Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/01/26 12:0 a.m.•60 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-07912)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation. Oracle MySQL Cluster 7.4.34, 7.5.24, 7.6.20, 8.0.27 and earlier versions are vulnerable to an input validation error. An attacker could use this vulnerability to corrupt or...

6.3CVSS4.5AI score0.02686EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/28 12:0 a.m.•60 views

Mozilla Rust has an unspecified vulnerability (CNVD-2022-03124)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. version 0.9.7 before Rust sha2 crate 0.9.8 contains a security vulnerability in which the hash of a long message may be incorrect when the AVX2-accelerated backend is used. No details of the vulnerability are...

9.8CVSS3AI score0.00805EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/12 12:0 a.m.•60 views

Linux kernel memory overwrite vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory overwrite vulnerability exists in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in Linux kernel...

7.8CVSS7.1AI score0.00358EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/05 12:0 a.m.•60 views

Liferay Portal and Liferay DXP code issue vulnerability

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

7.5CVSS1.7AI score0.01202EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/30 12:0 a.m.•60 views

Vinades NukeViet CMS SQL Injection Vulnerability

Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...

9.8CVSS6.3AI score0.01583EPSS
Exploits1References1
CNVD
CNVD
•added 2018/09/14 12:0 a.m.•60 views

Mgetty Buffer Overflow Vulnerability

Mgetty is a getty replacement program for data and fax operations. A buffer overflow vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from a failure of the program to filter the 'mailto' in the 'faxnotifymail' function. parameter in the 'faxnotifymail'...

7.8CVSS7.7AI score0.00448EPSS
Exploits2References1
CNVD
CNVD
•added 2018/09/14 12:0 a.m.•60 views

Apache Syncope Remote Code Execution Vulnerability (CNVD-2018-18784)

Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope uses XSLT to export report data to various formats...

7.2CVSS6.9AI score0.18024EPSS
Exploits4References1
CNVD
CNVD
•added 2017/08/14 12:0 a.m.•60 views

Symantec Messaging Gateway Remote Code Execution Vulnerability (CNVD-2017-28446)

Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A remote code execution vulnerability exists in Symantec Messaging Gateway versions prior to 10.6.3-267. A remote attacker could exploit this...

8.8CVSS9AI score0.35341EPSS
Exploits7References1
CNVD
CNVD
•added 2017/07/03 12:0 a.m.•60 views

ISC BIND Security Bypass Vulnerability (CNVD-2017-12537)

BIND is an open source implementation of the DNS Domain Name System protocol that contains all the software needed to query and respond to domain names. It is the most widely used type of DNS server on the Internet. A security bypass vulnerability exists in ISC BIND. An attacker can exploit this...

7.5CVSS6.8AI score0.18157EPSS
Exploits1References1
CNVD
CNVD
•added 2016/11/02 12:0 a.m.•60 views

Cairo 'cairo-png.c' Integer Overflow Vulnerability

Cairo is a cross-platform open source vector graphics library , it supports in multiple contexts to do 2D drawing , and provides high-quality display and printout . An integer overflow vulnerability exists in Cairo 'cairo-png.c'. An attacker may exploit this issue to crash the affected applicatio...

5.5CVSS7.1AI score0.01995EPSS
Exploits0References1
CNVD
CNVD
•added 2016/10/21 12:0 a.m.•60 views

Libass Arbitrary Code Execution Vulnerability

libass is a lightweight library of functions for rendering subtitles in ASS/SSA format. An arbitrary code execution vulnerability exists in Libass, which can be exploited by a remote attacker to execute arbitrary code...

7.5CVSS8.3AI score0.04227EPSS
Exploits0References1
CNVD
CNVD
•added 2015/10/28 12:0 a.m.•60 views

Multiple Vulnerabilities in OpenStack Object Storage

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace in the U.S. OpenStack Object Storage a.k.a. Swift is one of these programs used to storage project for storing permanent static data. A security...

5CVSS6.5AI score0.02534EPSS
Exploits0References1
CNVD
CNVD
•added 2015/09/23 12:0 a.m.•60 views

Google Android Stagefright Integer Overflow Vulnerability

Stagefright is a media playback service for Android. Stagefright for Google Android suffers from an integer overflow vulnerability when malformed media files are present, which can be exploited by an attacker to execute arbitrary code on an affected device...

