Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/04/07 12:0 a.m.•43 views

Google Chrome Intents Security Bypass Vulnerability

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome Intents, which is caused by insufficient policy enforcement in Intents. An attacker can exploit this vulnerability to bypass security restrictions...

6.5CVSS6.5AI score0.00974EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•43 views

phpstudy-linux SQL Injection Vulnerability

phpstudy-linux is a version of PhpStudy linux, a program integration package for the PHP debugging environment. phpstudy-linux is vulnerable to SQL injection, which can be exploited by attackers to obtain sensitive database information...

7.2AI score
Exploits0
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•43 views

Adobe Connect Access Control Error Vulnerability (CNVD-2023-14294)

Adobe Connect is a software for creating meeting environments from Adobe. Adobe Connect has an access control error vulnerability that can be exploited by attackers to cause security features to be bypassed...

5.3CVSS5AI score0.81875EPSS
Exploits4References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•43 views

Siemens Parasolid and Solid Edge SE2022 out-of-bounds read vulnerability

Siemens Parasolid is a geometric modeling kernel from Siemens, a German company. Siemens Solid Edge is a 3D CAD software from Siemens, a German company. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. An out-of-bounds read...

7.8CVSS2.6AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/10 12:0 a.m.•43 views

Microsoft PowerShell Remote Code Execution Vulnerability

PowerShell is a task automation and configuration management framework developed by Microsoft Corporation USA, consisting of a command line interface shell layer related manuscript language built from . exploit this vulnerability to bypass sandbox restrictions and execute arbitrary code on the...

8.5CVSS4.7AI score0.61605EPSS
Exploits4References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•43 views

Mozilla Thunderbird Resource Management Error Vulnerability (CNVD-2023-03054)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Mozilla Thunderbird suffers from a resource management error vulnerability that stems fro...

9.8CVSS8.7AI score0.00921EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•43 views

Linux kernel L2TP protocol denial of service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in Linux layer2tunnelingprotocol prior to version 6.0, which stems from a flaw in the Linux kernel's Layer 2 Tunneling Protocol, L2TP,...

5.5CVSS5.9AI score0.00172EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•43 views

Google Chrome Live Caption Code Execution Vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Live Caption, which can be exploited by attackers to execute arbitrary code on a system or cause a denial of service...

8.8CVSS7.1AI score0.0083EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/29 12:0 a.m.•43 views

Arbitrary File Download Vulnerability in Huatian Power OA System

Huatian Power OA system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA system suffers from an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information...

7AI score
Exploits0
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•43 views

SAP Manufacturing Execution Path Traversal Vulnerability

SAP Manufacturing Execution is an integrated Manufacturing Execution System MES solution for discrete manufacturing processes from SAP. Enables MES functionality to be customized specifically for the management and control of production environments. A path traversal vulnerability exists in SAP...

7.5CVSS7.5AI score0.0643EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/09 12:0 a.m.•43 views

Linux kernel competition condition issue vulnerability (CNVD-2022-74091)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a contention problem that originates from a contention problem in the perfeventopen function, which can be exploited by local attackers to elevate privileges...

4.2AI score0.0031EPSS
Exploits0
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•43 views

IBM QRadar SIEM Licensing Issue Vulnerability (CNVD-2022-83585)

IBM QRadar SIEM is a solution from IBM America that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. IBM QRadar SI...

5.5CVSS2.5AI score0.00172EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/20 12:0 a.m.•43 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-53246)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An input validation error vulnerability exists in Oracle MySQL version 8.0.28 and prior versions. The vulnerability originates from an attacker with...

6.5CVSS6.1AI score0.01147EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•43 views

SAP BusinessObjects Business Intelligence Platform SQL Injection Vulnerability

SAP Business Objects is a business intelligence suite from SAP Germany. An SQL injection vulnerability exists in SAP BusinessObjects Business Intelligence Platform versions 420 and 430, which can be exploited by an authenticated attacker to query and extract SQL backend data through the BI...

4.9CVSS5AI score0.00387EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•43 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-53367)

Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android, which stems from the fact that the UE and EMM use NAS messages to communicate with each other. The vulnerability can be exploited to remotely crash the modem...

10CVSS5AI score0.03461EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•43 views

DCMTK Denial of Service Vulnerability

DCMTK is a collection of libraries and applications that implement most DICOM standards. Software for inspecting, building and converting DICOM image files, handling offline media, sending and receiving images over a network connection, and demo image storage and worklist servers. a denial of...

7.5CVSS3.8AI score0.01595EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•43 views

Jorani v1.0 SQL Injection Vulnerability

Jorani is a leave management system developed by Benjamin BALET, an individual developer in France. Designed to provide small organizations with a simple workflow for leave and overtime requests. Jorani v1.0 suffers from an SQL injection vulnerability that stems from a lack of valid validation in...

9.8CVSS9.7AI score0.01502EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/25 12:0 a.m.•43 views

ZKEACMS Cross-Site Scripting Vulnerability

ZKEACMS v3.5.2 is a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript programs to steal other users' cookies, etc...

