Lucene search
K
CnvdMost viewed

130931 matches found

CNVD
CNVD
added 2022/02/16 12:0 a.m.257 views

Tongda2000 SQL Injection Vulnerability

Tongda2000 is a web-based intelligent office system from China Tongda Tongda.A security vulnerability exists in Tongda2000 v11.10, which allows attackers to attack via the DEVICELIST parameter in /mobileseal/getseal.php. No detailed vulnerability details are available at this time...

9.8CVSS5.3AI score0.01194EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.256 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-20176)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel versions prior to 5.16.10 have a security vulnerability that stems from the lack of RNDIS USB validation of the size of the RNDIS MSG SET command. An attacker could exploit this vulnerabilit...

5.5CVSS2.5AI score0.01054EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/25 12:0 a.m.254 views

WordPress Turn off all comments plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed using the PHP language. A cross-site scripting vulnerability exists in the WordPress Turn off all comments plugin, which stems from a failure to clean and escape rows parameters before...

6.1CVSS1.7AI score0.02953EPSS
Exploits2References1
CNVD
CNVD
added 2024/07/05 12:0 a.m.251 views

Apache HTTP Server Code Execution Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to execute scripts in directori...

9.8CVSS9.7AI score0.02456EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.244 views

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2022-41638)

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server 2.4.52 and earlier versions are vulnerable to an input validation error that results from setting LimitXMLRequestBody to allow request bodies larger than 350MB 1M by default on 32-bit systems, which cou...

9.1CVSS1.6AI score0.41861EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.241 views

Atlassian Fisheye and Crucible Information Disclosure Vulnerabilities

Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. An information disclosure vulnerability exists in Atlassian Fisheye and Crucible due to a flaw in the /rest-service-fecru/server-v1 resource. An attacker could use this...

4.3CVSS4.2AI score0.00841EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/13 12:0 a.m.237 views

Adobe InCopy out-of-bounds read vulnerability

Adobe Incopy is a text editing software for authoring from Adobe U.S.A. An out-of-bounds read vulnerability exists in Adobe InCopy, which can be exploited by attackers to execute code in the context of the current user...

7.8CVSS5.3AI score0.02426EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/21 12:0 a.m.235 views

Adobe Animate Out-of-Bounds Read Vulnerability (CNVD-2023-91795)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Animate 23.0.2 and earlier versions, which can be exploited by attackers to obtain sensitive information...

5.5CVSS6.4AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.234 views

Adobe Character Animator 2021 null pointer dereference vulnerability

Adobe Character Animator is a motion capture and animation tool that provides everyone with an easy-to-use solution for intuitive 2D character animation, real-time animation, and easy sharing and publishing of characters. Adobe Character Animator 2021 4.4 and earlier versions are vulnerable to a...

5.5CVSS3.6AI score0.01104EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.225 views

Adobe Photoshop out-of-bounds read vulnerability (CNVD-2022-22097)

Adobe Photoshop is a set of image processing software from the American company Odobi Adobe. Adobe Photoshop is vulnerable to an out-of-bounds read vulnerability that could be exploited by an attacker to cause a memory leak in the context of the current user...

5.5CVSS2.6AI score0.01971EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/08 12:0 a.m.223 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2022-67838)

Microsoft Exchange Server is a popular mail service program developed by Microsoft. Microsoft Exchange Server has a security vulnerability that can be exploited by remote attackers to submit special requests that can execute arbitrary code via PowerShell in the context of an application...

6.7AI score0.99964EPSS
Exploits11
CNVD
CNVD
added 2022/05/31 12:0 a.m.213 views

Jfinal CMS SQL Injection Vulnerability

Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...

9.8CVSS3AI score0.01011EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.210 views

Jenkins Round Corner Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Rundeck Plugin 3.6.10 and earlier versions have a cross-site scripting...

5.4CVSS0.8AI score0.71335EPSS
Exploits0References1
CNVD
CNVD
added 2022/12/04 12:0 a.m.208 views

SQL Injection Vulnerability in Beijing Century Super Star Information Technology Development Co.

Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. Beijing Century Super Star Information Technology Development Limited Liability Company Super Star Huiya Electronic Library...

7.5AI score
Exploits0
CNVD
CNVD
added 2022/05/24 12:0 a.m.203 views

WordPress XML Sitemap Generator Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress XML Sitemap Generator version 2.0.4 has a cross-site scripting vulnerability that can be exploited by attackers to conduct cross-site scriptin...

6.1CVSS1.9AI score0.02205EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/13 12:0 a.m.203 views

Adobe InCopy out-of-bounds write vulnerability (CNVD-2022-04522)

Adobe Incopy is a text editing software for authoring from Adobe U.S.A. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...

