Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2017/06/13 12:0 a.m.45 views

Red Hat Undertow Security Bypass Vulnerability

Red Hat Undertow is a web server from Red Hat USA. A security bypass vulnerability exists in Red Hat Undertow. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations...

6.5CVSS6.8AI score0.02712EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/23 12:0 a.m.45 views

Apple macOS Sierra Restricted Memory Read Vulnerability

Apple macOS is a set of operating systems that run on Apple's Macintosh line of computers. Apple macOS Sierra suffers from a restricted memory read vulnerability that can be exploited by remote attackers to build malicious applications that read arbitrary restricted memory...

5.5CVSS6.7AI score0.02321EPSS
Exploits2References1
CNVD
CNVD
added 2016/12/29 12:0 a.m.45 views

Nagios Local Elevation of Privilege Vulnerability (CNVD-2016-13293)

Nagios is an American programmer Ethan Galstad developed a set of open source system status and network information monitoring program. The program provides network service monitoring, host resource monitoring, SMS alerts and other functions. A local exploit exists in Nagios. A local attacker cou...

7.8CVSS7.5AI score0.0115EPSS
Exploits5References1
CNVD
CNVD
added 2016/12/15 12:0 a.m.45 views

OpenJPEG heap buffer overflow vulnerability (CNVD-2016-12658)

OpenJPEG is a C-based open source JPEG 2000 codec . A heap buffer overflow vulnerability exists in OpenJPEG version 2.1.2. An attacker can exploit this vulnerability to execute arbitrary code...

8.8CVSS7.8AI score0.01969EPSS
Exploits1References1
CNVD
CNVD
added 2016/10/27 12:0 a.m.45 views

AlienVault OSSIM and USM SQL Injection Vulnerabilities

AlienVault OSSIM and USM are both products of AlienVault Corporation, U.S.A. OSSIM is an open source security information management system. USM is a security management platform that provides security monitoring, security event management and reporting, and threat awareness system. An SQL...

9.8CVSS7.9AI score0.57425EPSS
Exploits5References1
CNVD
CNVD
added 2016/05/19 12:0 a.m.45 views

Red Hat Satellite SQL Injection Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in the 'sortby' and 'sortorder' parameters...

8.8CVSS7.8AI score0.01835EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/22 12:0 a.m.44 views

Oracle MySQL Server JSON Component Denial of Service Vulnerability

Oracle MySQL Server is an open source relational database management system that provides data storage, querying and management capabilities. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: JSON component to properly handle...

6.5CVSS7.4AI score0.00303EPSS
Exploits0
CNVD
CNVD
added 2025/06/27 12:0 a.m.44 views

D-Link DIR-825 do_file function buffer overflow vulnerability

The D-Link DIR-825 is a router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-825 version 2.03, which originates from the function dofile in the HTTP POST Request Handler component that fails to correctly validate the length and size of the input data, and can b...

9CVSS8.6AI score0.00893EPSS
Exploits1References1
CNVD
CNVD
added 2024/04/11 12:0 a.m.44 views

Microsoft Defender for IoT elevation of privilege vulnerability (CNVD-2024-19331)

Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments. An elevation of privilege vulnerability exists in Microsoft Defender for IoT, which can be exploited by an attacker to escalate privileges...

7.2CVSS7.3AI score0.02291EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.44 views

Apache Doris Security Bypass Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...

5.3CVSS6.9AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
added 2024/02/22 12:0 a.m.44 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11158)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...

5.3CVSS6.5AI score0.01023EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/17 12:0 a.m.44 views

Adobe Premiere Pro Buffer Overflow Vulnerability (CNVD-2023-95451)

Adobe Premiere Pro is a video editing software developed by Adobe for non-linear editing. A buffer overflow vulnerability exists in Adobe Premiere Pro, which can be exploited by an attacker to overflow a buffer and execute arbitrary code on the system or cause the application to crash...

