Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/07/23 12:0 a.m.•41 views

Modesty Pdf2json resource management error vulnerability

Modesty Pdf2json is Modesty's personal developer of a Java-based code library that interacts PDF files with Json files. PDF2JSON version 0.70 has a security vulnerability that stems from an issue found in the function DCTStream::transformDataUnit, which could be used by an attacker to cause a...

5.5CVSS4.7AI score0.00659EPSS
Exploits1References1
CNVD
CNVD
•added 2021/06/29 12:0 a.m.•41 views

Linux kernel information disclosure vulnerability (CNVD-2021-60526)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to an excessive amount of data output in the Linux kernel functions, which allows user-state applications to read the contents of a sigpage, thereby leaking the contents o...

4CVSS2AI score0.00529EPSS
Exploits1References1
CNVD
CNVD
•added 2021/06/23 12:0 a.m.•41 views

Command execution vulnerability exists in SEACMS (CNVD-2021-46592)

SeaCMS Ocean CMS is a professional open source free PHP film and television system. A command execution vulnerability exists in SEACMS, which can be exploited by attackers to gain control of the server...

7.6AI score
Exploits0
CNVD
CNVD
•added 2021/06/04 12:0 a.m.•41 views

Apache HTTP Server Stack Overflow Vulnerability

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. Apache HTTP Server is vulnerable to a per-zero-byte stack overflow in modauthdigest, which can be exploited to trigger remote code execution or...

7.3CVSS3AI score0.53191EPSS
Exploits0References1
CNVD
CNVD
•added 2020/10/28 12:0 a.m.•41 views

Exim Input Validation Error Vulnerability

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. An input validation error vulnerability exists in Exim versions 4.87 through 4.91. The vulnerability stems from a network system or product that does not properly validate incoming data. No...

10CVSS9.3AI score0.99961EPSS
Exploits27References1
CNVD
CNVD
•added 2020/07/03 12:0 a.m.•41 views

Unspecified Vulnerability in CloudBees Jenkins Zephyr for JIRA Test Management Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr for JIRA Test Management Plugin is used...

4.3CVSS6.5AI score0.00656EPSS
Exploits0
CNVD
CNVD
•added 2017/09/13 12:0 a.m.•41 views

Microsoft Office Memory Corruption Vulnerability (CNVD-2017-27433)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A memory corruption vulnerability exists in Microsoft Office where a remote program fails to properly hand...

9.3CVSS7.9AI score0.16358EPSS
Exploits0References1
CNVD
CNVD
•added 2017/06/22 12:0 a.m.•41 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2017-13906)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server versions prior to 2.4.26. An attacker can exploit this...

7.5CVSS6.7AI score0.53939EPSS
Exploits0References1
CNVD
CNVD
•added 2017/06/13 12:0 a.m.•41 views

Elasticsearch Logstash Information Disclosure Vulnerability

Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. An information disclosure vulnerability exists in Elasticsearch Logstash versions prior to 5.0.1. An attack...

6.5CVSS6.1AI score0.01081EPSS
Exploits0References1
CNVD
CNVD
•added 2017/04/10 12:0 a.m.•41 views

Google Android HTC OEM fastboot command elevation of privilege vulnerability

Google Android is a mobile operating system based on the Linux open kernel. Google Android has a security vulnerability in the HTC OEM fastboot command implementation, which allows remote attackers to exploit the vulnerability to submit special applications with elevated privileges...

7.6CVSS6.9AI score0.02087EPSS
Exploits3References1
CNVD
CNVD
•added 2017/03/31 12:0 a.m.•41 views

Artifex Software Ghostscript Local Integer Overflow Vulnerability

Artifex Software Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. print Postscript files on...

5.5CVSS7.3AI score0.01813EPSS
Exploits0References1
CNVD
CNVD
•added 2017/01/20 12:0 a.m.•41 views

Apache NiFi Cross-Site Scripting Vulnerability

Apache NiFi is an automated solution for data transfer between systems. Apache NiFi suffers from a cross-site scripting vulnerability in the connection details dialog box, which allows an attacker to inject malicious code into the affected site...

5.4CVSS6.5AI score0.0176EPSS
Exploits1References1
CNVD
CNVD
•added 2017/01/10 12:0 a.m.•41 views

Game Music Emulators Memory Corruption Vulnerability (CNVD-2017-00404)

Game Music Emulators. A memory corruption vulnerability exists in Game Music Emulators. A remote attacker could exploit this vulnerability to execute arbitrary code or trigger a denial of service...

7.8CVSS8.1AI score0.0233EPSS
Exploits1References1
CNVD
CNVD
•added 2016/08/11 12:0 a.m.•41 views

vBulletin Server-Side Request Forgery Security Bypass Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A security bypass vulnerability exists in vBulletin versions 5.2.2 and earlier, 4.2.3, and 3.8.9 and earlier. An attacker can exploit this vulnerability to...

