Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/11/24 12:0 a.m.•47 views

Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability

Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...

4.8CVSS2.7AI score0.01015EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/14 12:0 a.m.•47 views

Jenkins Pipeline SCM API for Blue Ocean Plugin Unauthorized Access Vulnerability

Blue Ocean plugin is an aggregation tool designed for Jenkins Pipeline and of course compatible with free style projects. It graphically visualizes the pipeline process and makes the pipeline more intuitive. Unauthorized access vulnerability in Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25....

6.5CVSS7.2AI score0.00864EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•47 views

Cross-site scripting vulnerability in Import Files function of multiple Siemens products

Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the...

2.4AI score0.00486EPSS
Exploits0
CNVD
CNVD
•added 2022/09/29 12:0 a.m.•47 views

Strapi SQL Injection Vulnerability

Strapi is an open source content management system CMS. versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerabilit...

8.8CVSS3.5AI score0.01321EPSS
Exploits2References1
CNVD
CNVD
•added 2022/09/19 12:0 a.m.•47 views

Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2022-79412)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.9AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/19 12:0 a.m.•47 views

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07320)

Adobe Illustrator is a software released by Adobe Systems, Inc. for graphics production. An out-of-bounds read vulnerability exists in Adobe Illustrator, which can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...

5.5CVSS4.6AI score0.00351EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•47 views

SAP Business Objects Data Forgery Issue Vulnerability

SAP Business Objects is a business intelligence suite from SAP Germany. A security vulnerability exists in SAP Business Objects version 420 that stems from inadequate input validation. An attacker exploits the vulnerability to submit a malicious request...

5.4CVSS5.4AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•47 views

Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-56704)

Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend, which can be exploited by an authenticated attacker to create a link to a discovery page with reflected Javascript code and send it to other...

5.4CVSS6.3AI score0.00725EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•47 views

Multiple Dahua Products Denial of Service Vulnerabilities

Dahua IPC-HFW2XXX is a series of IP cameras, Dahua IPC-HDBW2XXX is a series of cameras, Dahua ASI7XXXX is a series of face recognition access controllers, and Dahua IPC-HFW2XXX is a series of IP cameras. A denial of service vulnerability exists in several Dahua products, which could be exploited ...

7.4CVSS3.9AI score0.00789EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/24 12:0 a.m.•47 views

ImpressCMS path traversal vulnerability

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a path traversal vulnerability that can be exploited by an authenticated attacker to delete arbitrary files on the system by...

8.1CVSS2.9AI score0.03186EPSS
Exploits3References1
CNVD
CNVD
•added 2022/03/18 12:0 a.m.•47 views

Braintree sanitize-url cross-site scripting vulnerability

Braintree sanitize-url is an open source URL cleanup from Braintree, Inc. A cross-site scripting vulnerability exists in versions prior to Braintree sanitize-url 6.0.0, which stems from a lack of user-supplied data and output data validation filtering in the sanitizeUrl function. An attacker coul...

4.3CVSS6.7AI score0.01423EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/03/16 12:0 a.m.•47 views

IBM Spectrum Copy Data Management Cross-Site Scripting Vulnerability (CNVD-2022-84077)

IBM Spectrum Copy Data Management is an implementation of International Business Machines Corporation IBM to modernize, simplify, and automate data center copy management processes.A cross-site scripting vulnerability exists in IBM Spectrum Copy Data Management versions 2.2.0.0 inclusive through...

3.5CVSS2.9AI score0.00461EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/01/26 12:0 a.m.•47 views

Moodle SQL Injection Vulnerability (CNVD-2022-09258)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle 3.11 through 3.11.4 suffers from a SQL injection vulnerability that stems from insufficient cleaning of user-supplied data in th...

9.8CVSS9.6AI score0.44918EPSS
Exploits4References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•47 views

Apache Kylin OS Command Injection Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis OLAP on top of Hadoop/Spark. Apache kylin is vulnerable to operating system command injection, which stems from the fact tha...

