Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/07/13 12:0 a.m.•53 views

Annotation Tool path traversal vulnerability

Annotation Tool is a Bonn activity map annotation tool open sourced by bonn-activity-maps. 2021-08-31 and earlier versions of Annotation Tool are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource o...

9.3CVSS3.6AI score0.01242EPSS
Exploits1References1
CNVD
CNVD
•added 2022/06/14 12:0 a.m.•53 views

Apache containerd resource management error vulnerability

Apache containerd is a container daemon of the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to a resource management error that results from not properly controlling...

2.1CVSS2.5AI score0.00377EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/03/25 12:0 a.m.•53 views

Linux kernel information disclosure vulnerability (CNVD-2022-79426)

Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux.KVM is one of the kernel-based virtual machines. Linux kernel suffers from an information disclosure vulnerability that arises from errors in configuration and other errors in the operation of a networked...

5.5CVSS6.1AI score0.00462EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/08 12:0 a.m.•53 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-20170)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel 5.16.12 and earlier versions have a security vulnerability that stems from an untrusted length parameter that leads to an EVTTRANSACTION buffer overflow. No details of the vulnerability are...

7.8CVSS4AI score0.00432EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/18 12:0 a.m.•53 views

Linux kernel code execution vulnerability (CNVD-2022-69194)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.16.10 and earlier versions have a security vulnerability that could be exploited by attackers to execute arbitrary code on the system...

7.8CVSS5.3AI score0.01054EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/26 12:0 a.m.•53 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-07913)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation. Oracle MySQL Cluster 7.4.34, 7.5.24, 7.6.20, 8.0.27 and earlier versions are vulnerable to an input validation error. An attacker could use this vulnerability to corrupt or...

6.3CVSS4.5AI score0.02518EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/09 12:0 a.m.•53 views

Apostrophe CMS Cross-Site Scripting Vulnerability

Apostrophe CMS is a fully functional open source CMS built using Node.js, designed to enhance organization by combining contextual editing and headless architecture in a full-stack JS environment.Apostrophe CMS = cross-site scripting vulnerability, which originates in Apostrophe CMS versions...

5.4CVSS0.5AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/19 12:0 a.m.•53 views

SQL Injection Vulnerability in Huatian Power OA Office System

Huatian Power OA8000 system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA8000 system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information...

7.7AI score
Exploits0
CNVD
CNVD
•added 2021/06/09 12:0 a.m.•53 views

Weak Password Vulnerability in 3Com-OfficeConnect ADSL Wireless 11g Firewall Router

Founded in 1979, 3Com is a U.S. equipment provider of security products, integrated voice appliances, and data networking solutions for businesses of all sizes. A weak password vulnerability exists in the 3Com-OfficeConnect ADSL Wireless 11g Firewall Router, which can be exploited by attackers to...

7.1AI score
Exploits0
CNVD
CNVD
•added 2018/09/14 12:0 a.m.•53 views

Mgetty Command Injection Vulnerability (CNVD-2019-03439)

Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in Mgetty versions prior to 1.2.1, which stems from the 'doactivate' function failing to properly filter shell metacharacters in the fax/faxq-helper.c file, which can be exploited by an...

7.8CVSS8AI score0.01323EPSS
Exploits2References1
CNVD
CNVD
•added 2016/08/16 12:0 a.m.•53 views

Ruby on Rails Active Record SQL Injection Vulnerability (CNVD-2016-06338)

Ruby on Rails Rails is the Rails core team to develop and maintain a set of open source Web application framework based on the Ruby language , which is separated from the United States 37signals, Inc. project management tools Basecamp. Active Record is one of the domain modeling patterns . A SQL...

7.5CVSS7.9AI score0.03903EPSS
Exploits0References1
CNVD
CNVD
•added 2015/02/13 12:0 a.m.•53 views

Radexscript CMS 'SEARCH_TERMS' Parameter SQL Injection Vulnerability

Redaxscript is a free content management system CMS based on PHP and MySQL. The system is mainly used for small businesses and private site builders. A SQL injection vulnerability exists in the 'searchpost' function in the includes/search.php script in Redaxscript versions prior to 2.3.0. A remot...