3.5CVSS3.1AI score0.00461EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•43 views

Microsoft Windows Network File System Remote Code Execution Vulnerability (CNVD-2022-74601)

Microsoft Windows Network File System is a file sharing solution from Microsoft that allows you to transfer files between computers running Windows Server and UNIX operating systems using the NFS protocol. Network File System is vulnerable to a remote code execution vulnerability caused by a flaw...

9.8CVSS3.6AI score0.34552EPSS
Exploits1References1
CNVD
CNVD
•added 2022/04/07 12:0 a.m.•43 views

jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability

jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...

3.5CVSS5.1AI score0.71209EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/03/29 12:0 a.m.•43 views

WordPress WP-DownloadManager plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress WP-DownloadManager plugin version 1.68.6...

5.4CVSS1.3AI score0.00544EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/23 12:0 a.m.•43 views

TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53560)

TotoLink N600R is a wireless router from TotoLink, Taiwan, China. TotoLink N600R is vulnerable to command injection, which can be exploited by attackers via the exportOvpn interface of cstecgi.cgi...

9.8CVSS5.2AI score0.03986EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/16 12:0 a.m.•43 views

WordPress Page Builder KingComposer plugin access control error vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Page Builder KingComposer plugin version...

6.1CVSS1.9AI score0.0428EPSS
Exploits4References1
CNVD
CNVD
•added 2022/03/14 12:0 a.m.•44 views

Samsung AppLock licensing issue vulnerability

Samsung AppLock is an application lock for Samsung mobile devices used to lock applications on Android.An authorization issue vulnerability exists in Samsung AppLock, which stems from a lack of authentication measures or insufficient authentication strength for Unprotected Activity in AppLock. An...

4.1CVSS2.9AI score0.00099EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/04 12:0 a.m.•43 views

Google Chrome Omnibox code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Omnibox, which is caused by a confusion in the program's instructions for freeing memory and can be exploited by attackers to execute arbitrary code on the system or cause a denial of service...

8.8CVSS7.2AI score0.00924EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/03 12:0 a.m.•43 views

MaxSite CMS Cross-Site Scripting Vulnerability (CNVD-2022-33826) (CVE-2022-25413)

MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.MaxSite CMS 108 has a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks via the ftags parameter in /admin/pageedit/3...

5.4CVSS3.2AI score0.00485EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/02 12:0 a.m.•43 views

WordPress TI WooCommerce Wishlist plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...

9.8CVSS2.2AI score0.73998EPSS
Exploits2References1
CNVD
CNVD
•added 2022/02/18 12:0 a.m.•43 views

KiCad EDA Buffer Overflow Vulnerability

KiCad Eda is a cross-platform and open source electronic design automation suite from the KiCad community. KiCad EDA is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker with a specially crafted gerber or excellon file to cause code execution...

7.8CVSS5.1AI score0.01643EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/28 12:0 a.m.•43 views

Apache Tomcat permission permission and access control issues vulnerability

Apache Tomcat is a lightweight web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat is vulnerable to privilege permission and access control issues, and an attacker can bypass Apache Tomcat's...

7CVSS2.8AI score0.00692EPSS
Exploits15References1
CNVD
CNVD
•added 2022/01/19 12:0 a.m.•43 views

Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05874)

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

7.5CVSS1.7AI score0.92331EPSS
Exploits6References1
CNVD
CNVD
•added 2022/01/16 12:0 a.m.•43 views

Jenkins Badge Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...

5.4CVSS5.6AI score0.00839EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•43 views

Apache Dubbo Deserialization Vulnerability (CNVD-2022-05106)

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery. Apache Dubbo in version 3.2.11 a...

9.8CVSS2.7AI score0.15313EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•43 views

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10290)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. A buffer overflow vulnerability exists in InsydeH2O, which stems from the SWSMI handler not adequately...

8.2CVSS3.6AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/16 12:0 a.m.•43 views

Apache log4j2 denial of service vulnerability

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j2 suffers from a denial-of-service vulnerability. When improperly configured, an attacker can exploit the vulnerability to cause a denial-of-service attack...

9CVSS4.4AI score0.99977EPSS
Exploits40References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•43 views

Adobe XMP Toolkit SDK Stack Buffer Overflow Vulnerability (CNVD-2021-91984)

Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself.Adobe XMP Toolkit SDK 2021.07 and earlier versions are vulnerable to a stack buffer overflow. An attacker could exploit this vulnerability to execute arbitrary...

9.3CVSS5.8AI score0.036EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/09 12:0 a.m.•43 views

Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84817)

Chrome is a web browsing tool developed by Google. a heap buffer overflow vulnerability exists in WebRTC in versions prior to Google Chrome 94.0.4606.81. An attacker could exploit this vulnerability to exploit heap corruption via a crafted HTML page...

8.8CVSS3.8AI score0.01711EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•43 views

fig2dev stack buffer overflow vulnerability (CNVD-2021-78419)

fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the bezierspline function in genepic.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...