10CVSS8.1AI score0.87125EPSS
Exploits6References1
CNVD
CNVD
•added 2015/01/16 12:0 a.m.•60 views

ASUSWRT Backdoor Command Execution Vulnerability

ASUSWRT is the ASUS router firmware. In ASUS WRT versions 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, infosvr's common.c fails to properly check the requested MAC address, which could allow a remote attacker to send a NETCMDIDMANUCMD packet to UDP port 9999, by sending a packet to UDP port 9999, an...

10CVSS7.2AI score0.80731EPSS
Exploits12References1
CNVD
CNVD
•added 2025/03/01 12:0 a.m.•59 views

Ollama Unauthorized Access Vulnerability

Ollama is an open source Large Language Model LLM runtime environment and toolset designed to help developers easily deploy, manage, and use models e.g., DeepSeek, etc.. Ollama suffers from an unauthorized access vulnerability, which is due to the fact that Ollama is not set up with authenticatio...

7.5AI score
Exploits0
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•59 views

Linux kernel code issue vulnerability (CNVD-2024-06235)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from vhostnewmsg in drivers/vhost/vhost.c failing to properly initialize memory in messages passed between a...

5.5CVSS6.3AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/11 12:0 a.m.•59 views

cURL SOCKS5 Heap Overflow Vulnerability

cURL is a network data transfer project. Usually when we say cURL, we mean the cURL command line tool. cURL's underlying use is the libcurl library. A heap overflow vulnerability exists in cURL SOCKS5, which can be exploited by an attacker to construct a malicious hostname and cause code executio...

9.8CVSS7.6AI score0.78483EPSS
Exploits6References1
CNVD
CNVD
•added 2023/07/27 12:0 a.m.•59 views

Samba Information Disclosure Vulnerability (CNVD-2023-64644)

Samba is the standard Windows interoperability program suite for Linux and Unix. Samba suffers from an information disclosure vulnerability. The vulnerability stems from Samba returning the path to the real server-side share at this point, as well as returning the server-side path to the result o...

5.3CVSS6.1AI score0.01185EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/08 12:0 a.m.•59 views

Nacos Jraft Hessian Deserialization Vulnerability

Nacos is an acronym for Dynamic Naming and Configuration Service, a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. A deserialization vulnerability exists in Nacos Jraft Hessian, which can be exploited by...

7AI score
Exploits0References1
CNVD
CNVD
•added 2023/04/23 12:0 a.m.•59 views

Google Android elevation of privilege vulnerability (CNVD-2023-55366)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from improper privilege management in the onNullBinding of the CallScreeningServiceHelper.java component, which can be exploited by an attacker ...

7.8CVSS6.8AI score0.00092EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•59 views

Unspecified Vulnerability in AVEVA Edge

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from AVEVA Software UK. A security vulnerability exists in AVEVA Edge 2020 R2 and prior versions that can be exploited by an attacker to potentially compromise the confidentiality, availability or integrity of the system. Details of...

9.8CVSS9.4AI score0.01133EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•59 views

Amasty Blog Create Post Function Cross-Site Scripting Vulnerability

Amasty Blog is a website page extension for Amasty, Inc. A cross-site scripting vulnerability exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plug-ins, which can be exploited by attackers to inject cross-site code and launch XSS attacks...

5.4CVSS5.2AI score0.00482EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/21 12:0 a.m.•59 views

Online Leave Management System SQL Injection Vulnerability (CNVD-2022-80690)

Online Leave Management System is an online leave management system. version v1.0 of Online Leave Management System has a security vulnerability that originated through the component /admin/?page=user/manageuser&id= found to contain a SQL injection vulnerability. No detailed vulnerability details...

7.2CVSS3AI score0.00726EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•59 views

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-68293)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. ZoneMinder has a cross-site scripting vulnerability, which stems from a lack of input validation and can be exploited by attackers to execute code...

7.6CVSS4AI score0.03689EPSS
Exploits4References1
CNVD
CNVD
•added 2022/09/24 12:0 a.m.•59 views

Linux kernel resource management error vulnerability (CNVD-2022-69191)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel 5.19.10 and earlier versions, which stems from a confusion in the instruction responsible for freeing memory in...

