Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/05/05 12:0 a.m.41 views

JetBrains Rider Code Injection Vulnerability

JetBrains Rider is a cross-platform integrated development environment IDE from Czech company Jetbrains. versions prior to JetBrains Rider 2022.1 contain a code injection vulnerability that could be exploited by attackers to execute native code via a link in the ReSharper quick documentation...

7.7CVSS6.7AI score0.0022EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.41 views

Microsoft Windows DiskUsage.exe remote code execution vulnerability

Microsoft Windows DiskUsage.exe is a remote code execution vulnerability in Microsoft Windows, an operating system used by personal devices. The vulnerability stems from the failure of a network system or product to properly filter special elements in code segments constructed from external input...

7.5CVSS4.4AI score0.01645EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.41 views

Microsoft Windows Cluster Shared Volume (CSV) 拒绝服务漏洞

Microsoft Windows Cluster Shared Volume is a feature of Microsoft Corporation USA. A denial of service vulnerability exists in Microsoft Windows Cluster Shared Volume CSV, which can be exploited by attackers to cause a denial of service condition...

6.5CVSS4.1AI score0.02292EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.41 views

Microsoft Windows Common Log File System Driver权限提升漏洞

Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System CLFS API that provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An elevation-of-privilege...

7.8CVSS3AI score0.07304EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.41 views

Microsoft .NET Framework Denial of Service Vulnerability (CNVD-2022-60136)

Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a Windows Store, Windows Phone, Windows Server, and Microsoft Azure applications. The platform includes the C and Visual Basic programming languages, a public language runtime library,...

7.5CVSS7.1AI score0.0328EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.41 views

nconf has unspecified vulnerabilities

nconf is a TOML-formatted plugin. nconf versions prior to 0.11.4 have a security vulnerability that stems from the .set function, which is responsible for setting configuration properties, being vulnerable to prototype contamination, which can be exploited by attackers to override JavaScript...

7.5CVSS3.3AI score0.01753EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/29 12:0 a.m.41 views

Synology DiskStation Manager Buffer Overflow Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A buffer overflow vulnerability exists in Synology DiskStation Manager DSM,...

9.8CVSS9.8AI score0.02285EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.41 views

Red Hat 389 Directory Server Code Issue Vulnerability

Red Hat 389 Directory Server formerly known as Fedora Directory Server is an enterprise-class Linux directory server from Red Hat, Inc. The server fully supports the LDAPv3 specification and features scalable, multi-master replication, etc. A security vulnerability exists in Red Hat 389 Directory...

6.5CVSS1.3AI score0.01531EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.41 views

TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20073)

A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 version 2.3.8, which originates from the /cloudconfig/routerpost/resetcloudpwd function when executing operations on memory An authenticated attacker could use this vulnerability to execute arbitrary code on the system via a...

10CVSS7.6AI score0.02413EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.41 views

libxml2 Resource Management Error Vulnerability (CNVD-2022-21487)

libxml2 is an open source library for parsing XML documents. It is written in C and can be called by multiple languages, such as C, C, XSH. libxml2 suffers from a resource management error vulnerability that can be exploited by attackers to threaten alerts that affect software or systems...

7.5CVSS3.5AI score0.0601EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.41 views

Linux kernel buffer overflow vulnerability (CNVD-2022-13357)

Linux kernel is the kernel used by the Linux Foundation's open-source operating system, Linux.KVM is one of the kernel-based virtual machines. Linux kernel suffers from a buffer overflow vulnerability that stems from a use-after-free vulnerability found in rtsxusbmsdrvremove in...

5.5CVSS6.3AI score0.00424EPSS
Exploits3References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.41 views

Linux kernel information disclosure vulnerability (CNVD-2022-13356)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an information disclosure vulnerability that stems from a vulnerability found in the Linux kernel's eBPF validation program when dealing with...

5.5CVSS5.7AI score0.00255EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/08 12:0 a.m.41 views

Multiple Siemens Industrial Products Denial of Service Vulnerabilities

SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...