8.6CVSS6.8AI score0.11945EPSS
Exploits6References1
CNVD
CNVD
•added 2016/05/20 12:0 a.m.•41 views

Moxa EDR-G903 Denial of Service Vulnerability

Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in Moxa EDR-G903 V3.4.11 and earlier versions. A remote attacker can exploit this vulnerability by sending a malicious request to cause a denial of service cold boot...

7.8CVSS6.8AI score0.01823EPSS
Exploits0References1
CNVD
CNVD
•added 2016/05/11 12:0 a.m.•41 views

Microsoft Windows win32k elevation of privilege vulnerability (CNVD-2016-03099)

Microsoft Windows is a series of operating systems released by Microsoft USA. win32k.sys is the kernel part of the Windows subsystem, a kernel-mode device driver, which contains a window manager, background control windows and screen output management. An elevation of privilege vulnerability exis...

7.8CVSS7.2AI score0.03663EPSS
Exploits1References1
CNVD
CNVD
•added 2016/02/11 12:0 a.m.•41 views

Microsoft Windows WebDAV Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft.WebDAV client is one of the Web distributed authoring and version control client. An elevation of privilege vulnerability exists in the WebDAV client for Microsoft Windows that stems from the program failing to properly...

7.8CVSS7.7AI score0.23383EPSS
Exploits12References1
CNVD
CNVD
•added 2015/04/30 12:0 a.m.•41 views

ZOHO ManageEngine Applications Manager FailOverHelperServlet servlet Information Disclosure Vulnerability

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. An information disclosure...

7.5CVSS6.2AI score0.83399EPSS
Exploits11References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•40 views

OpenClaw Information Disclosure Vulnerability (CNVD-2026-14389)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability, the vulnerability stems from the component File Existence Handler's function tools.exec.safeBins for the protection of sensitive information is insufficient, an attacker can...

5.5CVSS5.6AI score0.00133EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/02 12:0 a.m.•40 views

IBM WebSphere Application Server Liberty Resource Management Error Vulnerability (CNVD-2024-18059)

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A resource management error vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3, which stems fro...

7.5CVSS6.7AI score0.00818EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•40 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11152)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...

5.5CVSS6.5AI score0.0081EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/05 12:0 a.m.•40 views

ZZCMS File Upload Vulnerability (CNVD-2024-06241)

ZZCMS is a content management system CMS by the ZZCMS team in China. A file upload vulnerability exists in ZZCMS version 2023, which stems from the lack of valid validation of uploaded files in /Ebak5.1/upload/index.php. An attacker can exploit this vulnerability to gain server privileges and...

9.8CVSS7.8AI score0.01066EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•40 views

BaserCMS path traversal vulnerability (CNVD-2023-86331)

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A path traversal vulnerability exists in versions of baserCMS prior to 4.8.0, which stems from a lack of validity checking of paths when processing directory requests by the form submission data management...

6.5CVSS6.5AI score0.0097EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•40 views

Microsoft Skype for Business Remote Code Execution Vulnerability (CNVD-2023-92203)

Microsoft Skype for Business Server is a secure and unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messages, and sharing capabilities. A remote code execution vulnerability exists in Microsoft Skype fo...

7.2CVSS8.1AI score0.02563EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/24 12:0 a.m.•40 views

Linux Kernel Denial of Service Vulnerability (CNVD-2023-71723)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel, which originates from a NULL pointer dereference flaw in vmxnet3rqcleanup in drivers/net/vmxnet3/vmxnet3drv.c in t...

5.5CVSS6.3AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/30 12:0 a.m.•40 views

HCL Technologies BigFix Mobile Command Injection Vulnerability

HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...

8.8CVSS7.7AI score0.00771EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/23 12:0 a.m.•40 views

Information leakage vulnerability in Dahua DSS system

DSS Digital Surveillance System is a digital surveillance management system developed by Zhejiang Dahua Technology Co. There is an information leakage vulnerability in Dahua DSS system, which can be exploited by an attacker to obtain server related information and cause information leakage...

6.5AI score
Exploits0Affected Software1
CNVD
CNVD
•added 2023/05/30 12:0 a.m.•40 views

Linux kernel resource management error vulnerability (CNVD-2023-48540)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a resource management error vulnerability that stems from the incorrect handling of per-CPU sequence counts during concurrent iptables rule...

6.7CVSS6.4AI score0.00444EPSS
Exploits1References1
CNVD
CNVD
•added 2023/04/19 12:0 a.m.•40 views

Online Thesis Archiving System sql Injection Vulnerability (CNVD-2023-29788)

Online Thesis Archiving System is an online thesis archiving system. Online Thesis Archiving System version 1.0 has a sql injection vulnerability, which originates from the poor filtering of the id parameter in /admin/user/manageuser.php. An attacker can use this vulnerability to perform SQL...

9.7AI score0.00766EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/04/13 12:0 a.m.•40 views

Microsoft Windows DNS Remote Code Execution Vulnerability

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

6.6CVSS7.8AI score0.00853EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•40 views

Google Chrome Autofill component code issue vulnerability

Google Chrome is a web browser from Google, Inc. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Autofill component. A remote attacker could exploit the vulnerability to disclose cross-domain data via...