9.8CVSS2.6AI score0.88614EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/05 12:0 a.m.•47 views

ZOHO ManageEngine ADSelfService Plus has an unspecified vulnerability (CNVD-2022-02473)

A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability stems from build 6116 of ManageEngine ADSelfService Plus containing an observable...

5.3CVSS1.6AI score0.069EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•47 views

DBeaver XML External Entity Injection Vulnerability

DBeaver is a free multi-platform database tool for developers, Sql programmers, database administrators and analysts from the DBeaver team in the U.S. An XML external entity injection vulnerability exists in DBeaver, which stems from a web-based system or product that does not set the correct...

9.8CVSS3.9AI score0.00902EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/29 12:0 a.m.•47 views

Gerapy Authentication Remote Command Execution Vulnerability

Gerapy is a crawler framework based on the Scrapy Scrapyd Scrapyd Client Scrapyd API Django. Gerapy authenticates remote command execution vulnerabilities, which can be exploited by attackers to gain control of the server...

9CVSS5.1AI score0.0765EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/18 12:0 a.m.•47 views

Linux kernel denial-of-service vulnerability (CNVD-2021-93367)

Linux kernel is a computer operating system kernel written in C and assembly language, POSIX-compliant, and distributed under the GNU General Public License. Linux kernel 5.15.2 and earlier versions contain a security vulnerability that can be exploited by attackers to cause a denial of service...

4.6CVSS4.8AI score0.00643EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/09 12:0 a.m.•47 views

Google TensorFlow has an unspecified vulnerability (CNVD-2021-92550)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google, Inc. A security vulnerability exists in versions prior to Google TensorFlow 2.7.0, which stems from an overflow problem in TensorFlow when calculating the output size in the tf.range kernel. No detail...

5.5CVSS3.5AI score0.00202EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/13 12:0 a.m.•47 views

Google TensorFlow buffer overflow vulnerability (CNVD-2021-64539)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which could be exploited by an attacker to bind a reference to a null pointer in all operations of type tf.rawops.MatrixSetDiagV to cause undefined...

7.8CVSS2.3AI score0.00167EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/03 12:0 a.m.•47 views

File Upload Vulnerability in UFIDA Nccloud (CNVD-2021-52060)

NC Cloud is a large enterprise digitalization platform launched by UFIDA. A file upload vulnerability exists in UFIDA Nccloud, which can be exploited by an attacker to upload a webshell and gain server privileges...

7.2AI score
Exploits0
CNVD
CNVD
•added 2021/07/02 12:0 a.m.•47 views

Arbitrary File Read Vulnerability in C-Lodop Print Services System

C-Lodop Print Service System is a cloud printing software. An arbitrary file read vulnerability exists in C-Lodop Print Service System, which can be exploited by attackers to obtain sensitive information...

6.9AI score
Exploits0
CNVD
CNVD
•added 2021/06/04 12:0 a.m.•47 views

Minecraft remote code execution vulnerability

Minecraft My World is a sandbox game by Mojang of Sweden. a security vulnerability existed before Minecraft 1.16.1.7, which stems from the BDew BdLib library allowing remote code execution to deserialize untrusted data in ObjectInputStream. No detailed vulnerability details are currently availabl...

9.8CVSS4AI score0.02981EPSS
Exploits0References1
CNVD
CNVD
•added 2021/01/06 12:0 a.m.•47 views

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30438)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability in prost crate in Mozilla Rust versions prior to 0.6.1, which stems from stack consumption via crafted messages, can be exploited by an attacker to cause a denial of service or remote co...

9.8CVSS7.5AI score0.0326EPSS
Exploits1References1
CNVD
CNVD
•added 2018/11/07 12:0 a.m.•47 views

nginx denial of service vulnerability (CNVD-2018-22805)

nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server. A security vulnerability exists in the HTTP/2 implementation of nginx versions prior to 1.15.6 and 1.14.1. An attacker can exploit the vulnerability to consume a large amount of memory space...

