Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2024/02/02 12:0 a.m.•47 views

Google Chrome WebRTC Module Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome WebRTC module, which stems from a confusion in the instructions responsible for freeing memory in the WebRTC module. An attacker can exploit this vulnerability to execu...

8.8CVSS7.7AI score0.00936EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•47 views

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2024-11162)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...

8.8CVSS8.4AI score0.30801EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•47 views

Microsoft Hyper-V Remote Code Execution Vulnerability (CNVD-2024-11160)

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A remote code execution vulnerability exists in Microsoft Hyper-V, which can be exploited by an attacker to execute arbitrary code on a system...

7.5CVSS8.5AI score0.0395EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/05 12:0 a.m.•47 views

Command Execution Vulnerability in Agile Controller of Huawei Technologies Co.

Agile Controller is an automation controller for a variety of industrial application scenarios. A command execution vulnerability exists in Agile Controller from Huawei Technologies, which can be exploited by an attacker to gain server privileges...

7.5AI score
Exploits0
CNVD
CNVD
•added 2023/06/04 12:0 a.m.•47 views

Linux kernel ntfs_set_ea out-of-bounds read vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.2, which stems from the ntfs3 subsystem failing to check for correctness during a disk read, a...

7.1CVSS6.4AI score0.00545EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/13 12:0 a.m.•47 views

Fortinet FortiOS SSLVPN Remote Code Execution Vulnerability

Fortinet FortiOS is a security operating system from Fortinet, a US-based company dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, anti-virus, VPN, Web content filtering and anti-spam.Fortinet FortiOS SSLVPN remo...

9.8CVSS5.8AI score0.99474EPSS
Exploits11
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•47 views

XWiki Platform Information Disclosure Vulnerability

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. The XWiki Platform suffers from an information disclosure vulnerability that originates from the fact that when using XWiki's "Reset forgotten password" feature, passwords are stored in...

6.5CVSS6.2AI score0.0045EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•47 views

Cross-site scripting vulnerability in Import Files function of multiple Siemens products

Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the...

2.4AI score0.00486EPSS
Exploits0
CNVD
CNVD
•added 2022/09/29 12:0 a.m.•47 views

Strapi SQL Injection Vulnerability

Strapi is an open source content management system CMS. versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerabilit...

8.8CVSS3.5AI score0.01321EPSS
Exploits2References1
CNVD
CNVD
•added 2022/09/19 12:0 a.m.•47 views

Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2022-79412)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.9AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/19 12:0 a.m.•47 views

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07320)

Adobe Illustrator is a software released by Adobe Systems, Inc. for graphics production. An out-of-bounds read vulnerability exists in Adobe Illustrator, which can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...

5.5CVSS4.6AI score0.00351EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•47 views

SAP Business Objects Data Forgery Issue Vulnerability

SAP Business Objects is a business intelligence suite from SAP Germany. A security vulnerability exists in SAP Business Objects version 420 that stems from inadequate input validation. An attacker exploits the vulnerability to submit a malicious request...

5.4CVSS5.4AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•47 views

Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-56704)

Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend, which can be exploited by an authenticated attacker to create a link to a discovery page with reflected Javascript code and send it to other...

5.4CVSS6.3AI score0.00725EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•47 views

Multiple Dahua Products Denial of Service Vulnerabilities

Dahua IPC-HFW2XXX is a series of IP cameras, Dahua IPC-HDBW2XXX is a series of cameras, Dahua ASI7XXXX is a series of face recognition access controllers, and Dahua IPC-HFW2XXX is a series of IP cameras. A denial of service vulnerability exists in several Dahua products, which could be exploited ...

7.4CVSS3.9AI score0.00789EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/24 12:0 a.m.•47 views

ImpressCMS path traversal vulnerability

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a path traversal vulnerability that can be exploited by an authenticated attacker to delete arbitrary files on the system by...

8.1CVSS2.9AI score0.03186EPSS
Exploits3References1
CNVD
CNVD
•added 2022/03/18 12:0 a.m.•47 views

Braintree sanitize-url cross-site scripting vulnerability

Braintree sanitize-url is an open source URL cleanup from Braintree, Inc. A cross-site scripting vulnerability exists in versions prior to Braintree sanitize-url 6.0.0, which stems from a lack of user-supplied data and output data validation filtering in the sanitizeUrl function. An attacker coul...

4.3CVSS6.7AI score0.01423EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/03/16 12:0 a.m.•47 views

IBM Spectrum Copy Data Management Cross-Site Scripting Vulnerability (CNVD-2022-84077)

IBM Spectrum Copy Data Management is an implementation of International Business Machines Corporation IBM to modernize, simplify, and automate data center copy management processes.A cross-site scripting vulnerability exists in IBM Spectrum Copy Data Management versions 2.2.0.0 inclusive through...

3.5CVSS2.9AI score0.00461EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/02/09 12:0 a.m.•47 views

Linux kernel authorization issue vulnerability

Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux. Linux kernel is vulnerable to a security flaw that stems from a problem with the software's permissions restrictions. The vulnerability can be exploited by an attacker to bypass the restrictions of the...

