Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/03/02 12:0 a.m.•56 views

Google Android elevation of privilege vulnerability (CNVD-2023-26072)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by insecure deserialization when running ChooseTypeAndAccountActivity.java. An attacker can exploit the vulnerability to gain elevated...

7.8CVSS7.7AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•56 views

BDCOM 1704-WGL Information Disclosure Vulnerability

The BDCOM 1704-WGL is a router from BDCOM China. An information disclosure vulnerability exists in the BDCOM 1704-WGL version 2.0.6314, which originates from the file /param.file.tgz in the component Backup File Handler, which is not sufficiently protected for sensitive information and can be...

7.5CVSS7.1AI score0.00723EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/18 12:0 a.m.•56 views

Apache MINA Deserialization Vulnerability

Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...

9.8CVSS9.3AI score0.03571EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/09 12:0 a.m.•56 views

Linux kernel resource management error vulnerability (CNVD-2022-69188)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel version 5.19.12 and earlier versions, which stems from the presence of a race condition in...

4.2CVSS5.1AI score0.00243EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/22 12:0 a.m.•56 views

Zimbra File Upload Vulnerability

Zimbra Collaboration aka ZCS versions 8.8.15 and 9.0 are vulnerable to a file upload vulnerability that stems from a lack of valid authentication of uploaded files by the application. An authenticated attacker with administrator privileges could exploit the vulnerability to be able to upload...

7.2CVSS5.5AI score0.98234EPSS
Exploits14References1
CNVD
CNVD
•added 2022/02/15 12:0 a.m.•56 views

Portainer code issue vulnerability

A code issue vulnerability exists in Portainer Agent, a lightweight user management interface for managing Docker environments and Docker hosts, which stems from the product's failure to associate Portainer instances with past time. An attacker could exploit the vulnerability to cause the API...

9.8CVSS2.3AI score0.01644EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/27 12:0 a.m.•56 views

Linux kernel denial-of-service vulnerability (CNVD-2022-68576)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a denial-of-service vulnerability caused by a flaw in the sctpmakestrresetreq function in net/sctp/smmakechunk. A locally authenticated attacker can exploit this flaw to cau...

5.5CVSS2.6AI score0.00292EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•56 views

Samba Access Control Error Vulnerability

Samba is a standard Windows interoperability suite for Linux and Unix. Samba is vulnerable to an access control error that could be exploited by an attacker to retrieve plaintext passwords sent over the network...

5.9CVSS3.7AI score0.01752EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•56 views

Google Chrome WebView improperly implemented vulnerability (CNVD-2021-84807)

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to a WebView misimplementation. An attacker could exploit this vulnerability to leak cross-domain data through a crafted application...

5.5CVSS4.9AI score0.00588EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/18 12:0 a.m.•56 views

Adobe Captivate 2019 Elevation of Privilege Vulnerability

Adobe Captivate 2019 is a tool that allows us to quickly create and produce interactive content in html. An elevation of privilege vulnerability exists in Adobe Captivate 2019 11.5.5 and earlier versions. The vulnerability stems from creating temporary files in a directory with incorrect...

7.3CVSS2.9AI score0.00512EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•56 views

Linux kernel denial-of-service vulnerability (CNVD-2021-60517)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to an out-of-bounds access to xdrsetpagebase in net/sunrpc/xdr.c. By executing many NFS 4.2 READPLUS operations, a remote attacker could exploit this vulnerability to atta...

7.5CVSS2.7AI score0.03365EPSS
Exploits0References1
CNVD
CNVD
•added 2019/01/31 12:0 a.m.•56 views

Apache HTTP Server Authorization Issues Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server is vulnerable to an authorization issue. The vulnerability stems from modsession detecting the expiration time ...

7.5CVSS8.6AI score0.19994EPSS
Exploits0References1
CNVD
CNVD
•added 2018/03/28 12:0 a.m.•56 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-06535)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that stems from the program's failure to properly destroy HTTP/2...