5.5CVSS6.7AI score0.00778EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•59 views

Shenzhen Greenlink Technology Co., Ltd DH2100 has a logic flaw vulnerability

DH2100 is a private cloud product that focuses on simplicity and ease of use. Ltd. DH2100 has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information...

2.9AI score
Exploits0
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•59 views

Samsung CACertificateInfo Elevation of Privilege Vulnerability

Samsung CACertificateInfo is a system component of Samsung Samsung mobile devices.An elevation of privilege vulnerability exists in Samsung CACertificateInfo, which stems from faulty authentication logic in CACertificateInfo. An attacker could exploit this vulnerability to initiate certain...

8.5CVSS5.2AI score0.00083EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/31 12:0 a.m.•59 views

Joomla! path traversal vulnerability (CNVD-2022-64100)

A path traversal vulnerability exists in Joomla! versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from a failure of a web system or product to properly filter special elements in a resource or file path, and can be exploited by remote attackers to send specially crafted .zip...

7.5CVSS4.5AI score0.02007EPSS
Exploits3References1
CNVD
CNVD
•added 2022/03/08 12:0 a.m.•59 views

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2022-20163)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A security vulnerability exists in Subrion CMS 4.2.1, which can be exploited by attackers via the configuration panel...

6.1CVSS3.5AI score0.0163EPSS
Exploits2References1
CNVD
CNVD
•added 2022/02/24 12:0 a.m.•59 views

Linux kernel elevation of privilege vulnerability (CNVD-2022-69197)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a post-release use in the implementation of the RDMA communication manager listener code. By sending a carefully crafted request, an attacker could exploit this...

7.8CVSS3.3AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/09 12:0 a.m.•59 views

Google Tensorflow has an unspecified vulnerability (CNVD-2022-09902)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to trigger a denial of service by changing the SavedModel on disk...

6.5CVSS2.8AI score0.00469EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•59 views

Samba Access Control Error Vulnerability

Samba is a standard Windows interoperability suite for Linux and Unix. Samba is vulnerable to an access control error that could be exploited by an attacker to retrieve plaintext passwords sent over the network...

5.9CVSS3.7AI score0.01752EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•59 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2021-90307)

Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. Microsoft Exchange Server is a remote code execution vulnerability that can be exploited by attackers to remotely execute arbitrary code on the server by sending specially crafted malicious data to the...

8.8CVSS5.5AI score0.90388EPSS
Exploits9References1
CNVD
CNVD
•added 2021/07/23 12:0 a.m.•59 views

Sourcecodester Alumni Management System SQL Injection Vulnerability

Sourcecodester Alumni Management System is a Php, Mysql-based alumni management system from Sourcecodester, Inc. SourceCodester Alumni Management System version 1.0 is vulnerable to SQL injection, which allows remote attacker can exploit this vulnerability to execute arbitrary SQL statements via...

9.8CVSS4.5AI score0.01476EPSS
Exploits1References1
CNVD
CNVD
•added 2021/05/12 12:0 a.m.•59 views

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code injection...

8.8CVSS8.5AI score0.30045EPSS
Exploits5References1
CNVD
CNVD
•added 2021/03/01 12:0 a.m.•59 views

Advantech BB-ESWGP506-2SFP-T Hardcoded Vulnerability

The Advantech BB-ESWGP506-2SFP-T is an application from CHAAdvantech that provides an intelligent electric bus management system. A hard-coded vulnerability in the Advantech BB-ESWGP506-2SFP-T allows remote attackers to exploit the vulnerability to submit a special request, gain unauthorized acce...

10CVSS7.1AI score0.03612EPSS
Exploits0References1
CNVD
CNVD
•added 2018/09/06 12:0 a.m.•59 views

Red Hat WildFly IIOP OpenJDK Subsystem Unauthorized Operation Vulnerability

Red Hat Wildfly formerly known as JBoss Application Server is the United States Red Hat Red Hat a JavaEE-based open source application server. IIOP OpenJDK subsystem is one of the Java-based subsystem. A security vulnerability exists in the IIOP OpenJDK subsystem in Red Hat WildFly versions prior...

