Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/11/03 12:0 a.m.60 views

OpenSSL Remote Code Execution Vulnerability (CNVD-2022-73348)

OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, a protocol implementation based on the Full Strength Common Cryptographic Library used to protect communications on computer networks from eavesdropping and widely used by...

2.9AI score0.9077EPSS
Exploits6Affected Software1
CNVD
CNVD
added 2022/10/22 12:0 a.m.60 views

Linux kernel access control error vulnerability (CNVD-2022-74085)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an access control error. A remote attacker could retrieve sensitive information by connecting to a Web-based management interface and requesting URLs...

3AI score0.00277EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/12 12:0 a.m.60 views

Fortinet FortiOS Denial of Service Vulnerability

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS has a denial-of-service vulnerability that originates from the ability to force a NULL pointer to be dereferenced through the SSL VPN Portal, which can be...

7.5CVSS3.5AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.60 views

Moodle Cross-Site Scripting Vulnerability (CNVD-2022-54914)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...

6.1CVSS1.9AI score0.03747EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/08 12:0 a.m.60 views

Agile Point SQL Injection Vulnerability

Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...

8.8CVSS9AI score0.00705EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.60 views

Ruijie Networks RG-EG Series Routers SQL Injection Vulnerability (CNVD-2022-66402)

Ruijie RG-EG series gateway EG350 is a Ruijie gateway product. sql injection vulnerability exists in RG-EG series gateway EG350 alarmService.php, which allows remote attackers to submit special SQL requests to manipulate the database and obtain sensitive information or execute arbitrary code. cod...

6.4CVSS6.6AI score0.00827EPSS
Exploits0
CNVD
CNVD
added 2022/06/15 12:0 a.m.60 views

Unauthorized Access Vulnerability in Atlassian System dashboard-Jira

Atlassian Jira is a defect tracking management system from Atlassian. The system is mainly used to track and manage all types of issues and defects in the workplace. An unauthorized access vulnerability exists in Atlassian System dashboard-Jira, which can be exploited by an attacker to obtain...

5.3CVSS5.3AI score0.99999EPSS
Exploits6
CNVD
CNVD
added 2022/05/23 12:0 a.m.60 views

Fastjson Remote Code Execution Vulnerability (CNVD-2022-40233)

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a remote code execution vulnerability that can be exploited by an attacker to bypass the...

8.1AI score
Exploits0References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.60 views

Linux kernel denial-of-service vulnerability (CNVD-2022-69195)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel versions prior to 5.16.10 are vulnerable due to a failure to properly validate interface OS descriptor requests in the USB gadget subsystem. A local attacker could exploit this vulnerabilit...

4.9CVSS2.1AI score0.00927EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/14 12:0 a.m.60 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-47682)

Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android, which originates in GKIgetbuf in gkibuffer.cc. Due to a heap buffer overflow, an out-of-bounds write may exist, and an attacker could use this vulnerability to...

10CVSS4.1AI score0.05927EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/27 12:0 a.m.60 views

cve-search has an unspecified vulnerability

Cve-Search is a tool that performs local searches for known vulnerabilities. It is used for searching, indexing, correlating and managing software vulnerabilities. cve-search versions prior to 4.1.0 have a security vulnerability that stems from lib/DatabaseLayer.py allowing regular expression...

7.5CVSS4.5AI score0.01874EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/12 12:0 a.m.60 views

Linux kernel memory overwrite vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory overwrite vulnerability exists in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in Linux kernel...

7.8CVSS7.1AI score0.00358EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/05 12:0 a.m.60 views

Liferay Portal and Liferay DXP code issue vulnerability

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

7.5CVSS1.7AI score0.01202EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/30 12:0 a.m.60 views

Vinades NukeViet CMS SQL Injection Vulnerability

Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...

9.8CVSS6.3AI score0.01583EPSS
Exploits1References1
CNVD
CNVD
added 2019/04/03 12:0 a.m.60 views

Apache HTTP Server Authentication Bypass Vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation of an open source web server . An authentication bypass vulnerability exists in Apache HTTP Server. An attacker can exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations...