7.5CVSS8.6AI score0.02397EPSS
Exploits5References1
CNVD
CNVD
•added 2024/03/14 12:0 a.m.•52 views

PHPEMS deserialization vulnerability (CNVD-2024-13536)

PHPEMS is a PHP online mock exam system. PHPEMS has a deserialization vulnerability, the vulnerability arises because there is a function index in app/weixin/controller/index.api.php, which can be exploited by an attacker to cause deserialization via the parameter picurl...

9.8CVSS6.8AI score0.00741EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/22 12:0 a.m.•52 views

Command Execution Vulnerability in Ivanti Connect Secure at Inventec Software Technology (Beijing) Co.

Ivanti Connect Secure is a seamless, cost-effective SSL VPN solution for remote and mobile users. A command execution vulnerability exists in Ivanti Connect Secure by Inwanzi Software Technology Beijing Co. that can be exploited by an attacker to execute arbitrary commands...

9.1CVSS7.8AI score0.99999EPSS
Exploits18
CNVD
CNVD
•added 2024/01/05 12:0 a.m.•52 views

Linux kernel code execution vulnerability (CNVD-2024-14767)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. The vulnerability is due to the aoecmdcfgpkts function in the Linux kernel's ATA over Ethernet AoE driver incorrectly...

7CVSS7AI score0.0041EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/15 12:0 a.m.•52 views

PHP buffer overflow vulnerability (CNVD-2023-64640)

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...

9.8CVSS7.8AI score0.08003EPSS
Exploits3References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•52 views

Microsoft Windows Bluetooth Service Code Execution Vulnerability

Microsoft Windows Bluetooth Service is a Bluetooth driver from Microsoft USA. A security vulnerability exists in Microsoft Windows Bluetooth Service. An attacker could exploit this vulnerability to cause remote code execution...

8.8CVSS9.1AI score0.03217EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•52 views

Google Chrome Crash reporting component buffer overflow vulnerability

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a boundary error in the Crash reporting component when handling untrusted input. A remote attacker could exploit this vulnerability to obtain...

6.5CVSS2.6AI score0.00524EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/30 12:0 a.m.•52 views

Linux kernel denial-of-service vulnerability (CNVD-2023-05410)

Linux kernel, the kernel used by the Linux Foundation's open source operating system Linux, is vulnerable to a denial-of-service attack in versions of Linux kernel prior to 6.1.6. In affected versions of the Linux kernel, a NULL pointer dereference error in the flow control subsystem allows an...

5.5CVSS4.3AI score0.00964EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•52 views

Microsoft Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Microsoft Windows is a windowed operating system developed by Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in Microsoft Windows Malicious Software Removal Tool. An attacker can exploit this vulnerability to gain elevation of privilege...

6.3CVSS6.4AI score0.00378EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•52 views

Hitachi Energy PCM600 Information Disclosure Vulnerability

The Hitachi Energy PCM600 is a simplified management tool for protection and control relays from Hitachi, Japan. An information disclosure vulnerability exists in Hitachi Energy PCM600. The vulnerability stems from where IED credentials are stored in the PCM600 database in plaintext format. An...

7.1CVSS5.6AI score0.00146EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/09 12:0 a.m.•52 views

Linux kernel hid-roccat.c resource management error vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel version 5.19.12 and prior versions, which stems from a contention condition in roccatreportevent in...

4.7CVSS6.4AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/08 12:0 a.m.•52 views

Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2022-67837)

Microsoft Exchange Server is a popular mail service program developed by Microsoft. Microsoft Exchange Server is vulnerable to an elevation of privilege vulnerability, which can be exploited by remote attackers to submit special requests that can obtain sensitive information or elevate privileges...

