Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/05/30 12:0 a.m.•40 views

Linux kernel resource management error vulnerability (CNVD-2023-48540)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a resource management error vulnerability that stems from the incorrect handling of per-CPU sequence counts during concurrent iptables rule...

6.7CVSS6.4AI score0.00444EPSS
Exploits1References1
CNVD
CNVD
•added 2023/04/19 12:0 a.m.•40 views

Online Thesis Archiving System sql Injection Vulnerability (CNVD-2023-29788)

Online Thesis Archiving System is an online thesis archiving system. Online Thesis Archiving System version 1.0 has a sql injection vulnerability, which originates from the poor filtering of the id parameter in /admin/user/manageuser.php. An attacker can use this vulnerability to perform SQL...

9.7AI score0.00766EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/04/13 12:0 a.m.•40 views

Microsoft Windows DNS Remote Code Execution Vulnerability

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

6.6CVSS7.8AI score0.00853EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•40 views

Google Chrome Autofill component code issue vulnerability

Google Chrome is a web browser from Google, Inc. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Autofill component. A remote attacker could exploit the vulnerability to disclose cross-domain data via...

4.3CVSS3.4AI score0.00413EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•40 views

IBM Security Verify Governance Encryption Issue Vulnerability

IBM Security Verify Governance, an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risks. IBM Security Verify Governanc has an encryption issue vulnerability that stems...

7.5CVSS2.1AI score0.00478EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•40 views

F5 BIG-IP APM Oauth Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial-of-service vulnerability exists in F5 BIG-IP APM Oauth, which can be exploited by remote unauthenticated attackers t...

7.5CVSS5.9AI score0.00626EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•40 views

Mozilla Firefox Trust Management Issue Vulnerability (CNVD-2023-05204)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to trust management issues, which can be exploited by attackers to read and modify data...

4.5AI score0.00366EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/26 12:0 a.m.•40 views

Apple iOS and iPadOS Arbitrary Code Execution Vulnerability

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. The vulnerability can be exploited to execute arbitrary code on the device with kernel privileges...

7.8CVSS4.7AI score0.01136EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•40 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-08439)

Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Oracle MySQL Server Server:Optimizer component. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server and...

2.2AI score0.01196EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•40 views

Google Chrome Permissions API Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome versions prior to 106.0.5249.119. The vulnerability stems from the use of the Permissions API after release, and can be exploited by a remote attacker to trick a user into...

8.8CVSS8.2AI score0.00653EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/29 12:0 a.m.•40 views

Aruba Networks ArubaOS and InstantOS Buffer Overflow Vulnerability

ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. Aruba Networks ArubaOS and InstantOS are vulnerable to a buffer overflow vulnerability that originates from a boundary...

9.8CVSS9.7AI score0.01022EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•40 views

Rocket.Chat getS3FileUrl Meteor Information Disclosure Vulnerability

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability exists in the getS3FileUrl Meteor server method, which can be exploited by an authenticated attacker to...

4.3CVSS4.3AI score0.00603EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/19 12:0 a.m.•40 views

D-Link DIR-2150 OS Command Injection Vulnerability (CNVD-2023-21660)

The D-Link DIR-2150 is a wireless router device from D-Link.The D-Link DIR-2150 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to execute code in the context of a service account...

8.8CVSS9AI score0.0087EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/16 12:0 a.m.•40 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-87164)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager contains a cross-site scripting vulnerability that could be exploited by attackers to execute malicious JavaScript content in the...

5.4CVSS4.2AI score0.00524EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/23 12:0 a.m.•40 views

Laravel Deserialization Vulnerability (CNVD-2022-59204)

Laravel is a web application framework from the Laravel team.Laravel version 5.1 contains a deserialization vulnerability that stems from insecure deserialization processing of serialized data submitted by the application at the time of receipt, which can be exploited by an attacker to remotely...

8.8CVSS4.4AI score0.00578EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/15 12:0 a.m.•40 views

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-56978)

Adobe Acrobat Reader is a PDF viewer from Adobe, a U.S. company. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that originates from out-of-bounds reads and results in a memory leak. No detailed vulnerability details a...

5.5CVSS3.4AI score0.02538EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/12 12:0 a.m.•40 views

Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-67839)

Microsoft Visual Studio is a family of development tools from Microsoft Corporation USA and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft Visual Studio is vulnerable to remote code execution. An attacker could exploit...

3AI score0.01779EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/08/10 12:0 a.m.•40 views

WordPress plugin Adminer Login has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Adminer Login version 1.4.4 contains a security vulnerability that can be exploited by...

7.8CVSS2.6AI score0.004EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/05 12:0 a.m.•40 views

Google Android Information Disclosure Vulnerability (CNVD-2022-71982)

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information disclosure vulnerability that could be exploited by attackers to obtain sensitive information...