7.5CVSS9.7AI score0.17666EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/14 12:0 a.m.60 views

Zeta Components Mail Remote Code Execution Vulnerability

Zeta Components is a high-quality , general-purpose application development library based on PHP 5 implementation . A remote code execution vulnerability exists in the Zeta Components Mail library version 1.8.1 and earlier, which can be exploited by an attacker to execute arbitrary code on a serv...

8.1CVSS8.7AI score0.10652EPSS
Exploits3References1
CNVD
CNVD
added 2017/08/14 12:0 a.m.60 views

Symantec Messaging Gateway Remote Code Execution Vulnerability (CNVD-2017-28446)

Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A remote code execution vulnerability exists in Symantec Messaging Gateway versions prior to 10.6.3-267. A remote attacker could exploit this...

8.8CVSS9AI score0.35341EPSS
Exploits7References1
CNVD
CNVD
added 2016/03/04 12:0 a.m.60 views

Netgear Multiple Device Authentication Bypass Vulnerability

Netgear is a global leader in enterprise networking solutions and a champion of digital home networking applications. An authentication bypass vulnerability exists in several Netgear devices, which can be exploited by an attacker to launch a command injection attack by passing an input command li...

10CVSS7.8AI score0.98325EPSS
Exploits5References1
CNVD
CNVD
added 2015/01/16 12:0 a.m.60 views

ASUSWRT Backdoor Command Execution Vulnerability

ASUSWRT is the ASUS router firmware. In ASUS WRT versions 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, infosvr's common.c fails to properly check the requested MAC address, which could allow a remote attacker to send a NETCMDIDMANUCMD packet to UDP port 9999, by sending a packet to UDP port 9999, an...

10CVSS7.2AI score0.80731EPSS
Exploits12References1
CNVD
CNVD
added 2024/01/12 12:0 a.m.59 views

Linux kernel code issue vulnerability (CNVD-2024-06235)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from vhostnewmsg in drivers/vhost/vhost.c failing to properly initialize memory in messages passed between a...

5.5CVSS6.3AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
added 2023/06/08 12:0 a.m.59 views

Nacos Jraft Hessian Deserialization Vulnerability

Nacos is an acronym for Dynamic Naming and Configuration Service, a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. A deserialization vulnerability exists in Nacos Jraft Hessian, which can be exploited by...

7AI score
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.59 views

Shenzhen Greenlink Technology Co., Ltd DH2100 has a logic flaw vulnerability

DH2100 is a private cloud product that focuses on simplicity and ease of use. Ltd. DH2100 has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information...

2.9AI score
Exploits0
CNVD
CNVD
added 2021/11/12 12:0 a.m.59 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2021-90307)

Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. Microsoft Exchange Server is a remote code execution vulnerability that can be exploited by attackers to remotely execute arbitrary code on the server by sending specially crafted malicious data to the...

8.8CVSS5.5AI score0.90388EPSS
Exploits9References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.59 views

Adobe Premiere Elements memory buffer out-of-bounds access vulnerability

Adobe Premiere Elements is a video editing software application from Adobe. Adobe Premiere Elements 2021 build 19.0 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

9.3CVSS6.2AI score0.0155EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/14 12:0 a.m.59 views

Mgetty Buffer Overflow Vulnerability

Mgetty is a getty replacement program for data and fax operations. A buffer overflow vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from a failure of the program to filter the 'mailto' in the 'faxnotifymail' function. parameter in the 'faxnotifymail'...

7.8CVSS7.7AI score0.00448EPSS
Exploits2References1
CNVD
CNVD
added 2017/11/14 12:0 a.m.59 views

Ulterius Directory Traversal Vulnerability

Ulterius is a set of remote control management tools. A directory traversal vulnerability exists in the 'Process' function of the RemoteTaskServer/WebServer/HttpServer.cs file in versions of Ulterius prior to 1.9.5.0. An attacker can exploit this vulnerability to download files...

