Vulnerability (CNVD-2023-08070)

A buffer overflow vulnerability exists in Delta Electronics DIAScreen 1.2.1.23 and prior versions, which is caused by an improperly restricted operation in memory. The vulnerability is caused by an improperly restricted operation in memory, resulting in a buffer overflow that can be exploited to...

7.8CVSS6.4AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•61 views

Adobe ColdFusion input validation error vulnerability

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. Adobe ColdFusion is vulnerable to an input validation error that could be exploited by an attacker to cause arbitrary file system reads...

7.5CVSS2.7AI score0.33841EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/09 12:0 a.m.•61 views

LibreNMS Command Injection Vulnerability (CNVD-2022-91160)

LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. LibreNMS v22.3.0 contains a command injection vulnerability that stems from the failure of the serviceip, hostname and serviceparam parameters to properly filter the construct command special...

9.8CVSS4.7AI score0.01664EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/12 12:0 a.m.•61 views

Microsoft Windows Push Notifications Elevation of Privilege Vulnerability

Microsoft Windows Push Notifications is a push notification service from Microsoft Corporation USA. It provides a reliable way to deliver new updates.Microsoft Windows Push Notifications suffers from an elevation of privilege vulnerability. The vulnerability stems from improper handling of...

7CVSS3.4AI score0.00686EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/14 12:0 a.m.•61 views

Tp-link Tapo C200 Command Injection Vulnerability

A command injection vulnerability exists in Tp-link Tapo C200 1.1.15 and previous firmware versions, which is caused by the presence of a uhttpd binary file that runs as root by default and lacks filtering and escaping. An unauthenticated attacker could use this vulnerability to execute system...

10CVSS4.3AI score0.72185EPSS
Exploits10References1
CNVD
CNVD
•added 2022/02/10 12:0 a.m.•61 views

WordPress WOOF plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress WOOF plugin has a cross-site scripting vulnerability in versions prior to 1.2.6.3, which stems from the lack of escaping of woofredrawelements and can be exploited by attackers to...

6.1CVSS2.8AI score0.01651EPSS
Exploits2References1
CNVD
CNVD
•added 2022/02/09 12:0 a.m.•61 views

Google Tensorflow code issue vulnerability (CNVD-2022-09866)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...

7.5CVSS7.4AI score0.0087EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/22 12:0 a.m.•61 views

Gallagher Command Centre Server incorrect certificate validation vulnerability

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings.Gallagher Command Centre Server has a security vulnerability that stems from incorrect certificate validation in the SMTP client, which could be exploited by an...

8.1CVSS2.7AI score0.00385EPSS
Exploits0References1
CNVD
CNVD
•added 2019/04/03 12:0 a.m.•61 views

Apache HTTP Server Remote Vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation of an open source web server . A remote vulnerability exists in Apache HTTP Server. An attacker can exploit the vulnerability to perform unauthorized operations...

5.3CVSS9.5AI score0.1786EPSS
Exploits0References1
CNVD
CNVD
•added 2017/11/27 12:0 a.m.•61 views

CS-Cart administration section file upload vulnerability

CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions, customized promotional strategies, product filtering definitions, etc. The administration section is one of the management components. A file upload...

9CVSS7.4AI score0.01938EPSS
Exploits3References1
CNVD
CNVD
•added 2017/06/21 12:0 a.m.•61 views

Python Tablib Arbitrary Command Execution Vulnerability

Tablib is a Python library related to tabular format data that allows importing, exporting, and managing tabular format data. An arbitrary command execution vulnerability exists in Python Tablib version 0.11.4, which allows an attacker to execute arbitrary script code in the context of an affecte...

9.8CVSS7.8AI score0.0487EPSS
Exploits2References1
CNVD
CNVD
•added 2016/11/16 12:0 a.m.•61 views

Apache Tika Remote Code Execution Vulnerability

Apache Tika is the United States Apache Apache Software Foundation, an integrated POI using Java programs to provide read and write Microsoft Office format documents open-source library, Pdfbox read and create PDF documents pure Java class library and for text extraction work provides a unified...

9.8CVSS8.3AI score0.0809EPSS
Exploits2References1
CNVD
CNVD
•added 2016/10/20 12:0 a.m.•61 views

Potrace de-zero error vulnerability

potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A divide-by-zero error vulnerability exists in potrace bitmap.h. A remote attacker can exploit this vulnerabili...

5.5CVSS7.8AI score0.01389EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/05 12:0 a.m.•60 views

SQL Injection Vulnerability in DedeCMS of Shanghai Zhuozhuo Network Technology Company Limited (CNVD-2024-13237)

DedeCMS is the most well-known PHP open source website management system, but also the use of the most users of the PHP class CMS system. Shanghai Zhuozhuo Network Technology Co., Ltd. DedeCMS SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive informatio...

7.9AI score
Exploits0
CNVD
CNVD
•added 2022/12/20 12:0 a.m.•60 views

IBM AIX Denial of Service Vulnerability (CNVD-2023-00810)

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...

6.2CVSS6.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•60 views

Google TensorFlow MirrorPadGrad buffer overflow vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which originates from the "MirrorPadGrad" input "paddings" is too large, an attacker can use this vulnerability to cause a heap memory...

2.2AI score0.0044EPSS
Exploits1Affected Software3
CNVD
CNVD
•added 2022/11/05 12:0 a.m.•60 views

Apache UIMA path traversal vulnerability

Apache UIMA is a component-based software architecture from the Apache Foundation. A path traversal vulnerability exists in Apache UIMA 3.3.0 and earlier, which stems from relative path traversal and can be exploited to create files outside of a specified destination directory using carefully...

