Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

Rancher Labs Rancher Information Disclosure Vulnerability

Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, U.S. Rancher Labs Rancher is vulnerable to an information disclosure vulnerability that stems from exposing repository credentials to an external third-party source, which could be exploited ...

7.5CVSS1.7AI score0.00706EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

WordPress All In One WP Security

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress All In One WP Security...

4.7CVSS1.2AI score0.00726EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

Clam AntiVirus Memory Leak Vulnerability

Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats.Clam AntiVirus suffers from a memory leak vulnerability that can be exploited by unauthenticated remote attackers to cause a denial of service...

7.8CVSS5.1AI score0.0663EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

F5 BIG-IP has an unspecified vulnerability (CNVD-2022-77523)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial of service on the BIG-IP...

7.5CVSS5.6AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

WordPress Multiple Shipping Address Woocommerce plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The vulnerability stems from a failure to validate, clean up, and escape various user inputs before using...

9.8CVSS1.7AI score0.07866EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

NanoHTTPD Information Disclosure Vulnerability

NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...

5.5CVSS6.1AI score0.00289EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

F5 F5OS-A Information Disclosure Vulnerability

F5 F5OS-A is an operating system software from F5 Inc. F5 F5OS-A is vulnerable to information disclosure, which could be exploited by attackers to gain read-only access to the Docker registry...

5.3CVSS3.1AI score0.00717EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/06 12:0 a.m.27 views

JetBrains IntelliJ IDEA Access Control Error Vulnerability

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from Jetbrains Czech Republic.JetBrains IntelliJ IDEA versions prior to 2022.1 are vulnerable to an access control error vulnerability that stems from a flaw in source checking in the internal web server...

7.1CVSS3.2AI score0.00144EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/06 12:0 a.m.27 views

IBM UrbanCode Deploy Encryption Issue Vulnerability (CNVD-2022-63372)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in...

7.5CVSS2.1AI score0.00621EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.27 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2022-66262)

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server version 11.7, which can be...

6.1CVSS5.9AI score0.0059EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.27 views

Delta Electronics DIAEnergie ReadRegIND SQL Injection Vulnerability (CNVD-2022-36021)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

10CVSS9.9AI score0.01138EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/29 12:0 a.m.27 views

Nextcloud Android app access control error vulnerability

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud Android app versions prior to 3.19.1 contain an access control error vulnerability that stems from improper access control, which is exploited by An authenticated attacke...

2.1CVSS3.8AI score0.00467EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/04/22 12:0 a.m.27 views

Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64251)

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR suffers from an input validation error vulnerability that can be exploited by attackers to initiate certain activities...

8.5CVSS7.8AI score0.00134EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.27 views

MariaDB Binary_string::free_buffer() component memory misreference vulnerability

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A memory misreference vulnerability exists in MariaDB v10.6.3 and lower, which stems from a post-release reuse error in the component...

7.4AI score
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows Installer Elevation of Privilege Vulnerability

Microsoft Windows Installer is a component of the Windows operating system from Microsoft. It provides a standard basis for installing and uninstalling software. An elevation of privilege vulnerability exists in Microsoft Windows Installer. The vulnerability stems from an incorrect programmatic...

7.8CVSS8.2AI score0.00963EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60117)

Microsoft Edge is a web browser that comes with versions of Windows 10 and later, and an elevation of privilege vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to elevate privileges...

8.3CVSS5.5AI score0.01742EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84610)

Microsoft Windows is a set of operating systems for personal devices used by the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...

8.5CVSS6.7AI score0.01841EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows SMB Remote Code Execution Vulnerability (CNVD-2022-74596)

Microsoft Windows SMB Server is a network file sharing protocol from Microsoft Corporation USA. It allows applications on a computer to read and write files and request services from server programs on the computer network.A remote code execution vulnerability exists in Microsoft Windows SMB. An...

7.5CVSS4.3AI score0.01936EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows Hyper-V Remote Code Execution Vulnerability (CNVD-2023-02191)

Microsoft Windows Hyper-V is a tool from Microsoft USA that provides hardware virtualization. A remote code execution vulnerability exists in Microsoft Windows Hyper-V, which can be exploited by an attacker to execute arbitrary code on a system...