5.9CVSS5.8AI score0.01112EPSS
Exploits0References1
CNVD
CNVD
•added 2017/11/24 12:0 a.m.•59 views

ROOT Remote Code Execution Vulnerability

ROOT is a data processing system written in C++. The system can query databases in parallel on workstations or clusters of multi-core machines. rootd daemon is one of the daemons. A remote code execution vulnerability exists in the rootd daemon in ROOT 6.9.03 and earlier. An attacker can exploit...

9CVSS8.2AI score0.0388EPSS
Exploits0References1
CNVD
CNVD
•added 2017/11/09 12:0 a.m.•59 views

Flexense Sync Breeze Enterprise Buffer Overflow Vulnerability

Flexense Sync Breeze Enterprise is a set of file synchronization tools from Flexense Canada. The tool has features such as file management and data synchronization. A buffer overflow vulnerability exists in Flexense Sync Breeze Enterprise version 10.0.28. A remote attacker could exploit this...

9.8CVSS8.1AI score0.22483EPSS
Exploits7References1
CNVD
CNVD
•added 2017/02/10 12:0 a.m.•59 views

Movim User Simulation Vulnerability

Movim is a social networking platform written in PHP and HTML5 based on the XMPP standard protocol. A security vulnerability exists in Movim versions 0.8 through 0.10. The vulnerability exists because the program fails to properly implement "XEP-0280: Message Carbons". A remote attacker can explo...

5.9CVSS7.2AI score0.0094EPSS
Exploits2References1
CNVD
CNVD
•added 2016/07/19 12:0 a.m.•59 views

Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...

8.1CVSS9.3AI score0.55724EPSS
Exploits0References1
CNVD
CNVD
•added 2015/10/30 12:0 a.m.•59 views

Infinite Automation Mango Automation Arbitrary Command Execution Vulnerability

Infinite Automation Mango Automation is the United States Infinite Automation Systems, Inc. of a set of open source Web-based SCADA data acquisition and supervisory control, HMI and automation software. Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430, has an arbitrary...

6.5CVSS8AI score0.03257EPSS
Exploits4References1
CNVD
CNVD
•added 2015/03/25 12:0 a.m.•59 views

cups-filters remove_bad_chars function arbitrary command execution vulnerability

CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...

7.5CVSS7.2AI score0.02958EPSS
Exploits1References1
CNVD
CNVD
•added 2024/11/15 12:0 a.m.•58 views

Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02468)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...

8.8CVSS8.4AI score0.01345EPSS
Exploits0References1
CNVD
CNVD
•added 2024/11/15 12:0 a.m.•58 views

Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02462)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...

8.8CVSS8.4AI score0.01345EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/23 12:0 a.m.•58 views

Remote Code Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co.

Electronic document security management system referred to as: CDG is an electronic document security protection software, the system utilizes the driver layer transparent encryption technology, through the encryption and protection of electronic documents, to prevent the internal staff leakage a...

8AI score
Exploits0
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•58 views

Siemens Parasolid and Solid Edge SE2022 out-of-bounds read vulnerability

Siemens Parasolid is a geometric modeling kernel from Siemens, a German company. Siemens Solid Edge is a 3D CAD software from Siemens, a German company. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. An out-of-bounds read...

7.8CVSS2.6AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•58 views

BDCOM 1704-WGL Information Disclosure Vulnerability

The BDCOM 1704-WGL is a router from BDCOM China. An information disclosure vulnerability exists in the BDCOM 1704-WGL version 2.0.6314, which originates from the file /param.file.tgz in the component Backup File Handler, which is not sufficiently protected for sensitive information and can be...

7.5CVSS7.1AI score0.00723EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•58 views

Mozilla Firefox Injection Vulnerability (CNVD-2023-03055)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an injection vulnerability that stems from a failure to execute the Unsafe-Hashes CSP directive. An attacker could exploit this vulnerability to inject executable script...

8.8CVSS8.5AI score0.00697EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/16 12:0 a.m.•58 views

File Upload Vulnerability in Intelligent Park Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2023-03860)

Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by an attacker to gain server privileges...

7.3AI score
Exploits0
Total number of security vulnerabilities5000