7.5CVSS3.5AI score0.01556EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/03 12:0 a.m.•60 views

OpenSSL Remote Code Execution Vulnerability (CNVD-2022-73348)

OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, a protocol implementation based on the Full Strength Common Cryptographic Library used to protect communications on computer networks from eavesdropping and widely used by...

2.9AI score0.9077EPSS
Exploits6Affected Software1
CNVD
CNVD
•added 2022/10/22 12:0 a.m.•60 views

Linux kernel access control error vulnerability (CNVD-2022-74085)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an access control error. A remote attacker could retrieve sensitive information by connecting to a Web-based management interface and requesting URLs...

3AI score0.00277EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•60 views

Moodle Cross-Site Scripting Vulnerability (CNVD-2022-54914)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...

6.1CVSS1.9AI score0.03747EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•60 views

Agile Point SQL Injection Vulnerability

Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...

8.8CVSS9AI score0.00705EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/27 12:0 a.m.•60 views

Ruijie Networks RG-EG Series Routers SQL Injection Vulnerability (CNVD-2022-66402)

Ruijie RG-EG series gateway EG350 is a Ruijie gateway product. sql injection vulnerability exists in RG-EG series gateway EG350 alarmService.php, which allows remote attackers to submit special SQL requests to manipulate the database and obtain sensitive information or execute arbitrary code. cod...

6.4CVSS6.6AI score0.00827EPSS
Exploits0
CNVD
CNVD
•added 2022/06/15 12:0 a.m.•60 views

Unauthorized Access Vulnerability in Atlassian System dashboard-Jira

Atlassian Jira is a defect tracking management system from Atlassian. The system is mainly used to track and manage all types of issues and defects in the workplace. An unauthorized access vulnerability exists in Atlassian System dashboard-Jira, which can be exploited by an attacker to obtain...

5.3CVSS5.3AI score0.99999EPSS
Exploits6
CNVD
CNVD
•added 2022/06/15 12:0 a.m.•60 views

WordPress Member Hero plugin code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

9.8CVSS9.6AI score0.09105EPSS
Exploits2References1
CNVD
CNVD
•added 2022/03/08 12:0 a.m.•60 views

D-Link DIR850 ET850-1.08TRb03 has an unspecified vulnerability

D-Link DIR850 ET850-1.08TRb03 is a router from DLink.A security vulnerability exists in the D-Link DIR850 ET850-1.08TRb03, which stems from the fact that the DLink DIR850 ET850-1.08TRb03 is subject to incorrect access control via URL redirection to an untrusted site vulnerability. No detailed...

6.1CVSS2.8AI score0.15701EPSS
Exploits4References1
CNVD
CNVD
•added 2022/02/18 12:0 a.m.•60 views

Linux kernel denial-of-service vulnerability (CNVD-2022-69195)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel versions prior to 5.16.10 are vulnerable due to a failure to properly validate interface OS descriptor requests in the USB gadget subsystem. A local attacker could exploit this vulnerabilit...

4.9CVSS2.1AI score0.00927EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/14 12:0 a.m.•60 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-47682)

Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android, which originates in GKIgetbuf in gkibuffer.cc. Due to a heap buffer overflow, an out-of-bounds write may exist, and an attacker could use this vulnerability to...

10CVSS4.1AI score0.05927EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/12 12:0 a.m.•60 views

Linux kernel memory overwrite vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory overwrite vulnerability exists in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in Linux kernel...

7.8CVSS7.1AI score0.00358EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•60 views

fig2dev stack buffer overflow vulnerability

fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the readtextobject function in read.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...

5.5CVSS4.4AI score0.00838EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/05 12:0 a.m.•60 views

Liferay Portal and Liferay DXP code issue vulnerability

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

7.5CVSS1.7AI score0.01202EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/30 12:0 a.m.•60 views

Vinades NukeViet CMS SQL Injection Vulnerability

Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...

9.8CVSS6.3AI score0.01583EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•59 views

Linux kernel code issue vulnerability (CNVD-2024-06235)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from vhostnewmsg in drivers/vhost/vhost.c failing to properly initialize memory in messages passed between a...

5.5CVSS6.3AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/29 12:0 a.m.•59 views

Apache Tomcat Open Redirect Vulnerability (CNVD-2023-80565)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. An open redirection vulnerability exists in Apache Tomcat, which stems from the FORM authentication feature not handling target...

6.1CVSS6.6AI score0.05972EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/08 12:0 a.m.•59 views

Nacos Jraft Hessian Deserialization Vulnerability

Nacos is an acronym for Dynamic Naming and Configuration Service, a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. A deserialization vulnerability exists in Nacos Jraft Hessian, which can be exploited by...

7AI score
Exploits0References1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•59 views

Shenzhen Greenlink Technology Co., Ltd DH2100 has a logic flaw vulnerability

DH2100 is a private cloud product that focuses on simplicity and ease of use. Ltd. DH2100 has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information...

2.9AI score
Exploits0
CNVD
CNVD
•added 2022/02/15 12:0 a.m.•59 views

Linux kernel information disclosure vulnerability (CNVD-2022-14701)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an information disclosure vulnerability that originates in the Linux kernel's TIPC protocol subsystem due to uninitialized memory that sends TIPC...

5.5CVSS5.5AI score0.00385EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/21 12:0 a.m.•59 views

WordPress Crisp Live Chat plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Crisp Live Chat plugin, which stems from a...

8.8CVSS1.5AI score0.00608EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•59 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2021-90307)

Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. Microsoft Exchange Server is a remote code execution vulnerability that can be exploited by attackers to remotely execute arbitrary code on the server by sending specially crafted malicious data to the...

8.8CVSS5.5AI score0.90388EPSS
Exploits9References1
Total number of security vulnerabilities5000