7.5CVSS3.2AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/04 12:0 a.m.•40 views

IBM DataPower Gateway Server-Side Request Forgery Vulnerability (CNVD-2022-56971)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...

8.8CVSS3AI score0.00462EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/29 12:0 a.m.•40 views

Adobe Acrobat and Adobe Acrobat Reader Buffer Overflow Vulnerability

Adobe Acrobat and Adobe Acrobat Reader are both products of the United States Ordoby Adobe.Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDF. Adobe Acrobat and Adobe Reader has a buffer overfl...

5.5CVSS6.3AI score0.02964EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•40 views

SAP BusinessObjects BW Publisher Service Elevation of Privilege Vulnerability

SAP BusinessObjects BW Publisher Service is a model-driven data warehouse product from SAP Germany. An elevation of privilege vulnerability exists in versions 420 and 430 of the SAP BusinessObjects BW Publisher Service, which stems from the use of search paths that contain un-referenced elements,...

7.8CVSS7.9AI score0.00245EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/13 12:0 a.m.•40 views

Annotation Tool path traversal vulnerability

Annotation Tool is a Bonn activity map annotation tool open sourced by bonn-activity-maps. 2021-08-31 and earlier versions of Annotation Tool are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource o...

9.3CVSS3.6AI score0.01242EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•40 views

HCL Technologies HCL Launch Information Disclosure Vulnerability (CNVD-2022-58411)

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from the...

5.5CVSS5.2AI score0.0015EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•40 views

Huawei HarmonyOS security bypass vulnerability (CNVD-2022-57613)

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS contains a security vulnerability that could be exploited by attackers to compromise system integrity...

7.5CVSS3.4AI score0.00737EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•40 views

LDAP Account Manager Parameter Injection Vulnerability

LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. LDAP Account Manager LAM versions prior to 8.0 are vulnerable to parameter injection, which stems from the fact that LAM instantiates objects from arbitrary classes and ca...

9CVSS6.1AI score0.02346EPSS
Exploits1References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•40 views

Huawei WS7200-10 Access Control Error Vulnerability

The Huawei ws7200-10 is a wireless router from the Chinese company Huawei HUAWEI. Huawei WS7200-10 11.0.2.13 suffers from an access control error vulnerability, which stems from a problem with user password authentication, and can be exploited by an attacker on a local area network LAN to obtain ...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/23 12:0 a.m.•40 views

WordPress plugin Google Tag Manager cross-site scripting vulnerability

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Google Tag Manager version 1.15 has a cross-site scripting vulnerability that stems from the fact that site searches are n...

6.1CVSS1.9AI score0.90154EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/27 12:0 a.m.•40 views

Linux kernel denial-of-service vulnerability (CNVD-2022-66584)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a denial of service. An attacker could exploit this vulnerability to force a NULL pointer dereference on the Linux kernel via kvmmmuinvpcidgva to trigger a denial of service...

6.9CVSS2.4AI score0.00318EPSS
Exploits0
CNVD
CNVD
•added 2022/05/17 12:0 a.m.•40 views

Air Cargo Management System SQL Injection Vulnerability (CNVD-2022-58096)

Air Cargo Management System is an air cargo management system. version 1.0 of Air Cargo Management System is vulnerable to a SQL injection vulnerability in /acms/classes/Master.php?f=deletecargotype which lacks a filter and escape for the parameter The vulnerability is caused by a lack of filteri...

9.8CVSS3.6AI score0.01048EPSS
Exploits1References1
CNVD
CNVD
•added 2022/05/13 12:0 a.m.•40 views

AMD System Management Unit Denial of Service Vulnerability (CNVD-2022-63548)

AMD System Management Unit SMU is a system management unit of AMD, Inc. A denial of service vulnerability exists in AMD System Management Unit, which stems from inadequate inspection of bindings in the System Management Unit SMU and can be exploited by an attacker to cause a denial of service...

5.5CVSS3.3AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/27 12:0 a.m.•40 views

Tenda AX12 Cross-Site Request Forgery Vulnerability (CNVD-2022-63551)

Tenda AX12 is a dual-band gigabit Wifi 6 wireless router from Tenda, China.Tenda AX12 V22.03.01.21CN is vulnerable to cross-site request spoofing. users, an attacker could use the vulnerability to spoof malicious requests to trick victims into clicking to perform sensitive operations...

7.1CVSS3.6AI score0.00435EPSS
Exploits1References1
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•40 views

Resource Management Error Vulnerability in Multiple Adobe Products (CNVD-2022-67850)

Adobe Acrobat and Adobe Reader are both products of Adobe, a PDF file editing and conversion tool, and Adobe Reader, a PDF document reader. A number of Adobe products have resource management error vulnerability, the vulnerability is derived from the processing of PDF files occurred after the...