7.8CVSS8.3AI score0.00382EPSS
Exploits0References1
CNVD
CNVD
added 2023/10/26 12:0 a.m.44 views

XSS Vulnerability in PageOffice of Beijing Zhuozheng Zhiyuan Software Co.

PAGEOFFICE is an Internet private cloud OFFICE technology solution independently developed by Zhuozheng Software. PageOffice of Beijing Zhuozheng Zhiyuan Software Co., Ltd. exists XSS vulnerability, attackers can use the vulnerability to obtain sensitive information such as user cookies...

5.8AI score
Exploits0
CNVD
CNVD
added 2023/08/12 12:0 a.m.44 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-63444)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome versions prior to 108.0.5359.71 due to an improper implementation in DevTools. An attacker can use this vulnerability to bypass file access restrictions to install malicious...

6.5CVSS6.5AI score0.00296EPSS
Exploits1References1
CNVD
CNVD
added 2023/08/03 12:0 a.m.44 views

Linux kernel memory misreference vulnerability (CNVD-2023-62923)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates when a user triggers the nftpipaporemove function using an element without NFTSETEXTKEYEND,...

7.8CVSS6.4AI score0.0095EPSS
Exploits0References1
CNVD
CNVD
added 2023/06/28 12:0 a.m.44 views

OpenCart SQL Injection Vulnerability (CNVD-2023-54401)

OpenCart is an open source online shopping system that allows you to build your own online store. The system is simple and easy to use and supports all kinds of data import and export , including product information , user orders , products and so on. Through OpenCart users can easily complete th...

7.2CVSS8.7AI score0.01127EPSS
Exploits1References1
CNVD
CNVD
added 2023/01/17 12:0 a.m.44 views

Netdata Command Injection Vulnerability

Netdata is a high-fidelity infrastructure monitoring and troubleshooting application open-sourced by Netdata. Netdata is vulnerable to a command injection vulnerability that stems from the fact that an attacker who is able to establish a streaming connection can execute arbitrary commands on the...

9.8CVSS3.5AI score0.36171EPSS
Exploits2References1
CNVD
CNVD
added 2022/12/19 12:0 a.m.44 views

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07317)

Adobe Illustrator is a set of vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...

5.5CVSS4.7AI score0.00456EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/29 12:0 a.m.44 views

Arbitrary File Download Vulnerability in Huatian Power OA System

Huatian Power OA system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA system suffers from an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information...

7AI score
Exploits0
CNVD
CNVD
added 2022/11/10 12:0 a.m.44 views

Google Chrome Resource Management Error Vulnerability (CNVD-2022-78154)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from a post-release memory reuse issue in Web Workers. No details of the vulnerability are currently available...

8.8CVSS3.9AI score0.00635EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/09 12:0 a.m.44 views

Siemens Parasolid out-of-bounds read vulnerability

Parasolid is a 3D geometric modeling tool that supports multiple techniques, including solid modeling, direct editing, and free-form surface/table modeling.An out-of-bounds read vulnerability exists in Siemens Parasolid, which can be exploited by attackers to execute code in the context of the...

7.8CVSS4.3AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/09 12:0 a.m.44 views

Aruba Networks ArubaOS Buffer Overflow Vulnerability

Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, is vulnerable to a buffer overflow vulnerability. An attacker could exploit this vulnerability to cause unauthenticated remote code executio...

9.8CVSS6AI score0.01349EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/08 12:0 a.m.44 views

SQL Injection Vulnerability in Huatian Power OA System

Huatian Power OA system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

7.4AI score
Exploits0
CNVD
CNVD
added 2022/10/31 12:0 a.m.44 views

Linux kernel cm4000_cs.c competition condition vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 6.0.6 and earlier versions have a contention condition vulnerability that originates in drivers/char/pcmcia/cm4000cs.c when calling open if cmmopen and cm4000detach, an attacker can exploit...