7.8CVSS2.6AI score0.05528EPSS
Exploits12References1
CNVD
CNVD
•added 2022/01/08 12:0 a.m.•47 views

Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02488)

Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An...

6.1CVSS3.4AI score0.02327EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/22 12:0 a.m.•47 views

Command Execution Vulnerability in Sunflower Lite Edition

Sunflower is a free all-in-one remote control management tool software that integrates remote control of computer and cell phone, remote desktop connection, remote boot, remote management, and intranet penetration support. A command execution vulnerability exists in Sunflower Lite, which can be...

7.7AI score
Exploits0
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•47 views

DBeaver XML External Entity Injection Vulnerability

DBeaver is a free multi-platform database tool for developers, Sql programmers, database administrators and analysts from the DBeaver team in the U.S. An XML external entity injection vulnerability exists in DBeaver, which stems from a web-based system or product that does not set the correct...

9.8CVSS3.9AI score0.00902EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/18 12:0 a.m.•47 views

Linux kernel denial-of-service vulnerability (CNVD-2021-93367)

Linux kernel is a computer operating system kernel written in C and assembly language, POSIX-compliant, and distributed under the GNU General Public License. Linux kernel 5.15.2 and earlier versions contain a security vulnerability that can be exploited by attackers to cause a denial of service...

4.6CVSS4.8AI score0.00643EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/09 12:0 a.m.•47 views

Google TensorFlow has an unspecified vulnerability (CNVD-2021-92550)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google, Inc. A security vulnerability exists in versions prior to Google TensorFlow 2.7.0, which stems from an overflow problem in TensorFlow when calculating the output size in the tf.range kernel. No detail...

5.5CVSS3.5AI score0.00202EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/26 12:0 a.m.•47 views

Beijing Tongda Zhicheng Technology Co., Ltd. Heart Tongda OA has file upload vulnerability (CNVD-2021-86805)

Xin Tongda OA is an OA office tool equipped with AI artificial intelligence. Beijing Tongda Zhicheng Technology Co. Xin Tongda OA has a file upload vulnerability, which can be exploited by attackers to gain control of the server...

2.9AI score
Exploits0
CNVD
CNVD
•added 2021/08/13 12:0 a.m.•47 views

Google TensorFlow buffer overflow vulnerability (CNVD-2021-64539)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which could be exploited by an attacker to bind a reference to a null pointer in all operations of type tf.rawops.MatrixSetDiagV to cause undefined...

7.8CVSS2.3AI score0.00167EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/03 12:0 a.m.•47 views

File Upload Vulnerability in UFIDA Nccloud (CNVD-2021-52060)

NC Cloud is a large enterprise digitalization platform launched by UFIDA. A file upload vulnerability exists in UFIDA Nccloud, which can be exploited by an attacker to upload a webshell and gain server privileges...

7.2AI score
Exploits0
CNVD
CNVD
•added 2021/07/02 12:0 a.m.•47 views

Arbitrary File Read Vulnerability in C-Lodop Print Services System

C-Lodop Print Service System is a cloud printing software. An arbitrary file read vulnerability exists in C-Lodop Print Service System, which can be exploited by attackers to obtain sensitive information...

6.9AI score
Exploits0
CNVD
CNVD
•added 2021/06/04 12:0 a.m.•47 views

Minecraft remote code execution vulnerability

Minecraft My World is a sandbox game by Mojang of Sweden. a security vulnerability existed before Minecraft 1.16.1.7, which stems from the BDew BdLib library allowing remote code execution to deserialize untrusted data in ObjectInputStream. No detailed vulnerability details are currently availabl...

9.8CVSS4AI score0.02981EPSS
Exploits0References1
CNVD
CNVD
•added 2016/12/17 12:0 a.m.•47 views

APT-Repository Signature Bypass Vulnerability

APT-Repository is an installation package management library for Linux. APT-Repository suffers from a signature bypass vulnerability that stems from a memory allocation failure during apt-get upgrade, which can be exploited by an attacker to bypass security restrictions and perform unauthorized...

5.9CVSS7AI score0.07308EPSS
Exploits2References1
CNVD
CNVD
•added 2016/08/16 12:0 a.m.•47 views

Ruby on Rails Action View Cross-Site Scripting Vulnerability

Ruby on Rails Rails is a set of open source web application frameworks based on the Ruby language developed and maintained by the Rails core team, which was spun off from Basecamp, a project management tool from 37signals in the U.S.A. David Heinamer Hansen's Action View is one of the code...

6.1CVSS6.6AI score0.03438EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•46 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2026-17912)

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is a suite of operating systems developed for mobile devices.Apple iPadOS is a suite of operating systems for the iPad tablet computer. A security vulnerability exists in...

4.3CVSS5.4AI score0.00636EPSS
Exploits0
CNVD
CNVD
•added 2025/05/22 12:0 a.m.•46 views

CampCodes Online Shopping Portal /my-account.php File SQL Injection Vulnerability

CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /my-account.php. An attacker...