8.1CVSS8.8AI score0.0274EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84114)

Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...

9CVSS6.9AI score0.03665EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.27 views

Samsung Smart Switch PC DLL hijacking vulnerability

Samsung Smart Switch PC is a Windows software from Samsung, a South Korean company, used for data transfer. A security vulnerability exists in previous versions of Samsung Smart Switch PC 4.2.220224, which can be exploited by attackers to execute arbitrary code...

7.8CVSS4.6AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.27 views

Jenkins Mask Passwords Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

5.4CVSS1.2AI score0.00798EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.27 views

Samsung SMR Buffer Overflow Vulnerability (CNVD-2022-63646)

Samsung SMR is a system patch package from South Korea's Samsung Samsung. A buffer overflow vulnerability exists in versions prior to Samsung SMR Apr-2022 Release 1, which stems from incorrect boundary checking in libsflvextractor's sflvdrdbufbits function. An attacker could exploit this...

4.4CVSS5.7AI score0.00095EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/08 12:0 a.m.27 views

ASUS RT-AC86U Command Injection Vulnerability

The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands and interrupt or terminate services...

8.8CVSS8.1AI score0.00842EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.27 views

WordPress Library File Manager plugin跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Library File Manager plugin has a cross-site request forgery vulnerability, which stems from the fact that the plugin uses a...

5.5CVSS3.2AI score0.01231EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/04/07 12:0 a.m.27 views

SWHKD Resource Management Error Vulnerability

SWHKD is a display protocol-independent hotkey daemon made in Rust. SWHKD has a security vulnerability that stems from insecure parsing and can be exploited by an attacker to cause a simple denial of service memory exhaustion when attempting to parse large or unlimited files such as blocks or...

5.3CVSS3.5AI score0.00822EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/06 12:0 a.m.27 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60122)

Microsoft Edge Chromium-based is vulnerable to an elevation-of-privilege vulnerability in Microsoft Edge, a web browser that ships with Windows 10 and later. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges...

8.3CVSS4AI score0.01742EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/02 12:0 a.m.27 views

Delta Electronics DIAEnergie Code Issue Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A code issue...

7.8CVSS2AI score0.00235EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.27 views

TOTOLINK EX300_v2 and EX1200T Access Control Error Vulnerability

TOTOLINK EX300 is a 300 Mbps wireless N range extender from TotoLink, China, and TOTOLINK EX1200T is a Wi-Fi range extender from Gion Electronics TOTOLINK, China.An access control error vulnerability exists in TOTOLINK EX300v2 and EX1200T. The vulnerability stems from the fact that the device web...

8.8CVSS2.8AI score0.04263EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.27 views

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2022-61336)

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. cross-site scripting vulnerabilities exist in versions of OpenEMR prior to...

7.3CVSS2.2AI score0.51613EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.27 views

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2022-61335)

OpenEMR is an open source healthcare management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. cross-site scripting vulnerabilities exist in versions of OpenEMR prior to...

4.6CVSS1.4AI score0.00592EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.27 views

IBM Cognos Controller Licensing Issue Vulnerability (CNVD-2022-48940)

IBM Cognos Controller is a business intelligence and planning solution from IBM Corporation. The product features process automation, financial audit control, and the creation and management of financial reports.IBM Cognos Controller has an authorization issue vulnerability that can be exploited ...

9.8CVSS5AI score0.01481EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.27 views

Bentley MicroStation CONNECT Information Disclosure Vulnerability (CNVD-2022-65020)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting. An information disclosure vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to obtain sensitive information...

4.3CVSS3.5AI score0.01424EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.27 views

Joomla! Cross-site scripting vulnerability (CNVD-2022-64104)

Joomla! is a set of forum components used in the Joomla! content management system. versions 3.7.0 to 3.10.6 have a cross-site scripting vulnerability, which originates from the comfields class that does not sufficiently clean up and escape data provided to the user, and can be used by attackers ...

6.1CVSS3.4AI score0.00565EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.27 views

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65619)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...