3.5AI score0.00323EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/17 12:0 a.m.44 views

Linux Kerne code issue vulnerability

The Linux Kernel is the kernel used by the Linux Foundation's open source operating system Linux, which is vulnerable. A local attacker could exploit this vulnerability to cause a system crash, which could affect system availability...

2.6AI score0.00264EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/11 12:0 a.m.44 views

CreativeDream php uploader arbitrary file upload vulnerability

CreativeDream php uploader is an easy-to-use, high-performance file upload script for CreativeDream personal developers. CreativeDream php uploader version 0.3 is vulnerable to arbitrary file uploads, which stem from a lack of valid validation of uploaded files by the application. An attacker cou...

9.8CVSS4.3AI score0.01087EPSS
Exploits1References1
CNVD
CNVD
added 2022/10/10 12:0 a.m.44 views

Multiple MediaTek chip ril denial-of-service vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them available worldwide each year...

7.5CVSS2.1AI score0.00616EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/05 12:0 a.m.44 views

Apache Hadoop Parameter Injection Vulnerability

Apache Hadoop is an open source distributed system infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. Apache Hadoop has a security vulnerability that stems from its...

9.8CVSS1.3AI score0.03259EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.44 views

Oracle Enterprise Manager Base Platform Input Validation Error Vulnerability

Oracle Enterprise Manager Base Platform is a set of local management platform of Oracle Oracle. The platform is primarily used to manage Oracle product deployments. An input validation error vulnerability exists in Oracle Enterprise Manager Base Platform component: Policy Framework version...

8.1CVSS7.8AI score0.00861EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.44 views

Samsung CACertificateInfo Elevation of Privilege Vulnerability

Samsung CACertificateInfo is a system component of Samsung Samsung mobile devices.An elevation of privilege vulnerability exists in Samsung CACertificateInfo, which stems from faulty authentication logic in CACertificateInfo. An attacker could exploit this vulnerability to initiate certain...

8.5CVSS5.2AI score0.00083EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/04 12:0 a.m.44 views

Jenkins Failed Job Deactivator Plugin授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Failed Job Deactivator Plugin...

4.3CVSS1.2AI score0.00553EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.44 views

repo-git-downloader denial-of-service vulnerability

repo-git-downloader is a tool for downloading git repositories. repo-git-downloader v0.1.1 contains a denial of service vulnerability, which stems from the presence of improper regular expressions and can be exploited by attackers to cause a denial of service DOS attack...

7.5CVSS6.2AI score0.01094EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/14 12:0 a.m.44 views

Google Android out-of-bounds read vulnerability (CNVD-2022-53382)

Google Android is a Linux-based open source operating system from Google, Inc. An out-of-bounds read vulnerability exists in Google Android, which stems from a possible out-of-bounds read in hid-lg.c and other USB HID files in lgprobe and related functions due to input validation errors. An...

4.9CVSS2.8AI score0.00198EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/25 12:0 a.m.44 views

ZKEACMS Cross-Site Scripting Vulnerability

ZKEACMS v3.5.2 is a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript programs to steal other users' cookies, etc...

3.5CVSS3.1AI score0.00461EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/24 12:0 a.m.44 views

QEMU Buffer Overflow Vulnerability (CNVD-2023-80120)

QEMU Quick Emulator is a set of simulation processor software. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that stems from an integer overflow in cursoralloc that could lead to a heap buffer overflow. A malicious privileged attacker can exploit this...

8.2CVSS8AI score0.00834EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.44 views

NVIDIA GPU Display Driver for Windows and Linux越界写入漏洞

An out-of-bounds write vulnerability exists in NVIDIA GPU Display Driver for Windows and Linux, which can be exploited by attackers to It can be exploited to cause code execution, denial of service, privilege escalation, information disclosure, and data tampering...

6.9CVSS6.6AI score0.01034EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/05/16 12:0 a.m.44 views

Simple Client Management System SQL注入漏洞(CNVD-2022-57777)

Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Users.php ? f=delete in the post request id parameter...