7.5CVSS6.9AI score0.91496EPSS
Exploits6References1
CNVD
CNVD
added 2017/07/03 12:0 a.m.59 views

ISC BIND Security Bypass Vulnerability (CNVD-2017-12537)

BIND is an open source implementation of the DNS Domain Name System protocol that contains all the software needed to query and respond to domain names. It is the most widely used type of DNS server on the Internet. A security bypass vulnerability exists in ISC BIND. An attacker can exploit this...

7.5CVSS6.8AI score0.18157EPSS
Exploits1References1
CNVD
CNVD
added 2023/05/23 12:0 a.m.58 views

Remote Code Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co.

Electronic document security management system referred to as: CDG is an electronic document security protection software, the system utilizes the driver layer transparent encryption technology, through the encryption and protection of electronic documents, to prevent the internal staff leakage a...

8AI score
Exploits0
CNVD
CNVD
added 2023/01/05 12:0 a.m.58 views

Fortinet FortiPortal Cross-Site Scripting Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. attacker could exploit the vulnerability to execute stored cross-site scripting by sending...

6.8CVSS1.8AI score0.00573EPSS
Exploits0References1
CNVD
CNVD
added 2022/12/16 12:0 a.m.58 views

File Upload Vulnerability in Intelligent Park Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2023-03860)

Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by an attacker to gain server privileges...

7.3AI score
Exploits0
CNVD
CNVD
added 2022/11/24 12:0 a.m.58 views

NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...

9.1CVSS3.7AI score0.00791EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/18 12:0 a.m.58 views

Apache MINA Deserialization Vulnerability

Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...

9.8CVSS9.3AI score0.03571EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/31 12:0 a.m.58 views

Atlassian Bitbucket Server和Data Center命令执行漏洞

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff views, JIRA integration, and build integration.A command execution vulnerability exists in Atlassian Bitbucket Server and Data...

8.8CVSS3AI score0.99077EPSS
Exploits24References1
CNVD
CNVD
added 2022/08/06 12:0 a.m.58 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-88288)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An input validation error vulnerability exists in Oracle MySQL, which can be exploited by an attacker to cause certain unauthorized update, insert, o...

4.2CVSS3.7AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.58 views

Tenda AC15 Command Injection Vulnerability

The Tenda AC15 is a wireless router from the Chinese company Tenda. The Tenda AC15 has a security vulnerability that can be exploited by an attacker to cause unconditional arbitrary command execution in conjunction with CVE-2021-44971...

9.8CVSS8.6AI score0.2197EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/24 12:0 a.m.58 views

Attendance and Payroll System SQL注入漏洞(CNVD-2022-33143)

Attendance and Payroll System is a PHP/MySQLi source code attendance and payroll system by oretnom23 individual developers. version v1.0 of Attendance and Payroll System is vulnerable to SQL injection, which originates from the component adminovertime delete.php lacks validation of external input...

8.8CVSS5.9AI score0.01095EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/19 12:0 a.m.58 views

WordPress plugin Caldera Forms cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...

4.3CVSS2AI score0.01195EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/02/24 12:0 a.m.58 views

Linux kernel elevation of privilege vulnerability (CNVD-2022-69197)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a post-release use in the implementation of the RDMA communication manager listener code. By sending a carefully crafted request, an attacker could exploit this...

7.8CVSS3.3AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/16 12:0 a.m.58 views

Google Chrome Animation Code Execution Vulnerability

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome Animation, which can be exploited by an attacker to execute arbitrary code on a system or cause a denial of service condition...

8.8CVSS8.9AI score0.23546EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/28 12:0 a.m.58 views

Unauthorized Access Vulnerability in HP LaserJet MFP M426fdw Printer

Hewlett-Packard HP is one of the information technology IT companies, founded in 1939 1. Headquartered in Palo Alto, California, USA. Hewlett-Packard has three business groups: Information Products Group, Printing and Imaging Systems Group and Enterprise Computer Professional Services Group. An...