7.8CVSS6.6AI score0.47057EPSS
Exploits0References1
CNVD
CNVD
•added 2017/11/25 12:0 a.m.•47 views

Python package pysaml2 information disclosure vulnerability

The Python package pysaml2 is a Python based implementation of the SAML protocol for exchanging authentication and authorization data between security domains. An information disclosure vulnerability exists in Python package pysaml2 4.4.0 and earlier. An attacker can exploit this vulnerability to...

5.3CVSS6.5AI score0.00905EPSS
Exploits0References1
CNVD
CNVD
•added 2017/06/15 12:0 a.m.•47 views

Microsoft Internet Explorer and Microsoft Edge Information Disclosure Vulnerability (CNVD-2017-12102)

Microsoft Internet Explorer IE and Microsoft Edge are both web browsers developed by the American company Microsoft. The former is the default browser that came with operating systems before Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10...

6.5CVSS5.9AI score0.14265EPSS
Exploits0References1
CNVD
CNVD
•added 2017/01/20 12:0 a.m.•47 views

Memory Corruption Vulnerability in Apple Logic Pro X and GarageBand

Apple Logic Pro x is an official music production and editing software from Apple; GarageBand is a music performance, synthesis, and recording tool for Apple machines. A memory corruption vulnerability exists in Apple Logic Pro X and GarageBand. An attacker could exploit the vulnerabilities to...

8.8CVSS7.7AI score0.01981EPSS
Exploits2References1
CNVD
CNVD
•added 2016/11/11 12:0 a.m.•47 views

Python Cryptography Security Bypass Vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security bypass vulnerability in Python Cryptography versions prior to 1.5.3 allows attackers to bypass...

7.5CVSS6.9AI score0.03399EPSS
Exploits0References1
CNVD
CNVD
•added 2016/08/16 12:0 a.m.•47 views

Ruby on Rails Action View Cross-Site Scripting Vulnerability

Ruby on Rails Rails is a set of open source web application frameworks based on the Ruby language developed and maintained by the Rails core team, which was spun off from Basecamp, a project management tool from 37signals in the U.S.A. David Heinamer Hansen's Action View is one of the code...

6.1CVSS6.6AI score0.03438EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•46 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2026-17912)

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is a suite of operating systems developed for mobile devices.Apple iPadOS is a suite of operating systems for the iPad tablet computer. A security vulnerability exists in...

4.3CVSS5.4AI score0.00636EPSS
Exploits0
CNVD
CNVD
•added 2025/05/22 12:0 a.m.•46 views

CampCodes Online Shopping Portal /my-account.php File SQL Injection Vulnerability

CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /my-account.php. An attacker...

9.8CVSS8.1AI score0.00415EPSS
Exploits1References1
CNVD
CNVD
•added 2024/02/02 12:0 a.m.•46 views

Kingdee CloudStar ERP suffers from deserialization vulnerability

Kingdee Cloudstar is a cloud-based enterprise resource management ERP software that provides integrated solutions for financial management, supply chain management, and business process management. A deserialization vulnerability exists in Kingdee CloudStar ERP, which can be exploited by attacker...

7.8AI score
Exploits0
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•46 views

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-9821890)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. An out-of-bounds read vulnerability exists in Adobe Dimension 3.4.10 and earlier versions, which can be exploited by an attacker to cause a sensitive memory leak...

5.5CVSS6.5AI score0.00424EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/28 12:0 a.m.•46 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2023-42970)

Apache Tomcat is the United States Apache Apache Foundation, a lightweight Web application server. Apache Tomcat suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.6AI score0.51547EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/10 12:0 a.m.•46 views

Google Android Kernel elevation of privilege vulnerability (CNVD-2023-12019)

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in veritytarget in dm-verity-target.c of the Google Android Kernel, which stems from the program not properly checking for privileges. An attacker could exploit the vulnerabili...