7.5CVSS7.5AI score0.0206EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/27 12:0 a.m.41 views

QEMU Elevation of Privilege Vulnerability (CNVD-2022-84163)

QEMU is a suite of emulation processor software from Fabrice Bellard, a French personal developer. The software is fast and cross-platform.QEMU suffers from an elevation of privilege vulnerability, which stems from a flaw found in the QEMU virtio-fs shared file system daemon implementation. An...

7.8CVSS3.9AI score0.0101EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.41 views

HDF5 Denial of Service Vulnerability (CNVD-2022-07232)

HDF5 is a suite of tools for managing and storing different types of data from HDF, Inc. The product supports managing, manipulating, viewing and analyzing data, and generating files in portable formats.A security vulnerability exists in HDF5 v1.13.1-1, which stems from a heap-release-after-reuse...

8.8CVSS2.5AI score0.01164EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.41 views

An unspecified vulnerability exists in vim (CNVD-2022-20698)

Vim is a UNIX-based editor. vim has a security vulnerability that stems from a heap-based buffer overflow in vim. No detailed vulnerability details are currently available...

7.8CVSS3.6AI score0.01687EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/11 12:0 a.m.41 views

Google Android Information Disclosure Vulnerability (CNVD-2022-05479)

Google Android is a Linux-based open-source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that stems from a configuration error in the network system or product during operation. An attacker could use the vulnerability to obtain sensiti...

5.5CVSS2.4AI score0.0018EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/11 12:0 a.m.41 views

Google Android Input Validation Error Vulnerability (CNVD-2022-06151)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android 11 is vulnerable to an input validation error, which stems from a network system or product that does not properly validate input data. No details of the vulnerability are currently available...

7.8CVSS2.8AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/06 12:0 a.m.41 views

Shopware Open Redirect Vulnerability

Shopware is a set of open source e-commerce software from the German company Shopware. shopware has an open redirect vulnerability in versions prior to 5.7.7, which stems from incomplete URL handling in shopware routing and can be exploited by attackers to redirect users to arbitrary websites...

6.8CVSS2.9AI score0.00774EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/27 12:0 a.m.41 views

cve-search has an unspecified vulnerability

Cve-Search is a tool that performs local searches for known vulnerabilities. It is used for searching, indexing, correlating and managing software vulnerabilities. cve-search versions prior to 4.1.0 have a security vulnerability that stems from lib/DatabaseLayer.py allowing regular expression...

7.5CVSS4.5AI score0.01874EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/19 12:0 a.m.41 views

crocoblock JetEngine code issue vulnerability

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine versions prior to 2.9.1 are vulnerable to a code issue that stems from the application's inability to properly validate and clean up form data. An attacker...

8.8CVSS3.8AI score0.01095EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/08 12:0 a.m.41 views

Google Chrome autofill security bypass vulnerability (CNVD-2021-100607)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to bypass security restrictions...

6.5CVSS4.7AI score0.01192EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/30 12:0 a.m.41 views

ZOHO ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates incident management, problem management, asset management IT project management, procurement and contract management and oth...

9.8CVSS9.8AI score0.93514EPSS
Exploits6References1
CNVD
CNVD
added 2021/11/22 12:0 a.m.41 views

Lantronix PremierWave 2050 Path Traversal Vulnerability (CNVD-2022-01596)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to a path traversal vulnerability caused by a lack of filtering and escaping of path parameters by the Web Manager FSBrowsePage feature. An...

4.3CVSS2.8AI score0.01876EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.41 views

Adobe Bridge Memory Corruption Vulnerability (CNVD-2022-67851)

Adobe Bridge is a free digital asset management application from Adobe. 11.1.1 and earlier versions of Adobe Bridge contain a memory corruption vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS6.1AI score0.01666EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/09 12:0 a.m.41 views

IBM Sterling File Gateway Cross-Site Scripting Vulnerability (CNVD-2021-78438)

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.54, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.2...

6.1CVSS3.1AI score0.00616EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/19 12:0 a.m.41 views

Weak Password Vulnerability in Smart Camera of Shenzhen Anjiavision Information Technology Co.