5.9CVSS9.2AI score0.13436EPSS
Exploits0References1
CNVD
CNVD
•added 2017/02/10 12:0 a.m.•56 views

Converse.js User Simulation Vulnerability

Converse.js is a free, open source XMPP chat client that runs in your browser. A security vulnerability exists in versions 0.8.0 through 1.0.6 and 2.0.0 through 2.0.4 of Converse.js due to the program's failure to properly implement "XEP-0280: Message Carbons". A remote attacker could exploit thi...

5.9CVSS7AI score0.0094EPSS
Exploits2References1
CNVD
CNVD
•added 2016/03/07 12:0 a.m.•56 views

Exim Configuration File Path Elevation of Privilege Vulnerability

Exim is an open source messaging agent MTA developed by the University of Cambridge in the UK that runs on Unix systems and is responsible for routing, forwarding and delivering mail. A security vulnerability exists in Exim that stems from an error in the program's handling of environment variabl...

7CVSS7.6AI score0.05901EPSS
Exploits13References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•55 views

Microsoft Excel Resource Management Error Vulnerability

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel, which can be exploited by an attacker to remotely execute code...

7.8CVSS6.9AI score0.00347EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/05 12:0 a.m.•55 views

Command Execution Vulnerability in NBR6205-E of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-07921)

The NBR6205-E is a router product. A command execution vulnerability exists in the NBR6205-E of Beijing StarNet Ruijie Network Technology Co. that can be exploited by an attacker to gain server privileges...

7.4AI score
Exploits0
CNVD
CNVD
•added 2023/05/31 12:0 a.m.•55 views

Unauthorized access vulnerability in SuperMap iServer of Beijing SuperMap Software Co. Ltd (CNVD-2023-61163)

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•55 views

Google Chrome Web Audio API component buffer overflow vulnerability

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a boundary error in the Web Audio API component when handling untrusted input. A remote attacker could exploit this vulnerability to cause hea...

8.8CVSS2.5AI score0.00585EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•55 views

IBM Cloud Pak for Multicloud Management Monitoring has an unspecified vulnerability (CNVD-2023-08052)

IBM Cloud Pak for Multicloud Management is an application from International Business Machines IBM, Inc. used to manage the default functionality of multi-cloud environments. a security vulnerability exists in IBM Cloud Pak for Multicloud Management Monitoring version 2.0, version 2.3. An attacke...

8.8CVSS3.7AI score0.00532EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•55 views

Linux kernel elevation of privilege vulnerability (CNVD-2022-81493)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability that stems from the existence of memory reuse after release. An attacker could exploit this vulnerability to escalate privileges...

7.8CVSS3AI score0.01006EPSS
Exploits2References1
CNVD
CNVD
•added 2022/10/12 12:0 a.m.•55 views

Fortinet FortiOS Denial of Service Vulnerability

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS has a denial-of-service vulnerability that originates from the ability to force a NULL pointer to be dereferenced through the SSL VPN Portal, which can be...

7.5CVSS3.5AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/18 12:0 a.m.•55 views

Red Lion DA50N has an unspecified vulnerability

The Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. A security vulnerability exists in the Red Lion DA50N that could be exploited by an attacker to elevate to root access using the su command...

10CVSS3AI score0.01172EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/31 12:0 a.m.•55 views

Joomla! path traversal vulnerability (CNVD-2022-64100)

A path traversal vulnerability exists in Joomla! versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from a failure of a web system or product to properly filter special elements in a resource or file path, and can be exploited by remote attackers to send specially crafted .zip...

7.5CVSS4.5AI score0.02007EPSS
Exploits3References1
CNVD
CNVD
•added 2022/03/03 12:0 a.m.•55 views

Pluxml Code Injection Vulnerability

Pluxml is a free and open source content management system that does not require a database to work. A remote code execution vulnerability exists in Pluxml version v5.8.7, which can be exploited by an attacker to execute arbitrary code by inserting carefully crafted PHP code into a static page...

8.8CVSS8.2AI score0.02572EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/21 12:0 a.m.•55 views

Umbraco Password Reset Vulnerability

Umbraco is a Danish company Umbraco C written in open source content management system CMS. The Umbraco CMS suffers from a password reset vulnerability that stems from a lack of an effective trust management mechanism in a web-based system or product. An attacker could exploit the vulnerability t...