7.8CVSS5.5AI score0.01911EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.27 views

Joomla! input validation error vulnerability (CNVD-2022-64098)

Joomla! is a set of forum components used in the Joomla! content management system. versions 2.5.0 to 3.10.6 and 4.0.0 to 4.1.0 contain an input validation error vulnerability that can be exploited by attackers to invalidate the check of whether the redirected url is internal, possibly leading to...

6.1CVSS3.9AI score0.00566EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.27 views

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65622)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...

7.8CVSS5.5AI score0.01911EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/30 12:0 a.m.27 views

DrayTek Vigor Remote Command Injection Vulnerability

DrayTek Vigor is a router. A remote command injection vulnerability exists in DrayTek Vigor, which can be exploited by attackers to allow a remote malicious user to execute arbitrary code via a crafted HTTP message containing a malformed query string in mainfunction.cgi...

9.8CVSS7.1AI score0.34845EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/29 12:0 a.m.27 views

Bulletin Board System File Upload Vulnerability (CNVD-2022-63667)

Bulletin Board System is a web forum. bulletin Board System is vulnerable to file upload, which can be exploited by attackers to execute arbitrary code...

7.2CVSS4.7AI score0.01528EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.27 views

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2022-28454)

Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A cross-site scripting vulnerability exists in Open-xchange OX App Suite version 7.10.5 and prior...

6.1CVSS6AI score0.00898EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/18 12:0 a.m.27 views

Waitress Environmental Issues Vulnerability (CNVD-2022-21483)

Waitress is a WSGI Web Server Gateway Interface server for Python. Waitress 2.1.0 and earlier versions are vulnerable to an environmental issue that stems from a software agent's inability to properly validate incoming HTTP requests for compliance, which allows smuggling through a front-end agent...

7.5CVSS1.7AI score0.01738EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.27 views

WordPress Simple Tracking plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of WordPress Simple Tracking plugin prior to 1.7, which stems from the plugin's...

4.8CVSS2.2AI score0.00612EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/15 12:0 a.m.27 views

Huawei Emui and Magic UI video framework stack buffer overflow vulnerability

Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI video framework are vulnerable to a stack buffer overflow vulnerability that can be exploited by attackers to impact usability...

7.8CVSS4.8AI score0.00736EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.27 views

Dell BIOS Input Validation Error Vulnerability (CNVD-2022-85082)

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA.Dell BIOS is vulnerable to an input validation error, which can be exploited by an authenticated attacker to obtain arbitrary code execution during SMM by using SMI...

8.2CVSS3.2AI score0.00275EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.27 views

SuiteCRM Deserialization Vulnerability

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM suffers from a deserialization vulnerability that stems from insecure deserialization of serialized data received by the application from users, which can be exploited by attackers to execute arbitrary code via...

8.8CVSS5.2AI score0.53235EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.27 views

Microsoft Word Security Bypass Vulnerability

Microsoft Word is a word processing software in the Office suite from Microsoft Corporation USA. a security bypass vulnerability exists in Microsoft Word. An attacker could exploit the vulnerability to bypass security features, thereby affecting the integrity...

5.5CVSS2.1AI score0.01941EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.27 views

WordPress Product Feed PRO for WooCommerce Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Product Feed PRO for WooCommerce Plugin before 11.2.3...

5.4CVSS5.3AI score0.00742EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.27 views

Microsoft Azure Site Recovery Code Injection Vulnerability (CNVD-2022-18004)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to code injection. No details of the vulnerability are currently available...

7.2CVSS1.6AI score0.02337EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.27 views

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2022-17792)

Siemens SINEC NMS is a network management system NMS from Siemens Germany that is used to centrally monitor, manage, and configure industrial networks with tens of thousands of devices 24/7, including security-related areas.A SQL injection vulnerability in Siemens SINEC NMS allows a privileged,...

7.2CVSS3.1AI score0.03435EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.27 views

Microsoft Azure Site Recovery Permissions Licensing and Access Control Issues Vulnerability (CNVD-2022-17999)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to privilege permission and access control issues. No details of the vulnerability are available at this time...

7.2CVSS2.1AI score0.02649EPSS
Exploits0References1
Total number of security vulnerabilities5000