7.8CVSS5.9AI score0.02276EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/10 12:0 a.m.199 views

Online Student Admission System Cross-Site Scripting Vulnerability

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A cross-site scripting vulnerability exists in the Online Student Admission System, which stems from an unknown function in its student user...

6.1CVSS5.9AI score0.00439EPSS
Exploits1References1
CNVD
CNVD
added 2022/10/14 12:0 a.m.198 views

Apache Commons Text remote code execution vulnerability

Apache Commons Text is a library focused on string algorithms from the Apache Foundation, U.S. A remote code execution vulnerability exists in Apache Commons Text versions 1.5 through 1.9, which is caused by an insecure interpolation default flaw. An attacker could exploit this vulnerability to...

5.5AI score0.99931EPSS
Exploits41Affected Software1
CNVD
CNVD
added 2021/07/14 12:0 a.m.193 views

Logic Flaw Vulnerability in 51Cloud Real-Time Cloud Rendering Platform

Beijing Five One Vision Digital Twin Technology Co., Ltd 51WORLD is a digital twin platform company. 51cloud real-time cloud rendering platform exists there is a logic flaw vulnerability, attackers can use the vulnerability to overstep the right to modify the account permissions, access to...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/09/15 12:0 a.m.190 views

Adobe Creative Cloud Desktop Application Access Control Error Vulnerability

Adobe Creative Cloud Desktop Application, the management software for various Creative Cloud applications and services, is vulnerable to an access control error in Adobe Creative Cloud Desktop Application 5.4 and earlier, which could be exploited to write to arbitrary file systems...

3.3CVSS2.5AI score0.00472EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/03/16 12:0 a.m.187 views

TP-Link Archer AX21 AX1800 Command Injection Vulnerability

TP-Link Archer AX21 AX1800 is a WIFI6 router from TP-Link.TP-Link Archer AX21 AX1800 suffers from a command injection vulnerability, which stems from unfiltered user input and can be exploited by attackers to construct malicious requests to execute arbitrary commands...

8.8CVSS5.9AI score0.99999EPSS
Exploits7References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.184 views

WordPress Code Snippets plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets plugin cross-site scripting vulnerability, which originates from the &orderby paramet...

6.1CVSS1.6AI score0.00757EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/13 12:0 a.m.182 views

Prison Management System SQL注入漏洞

Prison Management System is a web-based application project developed using PHP and MySQL database.An SQL injection vulnerability exists in Prison Management System version 1.0, which stems from not properly filtering the content "Inmates/viewinmate" id parameter. An attacker can exploit this...

7.5CVSS4.2AI score0.0075EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.179 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-41639)

Apache HTTP Server is an open source web server from the Apache Foundation. A denial-of-service vulnerability exists in Apache HTTP Server 2.4.52 and earlier versions, which stems from a well-designed request body that reads random memory regions and can be exploited by attackers to crash process...

7.5CVSS2.7AI score0.69803EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.178 views

Jenkins SSH Plugin Access Control Error Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins SSH Plugin 2.6.1 and earlier...

6.5CVSS2.2AI score0.008EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.178 views

SQL Injection Vulnerability in UFIDA U8-OA Enterprise Edition (CNVD-2022-31182)

UFIDA Network Technology Corporation is an enterprise cloud services and software provider. A SQL injection vulnerability exists in UFIDA U8-OA Enterprise Edition, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2021/11/10 12:0 a.m.178 views

Adobe InCopy memory buffer out-of-bounds access vulnerability

Adobe InCopy is a professional word processing program from Adobe, integrated with Adobe InDesign. Adobe InCopy 16.4 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker could exploit the vulnerability to execute arbitrary code...

9.3CVSS6.1AI score0.01617EPSS
Exploits0References1
CNVD
CNVD
added 2023/01/31 12:0 a.m.175 views

PHP Development Server Information Disclosure Vulnerability

PHP is a widely used general purpose scripting language that is particularly well suited for web development and can be embedded in HTML.An information disclosure vulnerability exists in PHP Development Server, which stems from a logic flaw in the php cli server begin send static when parsing htt...

6.4AI score
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.175 views

Siemens SICAM A8000 CP-8050 and CP-8031 Unauthorized Access Vulnerability

The SICAM A8000 RTU Remote Terminal Unit series is used for automation applications in all areas of remote control and energy supply. An unauthorized access vulnerability exists in the Siemens SICAM A8000 CP-8050 and CP-8031, which can be exploited by an attacker to access files without...

7.5CVSS6.8AI score0.02446EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.173 views

Apache HTTP Server Access Control Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Access Control Error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause an access contr...

9.1CVSS6.8AI score0.0097EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.168 views

Jenkins Script Security Plugin Cross-Site Request Forgery Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Script Security Plugin...