8.6CVSS7.5AI score0.01138EPSS
Exploits2References1
CNVD
CNVD
•added 2021/11/22 12:0 a.m.•55 views

CKEditor cross-site scripting vulnerability (CNVD-2021-92475)

CKEditor is an open source, web-based text editor. CKEditor suffers from a cross-site scripting vulnerability, which stems from the product's failure to effectively filter special characters in input data. An attacker can execute client-side code through this vulnerability...

8.2CVSS6.2AI score0.0147EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•55 views

Google Android Elevation of Privilege Vulnerability (CNVD-2021-80273)

Google Android is a Linux-based open-source operating system from the US company Google. Google Android has an elevation of privilege vulnerability that can be exploited by attackers to escalate privileges...

7.3CVSS5.7AI score0.00111EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/18 12:0 a.m.•55 views

Apache Jena XML External Entity Injection Vulnerability

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena in versions prior to 4.1.0 there is an XML external entity injection vulnerability , the vulnerability stems from the network system or...

7.5CVSS7.4AI score0.04007EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•55 views

Linux kernel denial-of-service vulnerability (CNVD-2021-60513)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a failure to properly set the connection order flaw in fs/nfs/nfs4client.c. A remote attacker could exploit this flaw to cause a mount hang and result in a denial of...

6.5CVSS2AI score0.01245EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/23 12:0 a.m.•55 views

Linux kernel security bypass vulnerability (CNVD-2021-60525)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by an attacker to control bypass restrictions in order to escalate his privileges on the host system...

7.4CVSS1.7AI score0.00413EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•55 views

Adobe After Effects Out-of-Bounds Writing Vulnerability (CNVD-2021-54341)

Adobe After Effects "AE" is a graphics and video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.2.1 and earlier...

9.3CVSS6.1AI score0.02438EPSS
Exploits0References1
CNVD
CNVD
•added 2018/04/26 12:0 a.m.•55 views

Apache Tika Command Injection Vulnerability

Apache Tika can leverage existing parsing libraries to detect and extract metadata and structured content from documents in different formats e.g., HTML, PDF, Doc. A command injection vulnerability exists in Apache Tika versions 1.7 through 1.17. An attacker can send a specially crafted header to...

9.3CVSS7.8AI score0.93972EPSS
Exploits10References1
CNVD
CNVD
•added 2018/01/29 12:0 a.m.•55 views

MariaDB and Percona XtraDB Cluster Denial of Service Vulnerability

MariaDB is a free and open source database management system developed by Monty Program Ab, Inc. and the MariaDB Foundation, Inc. and a forked version of MySQL using the Maria storage engine.Percona XtraDB Cluster is a package for creating MySQL clusters. A security vulnerability exists in the...

8.8CVSS6.8AI score0.03287EPSS
Exploits0References1
CNVD
CNVD
•added 2017/08/17 12:0 a.m.•55 views

CloudBees Jenkins Blue Ocean Plugin Security Bypass Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

4.3CVSS5AI score0.00717EPSS
Exploits0References1
CNVD
CNVD
•added 2017/02/14 12:0 a.m.•55 views

Sophos Web Appliance Command Injection Vulnerability

Sophos Web Appliance is a web security gateway solution. An input validation vulnerability in the MgrReport.php file in the web management interface of the Sophos Web Appliance could be exploited by an attacker to submit a special request to inject a system command and execute it...

9CVSS7.1AI score0.19312EPSS
Exploits6References1
CNVD
CNVD
•added 2016/10/12 12:0 a.m.•55 views

libgit2 Denial of Service Vulnerability

libgit2 is a portable, pure C implementation of the Git development package , as a reentrant link library with a solid API , libgit2 allows you to use any language to write Git applications . A denial of service vulnerability exists in libgit2. An attacker can exploit this vulnerability to crash...