8.8CVSS4.5AI score0.99945EPSS
Exploits9References1
CNVD
CNVD
•added 2022/08/18 12:0 a.m.•52 views

Apple OS Out-of-Bounds Write Vulnerability

iOS is a mobile operating system developed by Apple Inc. iPadOS full name: iPad Operating System is a family of mobile operating systems developed by Apple Inc. based on iOS. mac OS is a set of operating systems developed by Apple to run on the Macintosh series of computers. Apple iOS, iPadOS, an...

7.8CVSS8.4AI score0.03259EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/18 12:0 a.m.•52 views

Google Android Information Disclosure Vulnerability (CNVD-2022-61744)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a missing permission check in the handleramdump function in pixelloader.c. The vulnerability can be exploited to obtain sensitive...

4.4CVSS1.9AI score0.00103EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/12 12:0 a.m.•52 views

Adobe Acrobat Reader Input Validation Error Vulnerability

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. An input validation error vulnerability exists in Adobe Acrobat Reader that stems from improper input validation and can be exploited by an attacker to cause a memor...

5.5CVSS6AI score0.04055EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/07 12:0 a.m.•52 views

F5 BIG-IP iControl SOAP Directory Traversal Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A directory traversal vulnerability exists in F5 BIG-IP iControl SOAP, which can be exploited by an attacker to send a crafted...

4.3CVSS4.7AI score0.01469EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/15 12:0 a.m.•52 views

Linux Kernel VirtIO Bluetooth driver denial of service vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A denial of service vulnerability exists in the Linux Kernel VirtIO Bluetooth driver, which is caused by a memory leak in the VirtIO Bluetooth driver memory leak in driver/Bluetooth/VirtIObt.c. A local...

5.5CVSS3.4AI score0.00317EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/08 12:0 a.m.•52 views

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10285)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that stems from the SWSMI...

8.2CVSS2.6AI score0.00327EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/18 12:0 a.m.•52 views

mruby code issue vulnerability

mruby is a lightweight implementation of the Ruby language. A denial of service vulnerability exists in mruby that stems from a null pointer dereference in the software, which can be exploited by an attacker to trigger a denial of service...

7.5CVSS7.2AI score0.00963EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/23 12:0 a.m.•52 views

mySCADA myPRO Operating System Command Injection Vulnerability

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands...

10CVSS9.8AI score0.01421EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/12 12:0 a.m.•52 views

Apache Airflow Licensing Issue Vulnerability (CNVD-2022-62076)

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored. Apache Airflow is vulnerable to an authorization issue that stems from a lack of authorization protection on the product's...

9.8CVSS3.8AI score0.80938EPSS
Exploits2References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•53 views

Linux kernel security bypass vulnerability (CNVD-2021-60520)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to defeat the ASLR protection mechanism...

3.3CVSS3.1AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•52 views

Linux kernel denial of service vulnerability (CNVD-2021-60516)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel suffers from a denial of service vulnerability that is caused by an out-of-bounds read flaw in strlen in fs/nfsd/trace.h. A remote attacker can exploit this vulnerability to cause a denial o...

7.5CVSS4.2AI score0.0319EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/03 12:0 a.m.•52 views

OpenWrt Cross-Site Scripting Vulnerability

OpenWrt is a Linux operating system for embedded devices. A cross-site scripting vulnerability exists in the OpenWrt luci web-interface, which stems from insufficient cleanup of user-supplied data when processing hostnames in the OpenWrt luci web-interface. A remote attacker could inject and...

6.1CVSS1.6AI score0.00581EPSS
Exploits0References1
CNVD
CNVD
•added 2021/05/10 12:0 a.m.•52 views

Arbitrary File Read Vulnerability in GlassFish

GlassFish is a robust business compatible application server. GlassFish suffers from an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
•added 2019/04/03 12:0 a.m.•52 views

Apache HTTP Server Local Elevation of Privilege Vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation of an open source web server . A local elevation of privilege vulnerability exists in Apache HTTP Server. An attacker could exploit the vulnerability to gain elevated privileges on an affected application...