9.3CVSS3.4AI score0.03688EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•40 views

Huawei EMUI Information Disclosure Vulnerability (CNVD-2022-64483)

Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. Huawei EMUI suffers from an information disclosure vulnerability that originates from an unauthorized rewrite vulnerability in the memory access management module on the ACPU. The vulnerability can be...

5.5CVSS5.2AI score0.00179EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•40 views

Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84606)

Microsoft Windows is a set of operating systems for personal devices used by the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...

8.5CVSS6.7AI score0.02237EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/17 12:0 a.m.•40 views

Jenkins Parameterized Trigger Plugin Information Disclosure Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. These values are stored and can be viewed by an attacker with access to the...

5.5CVSS1.6AI score0.00368EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/14 12:0 a.m.•40 views

Luocms SQL Injection Vulnerability (CNVD-2022-20133)

Luocms is an article management system. A SQL injection vulnerability exists in Luocms v2.0, which stems from a lack of validation of external input SQL statements in /admin/news/newsmod.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data...

9.8CVSS3.6AI score0.01137EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/11 12:0 a.m.•40 views

Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22099)

Adobe After Effects is a suite of visual effects and motion graphics software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects, which stems from a failure to properly validate data boundaries when performing operations on memory, and can be exploited by remote...

9.3CVSS4.2AI score0.03803EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/24 12:0 a.m.•40 views

Envoy Trust Management Issue Vulnerability (CNVD-2022-16289)

Envoy is an open source distributed proxy server. Envoy is vulnerable to trust management issues, and no detailed vulnerability details are available at this time...

6.8CVSS2.5AI score0.00509EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/24 12:0 a.m.•40 views

Envoy has an unspecified vulnerability (CNVD-2022-16288)

Envoy is an open source distributed proxy server. Envoy has a security vulnerability that can be exploited by attackers to cause stack exhaustion and abnormal process termination...

6.5CVSS4.6AI score0.01EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/21 12:0 a.m.•40 views

Expat has an unspecified vulnerability (CNVD-2022-18357)

Expat is a fast streaming XML parser written in C. A security vulnerability existed prior to Expat 2.4.5, which could be exploited by attackers to insert namespace separators into namespace URIs...

9.8CVSS4.2AI score0.34174EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/17 12:0 a.m.•40 views

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2023-49839)

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which stems from carefully crafted data in JP2 images that can trigger the reading of data beyond the end of the allocated buffer. The vulnerability can be exploited by an attack...

7.8CVSS7.6AI score0.01019EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/15 12:0 a.m.•40 views

Apache Cassandra Code Injection Vulnerability

Apache Cassandra is a distributed Nosql database from the American Apache Apache Foundation. Apache Cassandra suffers from a code injection vulnerability that stems from a network system or product failing to properly filter specific elements of externally entered data during the construction of ...

9.1CVSS9.3AI score0.54889EPSS
Exploits7References1
CNVD
CNVD
•added 2022/02/15 12:0 a.m.•40 views

Google Android Information Disclosure Vulnerability (CNVD-2022-13349)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which can be exploited by an attacker to access screenshots in the clipboard via Edge Panel...

4.6CVSS4.4AI score0.00098EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/09 12:0 a.m.•40 views

Google Tensorflow has an unspecified vulnerability (CNVD-2022-09902)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to trigger a denial of service by changing the SavedModel on disk...

6.5CVSS2.8AI score0.00469EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/27 12:0 a.m.•40 views

vim buffer overflow vulnerability (CNVD-2022-20799)

Vim is a UNIX-based editor. buffer overflow vulnerability exists in versions prior to vim 8.2, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to...

8.4CVSS5.1AI score0.00609EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/20 12:0 a.m.•40 views

Linux kernel elevation of privilege vulnerability (CNVD-2022-68560)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to bypass Linux kernel restrictions through Cgroup Fd Writing to elevate privileges...

7.8CVSS4AI score0.00541EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•40 views

Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2022-08036)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying tha...

4.3CVSS6AI score0.01779EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/18 12:0 a.m.•40 views

WordPress Modern Events Calendar Lite PluginSQL Injection Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Modern Events Calendar Lite Plugin is a WordPress open source application plugin. WordPress Modern Events Calendar Lite...

9.8CVSS3.4AI score0.728EPSS
Exploits7References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•40 views

Samba permission permission and access control issue vulnerability (CNVD-2022-15501)

Samba is the standard Windows interoperability suite for Linux and Unix. Samba is vulnerable to a permission permission and access control issue, which stems from a flaw found in the way samba can support RODCs read-only domain controllers as Active Directory domain controllers. An attacker could...

8.8CVSS4.6AI score0.01595EPSS
Exploits0References1
Total number of security vulnerabilities5000