9.8CVSS8.1AI score0.00415EPSS
Exploits1References1
CNVD
CNVD
•added 2024/02/02 12:0 a.m.•46 views

Kingdee CloudStar ERP suffers from deserialization vulnerability

Kingdee Cloudstar is a cloud-based enterprise resource management ERP software that provides integrated solutions for financial management, supply chain management, and business process management. A deserialization vulnerability exists in Kingdee CloudStar ERP, which can be exploited by attacker...

7.8AI score
Exploits0
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•46 views

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-9821890)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. An out-of-bounds read vulnerability exists in Adobe Dimension 3.4.10 and earlier versions, which can be exploited by an attacker to cause a sensitive memory leak...

5.5CVSS6.5AI score0.00424EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/28 12:0 a.m.•46 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2023-42970)

Apache Tomcat is the United States Apache Apache Foundation, a lightweight Web application server. Apache Tomcat suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.6AI score0.51547EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•46 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-18289)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office Visio. An attacker could exploit this vulnerability to execute code on the target host...

7.8CVSS7.8AI score0.00723EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•46 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04324)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00929EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•46 views

Silverstripe framework cross-site scripting vulnerability

Silverstripe framework is an application from Silverstripe New Zealand. Empowering powerful digital teams by creating a platform for digital change. silverstripe framework 4.10.0 and previous versions contain a cross-site scripting vulnerability that stems from the use of jQuery 1.7.2, which is...

3.7AI score0.87218EPSS
Exploits4Affected Software1
CNVD
CNVD
•added 2022/11/17 12:0 a.m.•46 views

Apache SOAP authentication error vulnerability

Apache SOAP is used as a client-side library by the Apache Foundation to invoke SOAP services available elsewhere, and as a server-side tool to implement SOAP-accessible services. an authentication error vulnerability exists in Apache SOAP, which stems from the fact that RPCRouterServlet can be...

9.8CVSS2.9AI score0.02251EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/14 12:0 a.m.•46 views

Jenkins Pipeline SCM API for Blue Ocean Plugin Unauthorized Access Vulnerability

Blue Ocean plugin is an aggregation tool designed for Jenkins Pipeline and of course compatible with free style projects. It graphically visualizes the pipeline process and makes the pipeline more intuitive. Unauthorized access vulnerability in Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25....

6.5CVSS7.2AI score0.00864EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/31 12:0 a.m.•46 views

Google Chrome V8 Code Execution Vulnerability (CNVD-2022-85092)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to execute arbitrary code or cause a denial of service on a system...

8.8CVSS6.9AI score0.0675EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/11 12:0 a.m.•46 views

Bento4 AP4_SttsAtom::Create Denial of Service Vulnerability

Bento4 is an open source C library for reading and writing MP4 files. Bento4 v1.6.0-639 contains a denial of service vulnerability that stems from a memory leak in the AP4SttsAtom::Create method of the mp42hls component. An attacker could exploit the vulnerability to cause a denial of service...

6.5CVSS4.2AI score0.00586EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•46 views

Apache Pulsar Trust Management Issues Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...

5.9CVSS5.9AI score0.0058EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/22 12:0 a.m.•46 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

6.5CVSS7.8AI score0.00947EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•46 views

Samsung App lock authentication error vulnerability

Samsung App lock is an application for Samsung Samsung mobile devices that protects your privacy with password lock, graphical lock, and fingerprint lock.Samsung App lock suffers from an authentication error vulnerability that stems from the lack of proper authentication logic in AppLock, which c...

7.8CVSS1.9AI score0.00104EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/11 12:0 a.m.•46 views

Google Android Information Disclosure Vulnerability (CNVD-2022-61753)

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information leakage vulnerability that could be exploited by attackers to obtain sensitive information...

6.5CVSS3.3AI score0.00477EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/24 12:0 a.m.•46 views

Google Android has an unspecified vulnerability (CNVD-2022-53377)

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which stems from a placeCall in TelecomManager.java, where the application can keep itself running through foreground service importance due to a privilege bypass. The...

7.8CVSS5AI score0.00115EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/08 12:0 a.m.•46 views

Huawei HarmonyOS Buffer Overflow Vulnerability (CNVD-2022-51604)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a memory out-of-bounds read/write issue in the video framework. An attacker exploited...

7.5CVSS7.4AI score0.00616EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/22 12:0 a.m.•46 views

Zimbra Access Control Error Vulnerability

Zimbra Collaboration aka ZCS versions 8.8.15 and 9.0 are vulnerable to an access control error. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles. An unauthenticated attacker could exploit the vulnerability to inje...

5CVSS4.8AI score0.85398EPSS
Exploits2Affected Software1
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•46 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59593)

Microsoft SharePoint is a suite of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing and no details of the vulnerability are currently available...

8CVSS1.5AI score0.01881EPSS
Exploits0References1
Total number of security vulnerabilities5000