9.8CVSS4.7AI score0.01603EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/29 12:0 a.m.44 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-33993)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components. Oracle MySQL Server Component: Server: DDL 8.0.28 and earlier versions are vulnerable to an input validation error. An unauthenticated attacker coul...

5.5CVSS2.1AI score0.01257EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.44 views

Microsoft Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Endpoint Configuration Manager. The vulnerability stems from an incorrect programmatic call to an advanced local...

7.8CVSS8.2AI score0.00818EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.44 views

Apache Struts Remote Code Execution Vulnerability (CNVD-2023-02478)

A remote code execution vulnerability exists in Apache Struts, an open source web application architecture for developing Java EE web applications from the Apache Foundation, which stems from the use of mandatory OGNL evaluation in tag attributes for untrusted user input. An attacker could exploi...

9.8CVSS2.8AI score0.85315EPSS
Exploits16References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.44 views

Joomla! SQL Injection Vulnerability (CNVD-2022-64102)

Joomla! is a set of forum components used in the Joomla! content management system. SQL injection vulnerabilities exist in versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0. The vulnerability stems from the application's lack of validation of externally entered SQL statements. An attacker cou...

9.8CVSS4.4AI score0.01059EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.44 views

VMware vCenter Server Information Disclosure Vulnerability (CNVD-2022-55066)

VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. VMware vCenter Server is vulnerable to an information disclosure vulnerability that could be exploited by an attacker with unmanaged access to gain access to sensitive information...

6.5CVSS2.5AI score0.13935EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/25 12:0 a.m.44 views

Linux kernel denial of service vulnerability (CNVD-2022-79428)

Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux.KVM is one of the kernel-based virtual machines. A denial of service vulnerability exists in Linux kernel, which stems from a lack of code cleanup when the deviceadd call fails when adding a partition to...

5.5CVSS5.1AI score0.00336EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.44 views

Foxit PDF Reader pdf Buffer Overflow Vulnerability

Foxit PDF Reader is a PDF reader. Foxit PDF Reader has a security vulnerability that can be exploited by remote attackers to submit a special file request, which induces the user to parse it and can crash the application or execute arbitrary code in the application context...

8.8CVSS9.3AI score0.04687EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/17 12:0 a.m.44 views

October CMS File Upload Vulnerability

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A file upload vulnerability exists in October CMS, which stems from the "Create, Modify, and Delete Site Pages" privilege of the management system, and can be exploited by an attacker t...

8.8CVSS8.9AI score0.01336EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/16 12:0 a.m.44 views

Jenkins Authorization Issues Vulnerability (CNVD-2022-08041)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Publish Over SSH Plugin in 1.22 and earlier versions of the authorization problem vulnerability , the...

6.5CVSS6.7AI score0.00855EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/27 12:0 a.m.44 views

cve-search has an unspecified vulnerability

Cve-Search is a tool that performs local searches for known vulnerabilities. It is used for searching, indexing, correlating and managing software vulnerabilities. cve-search versions prior to 4.1.0 have a security vulnerability that stems from lib/DatabaseLayer.py allowing regular expression...

7.5CVSS4.5AI score0.01874EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.44 views

Adobe Prelude Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92811)

Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to an out-of-bounds memory buffer access...

7.8CVSS4AI score0.0169EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.44 views

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-82956)

Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. Microsoft SharePoint Server has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code...

6.5CVSS3.7AI score0.46339EPSS
Exploits0
CNVD
CNVD
added 2021/09/29 12:0 a.m.44 views

Siemens Solid Edge Buffer Out-of-Bounds Read Vulnerability (CNVD-2021-75889)

Solid Edge is a 3D CAD, parametric feature and synchronous technology solid modeling software. buffer out-of-bounds read vulnerability exists in versions prior to Siemens Solid Edge SE2021MP8. An attacker can exploit the vulnerability to disclose information in the context of the current process...

4.3CVSS3.3AI score0.00935EPSS
Exploits0References1
Total number of security vulnerabilities5000