4.3CVSS0.5AI score0.00572EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.168 views

Adobe Prelude null pointer dereference vulnerability (CNVD-2021-92814)

Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to a null pointer dereference. An attacker...

5.5CVSS3.1AI score0.01186EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.167 views

Jenkins Embeddable Build Status Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin ha...

6.1CVSS1AI score0.00904EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.166 views

Jenkins WMI Windows Agents Plugin Access Control Error Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins WMI Windows Agents Plugin is...

8.8CVSS1.9AI score0.00807EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.165 views

Xiaomi Router AX6000 Information Disclosure Vulnerability

Xiaomi Router AX6000 is a router from Xiaomi China. Xiaomi Router AX6000 1.0.56 previously had an information disclosure vulnerability that stemmed from a routing configuration error, which could be exploited by an attacker to download some of the files in Xiaomi Router AX6000...

5.3CVSS3.3AI score0.00747EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.164 views

Google Android elevation of privilege vulnerability (CNVD-2022-50273)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to elevate privileges...

7CVSS7AI score0.00083EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/15 12:0 a.m.164 views

Adobe InCopy Memory Out-of-Bounds Access Vulnerability (CNVD-2021-82416)

Adobe InCopy is a professional word processing program from Adobe, integrated with Adobe InDesign. Adobe InCopy 11.1 and earlier versions have a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...

6.8CVSS6.6AI score0.01659EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/01/30 12:0 a.m.163 views

Adobe Dimension buffer overflow vulnerability

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe. Adobe Dimension handles files with a buffer overflow vulnerability, which can be exploited by remote attackers to submit special file requests and trick users into parsing them, which can capture sensitive memory information...

5.5CVSS4.7AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.160 views

Jenkins Convertigo Mobile Platform Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery vulnerability...

6.5CVSS1.7AI score0.0057EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/30 12:0 a.m.158 views

PHP Denial of Service Vulnerability

PHP is a scripting language that executes on the server side. A denial of service vulnerability exists in PHP versions prior to 7.4.31, 8.0.0 and later, 8.0.24 and earlier, and 8.1.0 and later, and 8.1.11 and earlier, which stems from the fact that the phar decompressor code recursively...

5.5CVSS7.2AI score0.00565EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/13 12:0 a.m.158 views

Adobe InCopy out-of-bounds write vulnerability

Adobe Incopy is a text editing software for authoring from Adobe U.S.A. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...

7.8CVSS5.9AI score0.02192EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/11 12:0 a.m.157 views

H2 database code issue vulnerability

H2 database is an embeddable Rdbms written in Java . A code issue vulnerability exists in H2 database, which stems from the H2 database's getConnection method taking the driver's class name and the database's URL as parameters, which can be exploited by an attacker to pass the name of the JNDI...

10CVSS9.5AI score0.63211EPSS
Exploits3References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.155 views

Jenkins Embeddable Build Status Plugin路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin 2.0...

7.5CVSS2.6AI score0.01559EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.156 views

Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2022-41640)

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API.A buffer overflow vulnerability exists in Apache HTTP Server, which stems from a networked system or product that does not properly validate data boundaries wh...

9.8CVSS2.6AI score0.50401EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.154 views

Google Android elevation of privilege vulnerability (CNVD-2022-50276)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges...

6.7CVSS7.1AI score0.00111EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.154 views

IBM Spectrum Protect Operations Center信息泄露漏洞(CNVD-2022-48933)

IBM Spectrum Protect Operations Center, an IBM company, provides visual control of the IBM Spectrum Protect environment. IBM Spectrum Protect Operations Center versions 8.1.12 and 8.1.13 are vulnerable to information disclosure vulnerability, which stems from the fact that account passwords may b...

5.5CVSS2.7AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
added 2023/01/12 12:0 a.m.153 views

Microsoft Windows Backup Service Elevation of Privilege Vulnerability (CNVD-2023-02699)

Microsoft Windows Backup Service is an elevation of privilege vulnerability that can be exploited by attackers to elevate privileges...

7.1CVSS5.8AI score0.05327EPSS
Exploits2References1
CNVD
CNVD
added 2021/12/17 12:0 a.m.153 views

Adobe Photoshop Buffer Overflow Vulnerability (CNVD-2022-20502)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger arbitrary code execution...

8AI score
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.152 views

Jenkins Convertigo Mobile Platform Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Convertigo Mobile Platform Plug...

6.5CVSS0.7AI score0.00647EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/22 12:0 a.m.152 views

Linux kernel elevation of privilege vulnerability (CNVD-2022-69204)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability, which stems from watchqueue triggering a memory corruption in the Linux kernel that could be exploited by an attacker to gain elevat...

7.8CVSS3.5AI score0.06197EPSS
Exploits10References1
Total number of security vulnerabilities5000