7.8CVSS7.1AI score0.65005EPSS
Exploits8References1
CNVD
CNVD
•added 2016/12/26 12:0 a.m.•52 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2016-13232)

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd versions prior to 2.4.25, which stems from the program's failure to properly parse HTTP header...

7.5CVSS8.7AI score0.20952EPSS
Exploits0References1
CNVD
CNVD
•added 2016/12/15 12:0 a.m.•52 views

Multiple Huawei Firewall Denial of Service Vulnerabilities (CNVD-2016-12339)

Huawei Secospace USG6300, Secospace USG6500, Secospace USG6600 are firewall devices from Huawei China. A denial of service vulnerability exists in multiple Huawei firewalls. As part of the memory is not freed after executing a command, a remote attacker with specific privileges can log in to the...

6.5CVSS6.8AI score0.01253EPSS
Exploits2References1
CNVD
CNVD
•added 2016/11/09 12:0 a.m.•52 views

Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2016-10952)

Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A memory corruption vulnerability exists in the scripting engine implementation of Microsoft Edge's handling of in-memory objects, which can be exploited by an attacker via a specially crafted Web site to run...

7.6CVSS6.8AI score0.73289EPSS
Exploits4References1
CNVD
CNVD
•added 2016/11/08 12:0 a.m.•52 views

Dracut Local Information Disclosure Vulnerability

Dracut is an initramfs infrastructure that is primarily used to create initramfs images. Dracut suffers from a local information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...

7.8CVSS6AI score0.00309EPSS
Exploits1References1
CNVD
CNVD
•added 2016/04/30 12:0 a.m.•52 views

Allegro Software Development RomPager Security Bypass Vulnerability

Allegro Software Development RomPager is an embedded Web server toolkit that allows users to manage and control World Wide Web WWW services for network devices such as network printers, switches, and routers using a common Web browser. A security vulnerability in Allegro Software Development...

7.8CVSS9.4AI score0.04437EPSS
Exploits4References1
CNVD
CNVD
•added 2024/10/17 12:0 a.m.•51 views

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41007)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...

4.8CVSS6.4AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•51 views

Code Injection Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

NetScaler ADC is an application delivery controller. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. Both are Citrix products. A code injection vulnerability exists in Citrix NetScaler ADC and...

8.8CVSS8.2AI score0.03191EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/02 12:0 a.m.•51 views

Linux kernel resource management error vulnerability (CNVD-2024-14762)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a confusion in the instructions responsible for freeing memory in the netfilter: nftables component. An...

7.8CVSS7.6AI score0.28058EPSS
Exploits16References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•51 views

Linux kernel code issue vulnerability (CNVD-2024-14763)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a code issue vulnerability that stems from the fact that in the nftbyteordereval function, the code iteratively loops and writes dst0, dst1, dst2, etc., and...

6.6CVSS7AI score0.00241EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/20 12:0 a.m.•51 views

Linux kernel memory misreference vulnerability (CNVD-2023-9933644)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates from a confusion in the instructions of the program responsible for freeing memory. An attacke...

7.8CVSS6.6AI score0.00334EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•51 views

BaserCMS path traversal vulnerability (CNVD-2023-86331)

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A path traversal vulnerability exists in versions of baserCMS prior to 4.8.0, which stems from a lack of validity checking of paths when processing directory requests by the form submission data management...

6.5CVSS6.5AI score0.0097EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/12 12:0 a.m.•51 views

Linux kernel resource management error vulnerability (CNVD-2023-56640)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a resource management error vulnerability that stems from a hash conflict problem. An attacker could exploit this vulnerability to cause a denial ...

5.7CVSS6.3AI score0.00553EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/17 12:0 a.m.•51 views

VMware Harbor Unauthorized Access Vulnerability

Harbor is an open source container image repository project designed for enterprise users. VMware Harbor has an unauthorized access vulnerability, which stems from an access control error in Harbor and can be used by attackers to construct malicious data for unauthorized access attacks without...

7.5CVSS4.4AI score0.06237EPSS
Exploits2References1
Total number of security vulnerabilities5000