6.6AI score
Exploits0
CNVD
CNVD
added 2018/10/15 12:0 a.m.58 views

Blueimp jQuery-File-Upload Arbitrary File Upload Vulnerability

Blueimp jQuery-File-Upload is a multi-language file upload tool that includes file selection, file drag and drop, progress bar display and image preview. An arbitrary file upload vulnerability exists in Blueimp jQuery-File-Upload 9.22.0 and earlier versions, which can be exploited by remote...

9.8CVSS9.4AI score0.97107EPSS
Exploits15References1
CNVD
CNVD
added 2018/09/14 12:0 a.m.58 views

Apache Syncope Remote Code Execution Vulnerability (CNVD-2018-18784)

Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope uses XSLT to export report data to various formats...

7.2CVSS6.9AI score0.18024EPSS
Exploits4References1
CNVD
CNVD
added 2017/11/09 12:0 a.m.58 views

Flexense Sync Breeze Enterprise Buffer Overflow Vulnerability

Flexense Sync Breeze Enterprise is a set of file synchronization tools from Flexense Canada. The tool has features such as file management and data synchronization. A buffer overflow vulnerability exists in Flexense Sync Breeze Enterprise version 10.0.28. A remote attacker could exploit this...

9.8CVSS8.1AI score0.22483EPSS
Exploits7References1
CNVD
CNVD
added 2017/05/09 12:0 a.m.58 views

Denial of service vulnerability in several Siemens industrial products (CNVD-2017-06151)

SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are industrial automation products of Siemens, Germany. A denial of service vulnerability exists in several Siemens industrial devices. Allows an attacker to launch a denial of service attack via specially crafted PROFINET DCP packets sent on the loc...

7.1CVSS6.5AI score0.01149EPSS
Exploits0References1
CNVD
CNVD
added 2017/01/20 12:0 a.m.58 views

Oracle VM VirtualBox Remote Vulnerability

Oracle Virtualization Oracle VirtualBox is a virtual machine component of Oracle's virtualization solution. A security vulnerability exists in the GUI subcomponent of the Oracle VM VirtualBox component in Oracle Virtualization. An attacker could exploit this vulnerability to compromise the...

8.4CVSS6.7AI score0.06961EPSS
Exploits4References1
CNVD
CNVD
added 2016/12/16 12:0 a.m.58 views

Core Remote Elevation of Privilege Vulnerability

Joomla! is a PHP-based open source content management system CMS. Can be used to build commercial Web sites , personal blogs , information management systems , Web services , etc. , but also for secondary development to expand the scope of use . A remote elevation of privilege vulnerability exist...

7.5CVSS7AI score0.14099EPSS
Exploits6References1
CNVD
CNVD
added 2015/10/22 12:0 a.m.58 views

CloudBees Jenkins CI and LTS Scripting Vulnerabilities

CloudBees Jenkins CI formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI. A security vulnerability exists in the Combination filter Groovy script in CloudBees Jenkins CI...

6.5CVSS8AI score0.02523EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/22 12:0 a.m.58 views

Multiple Vulnerabilities in VLC Media Player

VLC Media Player is a popular multimedia playback program. VLC Media Player contains multiple unspecified vulnerabilities that could be exploited by attackers to construct malicious files that could be parsed by users, which could crash the application or execute code...

7.8CVSS7.2AI score0.02385EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/01 12:0 a.m.57 views

Ollama Unauthorized Access Vulnerability

Ollama is an open source Large Language Model LLM runtime environment and toolset designed to help developers easily deploy, manage, and use models e.g., DeepSeek, etc.. Ollama suffers from an unauthorized access vulnerability, which is due to the fact that Ollama is not set up with authenticatio...

7.5AI score
Exploits0
CNVD
CNVD
added 2023/12/12 12:0 a.m.57 views

Apache Struts Directory Traversal Vulnerability

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts suffers from a directory...

9.8CVSS7.6AI score0.80819EPSS
Exploits15References1
Total number of security vulnerabilities5000