4.3CVSS3.4AI score0.00413EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/14 12:0 a.m.•40 views

Siemens RUGGEDCOM APE1808 Product Family Competitive Conditions Vulnerability (CNVD-2023-09126)

The RUGGEDCOM APE1808 is a utility-level application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments. a competitive condition vulnerability exists in the Siemens RUGGEDCOM APE1808 product family...

6.4CVSS2.7AI score0.00151EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•40 views

IBM Security Verify Governance Encryption Issue Vulnerability

IBM Security Verify Governance, an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risks. IBM Security Verify Governanc has an encryption issue vulnerability that stems...

7.5CVSS2.1AI score0.00478EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•40 views

F5 BIG-IP APM Oauth Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial-of-service vulnerability exists in F5 BIG-IP APM Oauth, which can be exploited by remote unauthenticated attackers t...

7.5CVSS5.9AI score0.00626EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•40 views

Mozilla Firefox Trust Management Issue Vulnerability (CNVD-2023-05204)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to trust management issues, which can be exploited by attackers to read and modify data...

4.5AI score0.00366EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/26 12:0 a.m.•40 views

Apple iOS and iPadOS Arbitrary Code Execution Vulnerability

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. The vulnerability can be exploited to execute arbitrary code on the device with kernel privileges...

7.8CVSS4.7AI score0.01136EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•40 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-08439)

Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Oracle MySQL Server Server:Optimizer component. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server and...

2.2AI score0.01196EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•40 views

Google Chrome Permissions API Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome versions prior to 106.0.5249.119. The vulnerability stems from the use of the Permissions API after release, and can be exploited by a remote attacker to trick a user into...

8.8CVSS8.2AI score0.00653EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/29 12:0 a.m.•40 views

Aruba Networks ArubaOS and InstantOS Buffer Overflow Vulnerability

ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. Aruba Networks ArubaOS and InstantOS are vulnerable to a buffer overflow vulnerability that originates from a boundary...

9.8CVSS9.7AI score0.01022EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•40 views

Rocket.Chat getS3FileUrl Meteor Information Disclosure Vulnerability

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability exists in the getS3FileUrl Meteor server method, which can be exploited by an authenticated attacker to...

4.3CVSS4.3AI score0.00603EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/19 12:0 a.m.•40 views

D-Link DIR-2150 OS Command Injection Vulnerability (CNVD-2023-21660)

The D-Link DIR-2150 is a wireless router device from D-Link.The D-Link DIR-2150 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to execute code in the context of a service account...

8.8CVSS9AI score0.0087EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/16 12:0 a.m.•40 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-87164)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager contains a cross-site scripting vulnerability that could be exploited by attackers to execute malicious JavaScript content in the...

5.4CVSS4.2AI score0.00524EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/23 12:0 a.m.•40 views

Laravel Deserialization Vulnerability (CNVD-2022-59204)

Laravel is a web application framework from the Laravel team.Laravel version 5.1 contains a deserialization vulnerability that stems from insecure deserialization processing of serialized data submitted by the application at the time of receipt, which can be exploited by an attacker to remotely...

8.8CVSS4.4AI score0.00578EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/15 12:0 a.m.•40 views

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-56978)

Adobe Acrobat Reader is a PDF viewer from Adobe, a U.S. company. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that originates from out-of-bounds reads and results in a memory leak. No detailed vulnerability details a...

5.5CVSS3.4AI score0.02538EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/12 12:0 a.m.•40 views

Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-67839)

Microsoft Visual Studio is a family of development tools from Microsoft Corporation USA and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft Visual Studio is vulnerable to remote code execution. An attacker could exploit...

3AI score0.01779EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/08/10 12:0 a.m.•40 views

WordPress plugin Adminer Login has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Adminer Login version 1.4.4 contains a security vulnerability that can be exploited by...

7.8CVSS2.6AI score0.004EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/05 12:0 a.m.•40 views

Google Android Information Disclosure Vulnerability (CNVD-2022-71982)

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information disclosure vulnerability that could be exploited by attackers to obtain sensitive information...

7.5CVSS3.2AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/04 12:0 a.m.•40 views

IBM DataPower Gateway Server-Side Request Forgery Vulnerability (CNVD-2022-56971)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...

8.8CVSS3AI score0.00462EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/29 12:0 a.m.•40 views

Adobe Acrobat and Adobe Acrobat Reader Buffer Overflow Vulnerability

Adobe Acrobat and Adobe Acrobat Reader are both products of the United States Ordoby Adobe.Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDF. Adobe Acrobat and Adobe Reader has a buffer overfl...

5.5CVSS6.3AI score0.02964EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•40 views

SAP BusinessObjects BW Publisher Service Elevation of Privilege Vulnerability

SAP BusinessObjects BW Publisher Service is a model-driven data warehouse product from SAP Germany. An elevation of privilege vulnerability exists in versions 420 and 430 of the SAP BusinessObjects BW Publisher Service, which stems from the use of search paths that contain un-referenced elements,...

7.8CVSS7.9AI score0.00245EPSS
Exploits0References1
Total number of security vulnerabilities5000