6.7CVSS6.8AI score0.00485EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•46 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-18289)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office Visio. An attacker could exploit this vulnerability to execute code on the target host...

7.8CVSS7.8AI score0.00723EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•46 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04324)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00929EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•46 views

Buildah has unspecified vulnerabilities

Bulidah is an open source, Linux-based tool from Containers open source. It is used to build containers that are compatible with the Open Container Initiative OCI.Containers Buildah suffers from a security vulnerability. An attacker could exploit the vulnerability to cause local path and...

3.3CVSS3.5AI score0.00238EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•46 views

Silverstripe framework cross-site scripting vulnerability

Silverstripe framework is an application from Silverstripe New Zealand. Empowering powerful digital teams by creating a platform for digital change. silverstripe framework 4.10.0 and previous versions contain a cross-site scripting vulnerability that stems from the use of jQuery 1.7.2, which is...

3.7AI score0.87218EPSS
Exploits4Affected Software1
CNVD
CNVD
•added 2022/11/17 12:0 a.m.•46 views

Apache SOAP authentication error vulnerability

Apache SOAP is used as a client-side library by the Apache Foundation to invoke SOAP services available elsewhere, and as a server-side tool to implement SOAP-accessible services. an authentication error vulnerability exists in Apache SOAP, which stems from the fact that RPCRouterServlet can be...

9.8CVSS2.9AI score0.02251EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/31 12:0 a.m.•46 views

Google Chrome V8 Code Execution Vulnerability (CNVD-2022-85092)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to execute arbitrary code or cause a denial of service on a system...

8.8CVSS6.9AI score0.0675EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/11 12:0 a.m.•46 views

Nasm buffer overflow vulnerability (CNVD-2022-69151)

Nasm is an open source programming tool software. A buffer overflow vulnerability exists in Nasm v2.16, which stems from the inclusion of a stack overflow in the Ndisasm component. No detailed vulnerability details are provided at this time...

5.5CVSS5.6AI score0.00297EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•46 views

ASUS RT-AX56U Buffer Overflow Vulnerability

ASUS RT-AX56U is a wireless router from ASUS, China.ASUS RT-AX56U Router firmware version 3.0.0.4.386.44266 has a buffer overflow vulnerability, which stems from the strcat function's lack of length checks for user input data, which can be exploited by attackers to remotely execute commands...

8.8CVSS7.2AI score0.01344EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•46 views

Apache Pulsar Trust Management Issues Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...

5.9CVSS5.9AI score0.0058EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/22 12:0 a.m.•46 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

6.5CVSS7.8AI score0.00947EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•46 views

Samsung App lock authentication error vulnerability

Samsung App lock is an application for Samsung Samsung mobile devices that protects your privacy with password lock, graphical lock, and fingerprint lock.Samsung App lock suffers from an authentication error vulnerability that stems from the lack of proper authentication logic in AppLock, which c...

7.8CVSS1.9AI score0.00104EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/11 12:0 a.m.•46 views

Google Android Information Disclosure Vulnerability (CNVD-2022-61753)

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information leakage vulnerability that could be exploited by attackers to obtain sensitive information...

6.5CVSS3.3AI score0.00477EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/24 12:0 a.m.•46 views

Google Android has an unspecified vulnerability (CNVD-2022-53377)

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which stems from a placeCall in TelecomManager.java, where the application can keep itself running through foreground service importance due to a privilege bypass. The...

7.8CVSS5AI score0.00115EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/09 12:0 a.m.•46 views

Wolters Kluwer TeamMate Audit SQL Injection Vulnerability

Wolters Kluwer TeamMate Audit is a cloud-based audit management tool from Wolters Kluwer Netherlands. A SQL injection vulnerability exists in Wolters Kluwer TeamMate Audit version 28.0.19.0, which stems from a lack of filtering and escaping of SQL data in search forms. An attacker could use this...

8.8CVSS3.3AI score0.01001EPSS
Exploits1References1
Total number of security vulnerabilities5000