5.5CVSS4.4AI score0.01055EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/08 12:0 a.m.•43 views

Microsoft MSHTML Remote Code Execution Vulnerability

MSHTML also known as Trident is Microsoft's Internet Explorer browser engine, and while MHTML is primarily used in the deprecated Internet Explorer browser, the component is also used in Office applications to render Word, Excel, or PowerPoint documents in A remote code execution vulnerability...

8.8CVSS3.2AI score0.96843EPSS
Exploits38References1
CNVD
CNVD
•added 2021/08/12 12:0 a.m.•43 views

ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...

6.9CVSS3.4AI score0.01198EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/08 12:0 a.m.•43 views

Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability

Cisco Adaptive Security Device Manager ASDM is a simple, GUI-based firewall device management application. a remote code execution vulnerability exists in Cisco Adaptive Security Device Manager ASDM version 9.16.1 and earlier. The vulnerability stems from a lack of proper signature verification o...

9.3CVSS3.5AI score0.19958EPSS
Exploits2References1
CNVD
CNVD
•added 2021/06/30 12:0 a.m.•43 views

ForgeRock AM code issue vulnerability

ForgeRock AM is an open source access management, privilege control platform with widespread use in universities and social organizations.ForgeRock AM is vulnerable to a code issue that could be exploited by an unauthenticated attacker to remotely execute arbitrary code by constructing a special...

10CVSS6.9AI score0.99999EPSS
Exploits8References1
CNVD
CNVD
•added 2021/06/08 12:0 a.m.•43 views

HP PageWide Pro 477dw MFP has an unauthorized access vulnerability

Hewlett-Packard Trading Shanghai Co., Ltd. is a company whose business scope includes computer hardware and software equipment, printing equipment, imaging equipment, communication equipment and so on. An unauthorized access vulnerability exists in HP PageWide Pro 477dw MFP, which can be exploite...

6.8AI score
Exploits0
CNVD
CNVD
•added 2021/05/12 12:0 a.m.•43 views

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code injection...

8.8CVSS8.5AI score0.30045EPSS
Exploits5References1
CNVD
CNVD
•added 2021/01/06 12:0 a.m.•43 views

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30438)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability in prost crate in Mozilla Rust versions prior to 0.6.1, which stems from stack consumption via crafted messages, can be exploited by an attacker to cause a denial of service or remote co...

9.8CVSS7.5AI score0.0326EPSS
Exploits1References1
CNVD
CNVD
•added 2017/12/12 12:0 a.m.•43 views

Xiongmai Technology IP Cameras and DVRs Stack Buffer Overflow Vulnerability

Xiongmai IP Camera Module and DVR are both products of XiongMai, China.Xiongmai IP Camera Module is an IP camera module product.DVR is a hard disk recorder. A stack buffer overflow vulnerability exists in Xiongmai Technology's IP Camera and DVRs that use the NetSurveillance web interface, allowin...

10CVSS7.6AI score0.09216EPSS
Exploits3References1
CNVD
CNVD
•added 2017/11/22 12:0 a.m.•43 views

jqueryFileTree directory traversal vulnerability

jqueryFileTree is a configurable AJAX file browser plugin with jQuery . A directory traversal vulnerability exists in jqueryFileTree 2.1.5 and earlier versions. No detailed vulnerability details are provided at this time...

7.5CVSS6.9AI score0.57608EPSS
Exploits7References1
CNVD
CNVD
•added 2017/11/10 12:0 a.m.•43 views

Roundcube Webmail Arbitrary File Access Vulnerability

RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.1.10, 1.2.x versions prior to 1.2.7, and 1.3.x versions prior to 1.3.3. An...

7.8CVSS6.9AI score0.42831EPSS
Exploits5References1
CNVD
CNVD
•added 2017/01/20 12:0 a.m.•43 views

Memory Corruption Vulnerability in Apple Logic Pro X and GarageBand

Apple Logic Pro x is an official music production and editing software from Apple; GarageBand is a music performance, synthesis, and recording tool for Apple machines. A memory corruption vulnerability exists in Apple Logic Pro X and GarageBand. An attacker could exploit the vulnerabilities to...

8.8CVSS7.7AI score0.01981EPSS
Exploits2References1
CNVD
CNVD
•added 2016/12/26 12:0 a.m.•43 views

Apache HTTP Server Security Bypass Vulnerability (CNVD-2016-13233)

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd versions prior to 2.4.25, which stems from the program's failure to properly parse HTTP header...

7.5CVSS8.2AI score0.13252EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/27 12:0 a.m.•43 views

Apache ActiveMQ Artemis Remote Code Execution Vulnerability

Apache ActiveMQ Artemis is the United States Apache Apache Software Foundation, a project to provide embedded messaging services for Java applications. A remote code execution vulnerability exists in Apache ActiveMQ Artemis. Successful exploitation of this vulnerability could allow an attacker to...

7.2CVSS9.7AI score0.06924EPSS
Exploits0References1
Total number of security vulnerabilities5000