Shenzhen Anjoy Vision Information Technology Co., Ltd. hereinafter referred to as: Anjoy Vision is a high-tech enterprise integrating R&D, production, sales and service. Shenzhen Anjoy Vision Information Technology Co., Ltd. smart camera has a weak password vulnerability, which can be exploited b...

7.1AI score
Exploits0
CNVD
CNVD
added 2021/08/10 12:0 a.m.41 views

Linux kernel denial-of-service vulnerability (CNVD-2021-60515)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a null pointer dereference and OOPS flaw in arch/powerpc/perf/core-book3s.c. By sending a constructed perf record command, an authenticated local attacker can exploit th...

5.5CVSS2.8AI score0.00255EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/10 12:0 a.m.41 views

Linux kernel denial-of-service vulnerability (CNVD-2021-60518)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a deadlock flaw in btrfs when there is not enough free space in system spaceinfo. A local attacker can exploit this vulnerability to cause a denial of service situation...

5.5CVSS2.6AI score0.00365EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/29 12:0 a.m.41 views

Linux kernel information disclosure vulnerability (CNVD-2021-60526)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to an excessive amount of data output in the Linux kernel functions, which allows user-state applications to read the contents of a sigpage, thereby leaking the contents o...

4CVSS2AI score0.00529EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/23 12:0 a.m.41 views

Command execution vulnerability exists in SEACMS (CNVD-2021-46592)

SeaCMS Ocean CMS is a professional open source free PHP film and television system. A command execution vulnerability exists in SEACMS, which can be exploited by attackers to gain control of the server...

7.6AI score
Exploits0
CNVD
CNVD
added 2021/06/04 12:0 a.m.41 views

Apache HTTP Server Stack Overflow Vulnerability

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. Apache HTTP Server is vulnerable to a per-zero-byte stack overflow in modauthdigest, which can be exploited to trigger remote code execution or...

7.3CVSS3AI score0.53191EPSS
Exploits0References1
CNVD
CNVD
added 2021/01/06 12:0 a.m.41 views

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30438)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability in prost crate in Mozilla Rust versions prior to 0.6.1, which stems from stack consumption via crafted messages, can be exploited by an attacker to cause a denial of service or remote co...

9.8CVSS7.5AI score0.0326EPSS
Exploits1References1
CNVD
CNVD
added 2020/10/28 12:0 a.m.41 views

Exim Input Validation Error Vulnerability

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. An input validation error vulnerability exists in Exim versions 4.87 through 4.91. The vulnerability stems from a network system or product that does not properly validate incoming data. No...

10CVSS9.3AI score0.99961EPSS
Exploits27References1
CNVD
CNVD
added 2020/07/03 12:0 a.m.41 views

Unspecified Vulnerability in CloudBees Jenkins Zephyr for JIRA Test Management Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr for JIRA Test Management Plugin is used...

4.3CVSS6.5AI score0.00656EPSS
Exploits0
CNVD
CNVD
added 2017/11/10 12:0 a.m.41 views

Roundcube Webmail Arbitrary File Access Vulnerability

RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.1.10, 1.2.x versions prior to 1.2.7, and 1.3.x versions prior to 1.3.3. An...

7.8CVSS6.9AI score0.42831EPSS
Exploits5References1
CNVD
CNVD
added 2017/04/10 12:0 a.m.41 views

Google Android HTC OEM fastboot command elevation of privilege vulnerability

Google Android is a mobile operating system based on the Linux open kernel. Google Android has a security vulnerability in the HTC OEM fastboot command implementation, which allows remote attackers to exploit the vulnerability to submit special applications with elevated privileges...

7.6CVSS6.9AI score0.02087EPSS
Exploits3References1
CNVD
CNVD
added 2017/01/20 12:0 a.m.41 views

Apache NiFi Cross-Site Scripting Vulnerability

Apache NiFi is an automated solution for data transfer between systems. Apache NiFi suffers from a cross-site scripting vulnerability in the connection details dialog box, which allows an attacker to inject malicious code into the affected site...