5.5CVSS5.7AI score0.01837EPSS
Exploits0References1
CNVD
CNVD
•added 2016/10/08 12:0 a.m.•55 views

Cisco Firepower Management Center Console Local File Inclusion Vulnerability

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A local file inclusion vulnerability exists in Cisco Firepower Threat Management Console, which can be exploited by an attacker to obtain sensitive system information...

9CVSS6.4AI score0.7575EPSS
Exploits8References1
CNVD
CNVD
•added 2016/05/20 12:0 a.m.•55 views

Moxa EDR-G903 Memory Disclosure Vulnerability

Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in Moxa EDR-G903 V3.4.11 and earlier versions. A remote attacker can exploit the vulnerability to cause a memory leak...

7.8CVSS6.9AI score0.01823EPSS
Exploits0References1
CNVD
CNVD
•added 2016/05/13 12:0 a.m.•55 views

CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

4.3CVSS6.6AI score0.01926EPSS
Exploits0References1
CNVD
CNVD
•added 2015/07/14 12:0 a.m.•55 views

Merethis Centreon 'getStats.php' Remote Command Execution Vulnerability

Merethis Centreon is an open source IT monitoring software from Merethis France that needs to be paired with Nagios to manage Nagios via the web web and to enable monitoring of networks, operating systems and applications via third-party components. A remote command execution vulnerability exists...

6.5CVSS7.9AI score0.09146EPSS
Exploits5References1
CNVD
CNVD
•added 2023/01/05 12:0 a.m.•54 views

Fortinet FortiPortal Cross-Site Scripting Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. attacker could exploit the vulnerability to execute stored cross-site scripting by sending...

6.8CVSS1.8AI score0.00573EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/02 12:0 a.m.•54 views

Logic Flaw Vulnerability in Intelligent IOT Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2023-04211)

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A logic flaw vulnerability exists in the Intelligent IOT Integrated Management Platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited by an...

6.9AI score
Exploits0
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•54 views

WordPress Beautiful Cookie Consent Banner plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

4.8CVSS4.8AI score0.00459EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/20 12:0 a.m.•54 views

Unspecified vulnerability in Linux kernel (CNVD-2022-70572)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that originates from an affected function intrcallback in file drivers/net/usb/r8152.c, which results in logging of too much...

5.3CVSS6.3AI score0.02211EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•54 views

Zimbra Collaboration Suite Remote Code Execution Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaborative office suite. The product includes WebMail, Calendar, Address Book, etc. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions 8.8.15 and 9.0, which stems from a lack of valid authentication of uploaded files by t...

9.8CVSS3.2AI score0.95478EPSS
Exploits7References1
CNVD
CNVD
•added 2022/09/24 12:0 a.m.•54 views

Linux kernel resource management error vulnerability (CNVD-2022-69191)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel 5.19.10 and earlier versions, which stems from a confusion in the instruction responsible for freeing memory in...

5.5CVSS6.7AI score0.00778EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/25 12:0 a.m.•54 views

Oracle Solaris Denial of Service Vulnerability (CNVD-2022-54629)

Oracle Solaris is a set of UNIX operating systems from Oracle. A denial of service vulnerability exists in the Filesystem component of Oracle Solaris 11. An attacker could exploit this vulnerability to corrupt Oracle Solaris, which could result in unauthorized updates, insertions, or deletions of...

7.6CVSS6.7AI score0.00679EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/24 12:0 a.m.•54 views

Google TensorFlow Input Validation Error Vulnerability (CVE-2022-29192)

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to an input validation error in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which originates in tf.rawops QuantizeAndDequantizeV4Grad does not fully validate the input parameters and c...

5.5CVSS4.6AI score0.0034EPSS
Exploits1References1
CNVD
CNVD
•added 2022/04/18 12:0 a.m.•54 views

Hikvision iVMS-A100 has a command execution vulnerability

Hikvision iVMS-A100 is an integrated alarm video management platform that implements multiple functions such as alarm management, video review, preview playback, storage and download, alarm linkage, remote control, information forwarding, business management, and value-added services. iVMS-A100 i...

4AI score
Exploits0
Total number of security vulnerabilities5000