5.4CVSS6.5AI score0.0176EPSS
Exploits1References1
CNVD
CNVD
added 2016/12/26 12:0 a.m.41 views

Apache HTTP Server Security Bypass Vulnerability (CNVD-2016-13233)

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd versions prior to 2.4.25, which stems from the program's failure to properly parse HTTP header...

7.5CVSS8.2AI score0.13252EPSS
Exploits0References1
CNVD
CNVD
added 2016/11/09 12:0 a.m.41 views

Microsoft Windows Kernel Local Privilege Elevation Vulnerability (CNVD-2016-11012)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. A local elevation of privilege vulnerability exists in the Microsoft Windows kernel. Due to a failure of the kernel API to properly handle privileges, a local...

5.5CVSS7AI score0.04142EPSS
Exploits1References1
CNVD
CNVD
added 2016/11/08 12:0 a.m.41 views

Dracut Local Information Disclosure Vulnerability

Dracut is an initramfs infrastructure that is primarily used to create initramfs images. Dracut suffers from a local information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...

7.8CVSS6AI score0.00309EPSS
Exploits1References1
CNVD
CNVD
added 2016/08/11 12:0 a.m.41 views

vBulletin Server-Side Request Forgery Security Bypass Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A security bypass vulnerability exists in vBulletin versions 5.2.2 and earlier, 4.2.3, and 3.8.9 and earlier. An attacker can exploit this vulnerability to...

8.6CVSS6.8AI score0.11945EPSS
Exploits6References1
CNVD
CNVD
added 2016/05/20 12:0 a.m.41 views

Moxa EDR-G903 Denial of Service Vulnerability

Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in Moxa EDR-G903 V3.4.11 and earlier versions. A remote attacker can exploit this vulnerability by sending a malicious request to cause a denial of service cold boot...

7.8CVSS6.8AI score0.01823EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/11 12:0 a.m.41 views

Microsoft Windows win32k elevation of privilege vulnerability (CNVD-2016-03099)

Microsoft Windows is a series of operating systems released by Microsoft USA. win32k.sys is the kernel part of the Windows subsystem, a kernel-mode device driver, which contains a window manager, background control windows and screen output management. An elevation of privilege vulnerability exis...

7.8CVSS7.2AI score0.03663EPSS
Exploits1References1
CNVD
CNVD
added 2016/02/11 12:0 a.m.41 views

Microsoft Windows WebDAV Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft.WebDAV client is one of the Web distributed authoring and version control client. An elevation of privilege vulnerability exists in the WebDAV client for Microsoft Windows that stems from the program failing to properly...

7.8CVSS7.7AI score0.23383EPSS
Exploits12References1
CNVD
CNVD
added 2015/02/13 12:0 a.m.41 views

Radexscript CMS 'SEARCH_TERMS' Parameter SQL Injection Vulnerability

Redaxscript is a free content management system CMS based on PHP and MySQL. The system is mainly used for small businesses and private site builders. A SQL injection vulnerability exists in the 'searchpost' function in the includes/search.php script in Redaxscript versions prior to 2.3.0. A remot...

7.5CVSS8.6AI score0.02397EPSS
Exploits5References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.40 views

OpenClaw Information Disclosure Vulnerability (CNVD-2026-14389)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability, the vulnerability stems from the component File Existence Handler's function tools.exec.safeBins for the protection of sensitive information is insufficient, an attacker can...

5.5CVSS5.6AI score0.00133EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/02 12:0 a.m.40 views

IBM WebSphere Application Server Liberty Resource Management Error Vulnerability (CNVD-2024-18059)

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A resource management error vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3, which stems fro...

7.5CVSS6.7AI score0.00818EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/26 12:0 a.m.40 views

Apache Doris Security Bypass Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...

5.3CVSS6.9AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
added 2024/02/22 12:0 a.m.40 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11152)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...

5.5CVSS6.5AI score0.0081EPSS
Exploits0References1
Total number of security vulnerabilities5000