Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/11/23 12:0 a.m.•43 views

WordPress Booster for WooCommerce plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

5.4CVSS4.7AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/10 12:0 a.m.•43 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-87652)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing. An attacker could exploit the vulnerability with a specially crafted website to spoof content and trick users into believing that the site i...

6.5CVSS1.5AI score0.01463EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•43 views

Adobe ColdFusion Path Traversal Vulnerability (CNVD-2023-08751)

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion contains a path traversal vulnerability, which...

9.8CVSS4.3AI score0.80023EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•43 views

SAP Manufacturing Execution Path Traversal Vulnerability

SAP Manufacturing Execution is an integrated Manufacturing Execution System MES solution for discrete manufacturing processes from SAP. Enables MES functionality to be customized specifically for the management and control of production environments. A path traversal vulnerability exists in SAP...

7.5CVSS7.5AI score0.0643EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•43 views

Google Android elevation of privilege vulnerability (CNVD-2022-81237)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from proxy obfuscation in the CarSettings of the application package, which can be exploited by an attacker to cause an elevation of privilege i...

8.8CVSS8.5AI score0.00158EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/09 12:0 a.m.•43 views

Linux kernel competition condition issue vulnerability (CNVD-2022-74091)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a contention problem that originates from a contention problem in the perfeventopen function, which can be exploited by local attackers to elevate privileges...

4.2AI score0.0031EPSS
Exploits0
CNVD
CNVD
•added 2022/08/03 12:0 a.m.•43 views

F5 NGINX Instance Manager Denial of Service Vulnerability

NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...

6.5CVSS1.9AI score0.00658EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/29 12:0 a.m.•43 views

FeehiCMS arbitrary file upload vulnerability

FeehiCMS is a Php-based CMS builder from Liufee Personal Developers.FeehiCMS version v2.1.1 is vulnerable to arbitrary file uploads. The vulnerability stems from the lack of valid validation of uploaded files by the application. An attacker can exploit the vulnerability to execute arbitrary code ...

8.8CVSS5.4AI score0.01003EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•43 views

IBM QRadar SIEM Licensing Issue Vulnerability (CNVD-2022-83585)

IBM QRadar SIEM is a solution from IBM America that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. IBM QRadar SI...

5.5CVSS2.5AI score0.00172EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/20 12:0 a.m.•43 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-53246)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An input validation error vulnerability exists in Oracle MySQL version 8.0.28 and prior versions. The vulnerability originates from an attacker with...

6.5CVSS6.1AI score0.01147EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•43 views

SAP BusinessObjects Business Intelligence Platform SQL Injection Vulnerability

SAP Business Objects is a business intelligence suite from SAP Germany. An SQL injection vulnerability exists in SAP BusinessObjects Business Intelligence Platform versions 420 and 430, which can be exploited by an authenticated attacker to query and extract SQL backend data through the BI...

4.9CVSS5AI score0.00429EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/06 12:0 a.m.•43 views

WordPress Gallery plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS5.9AI score0.01626EPSS
Exploits2References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•43 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-53367)

Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android, which stems from the fact that the UE and EMM use NAS messages to communicate with each other. The vulnerability can be exploited to remotely crash the modem...

10CVSS5AI score0.03461EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•43 views

DCMTK Denial of Service Vulnerability

DCMTK is a collection of libraries and applications that implement most DICOM standards. Software for inspecting, building and converting DICOM image files, handling offline media, sending and receiving images over a network connection, and demo image storage and worklist servers. a denial of...

7.5CVSS3.8AI score0.01595EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/24 12:0 a.m.•43 views

Jenkins REST List Parameter Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...

5.4CVSS5.5AI score0.00759EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/24 12:0 a.m.•43 views

Apache Sling Log Injection Vulnerability

Apache Sling is an open source Web framework for the Java platform from the Apache Foundation. Designed to create content-centric applications on JSR-170-compliant content repositories such as Apache Jackrabbit, a log injection vulnerability exists in Apache Sling Commons Log version 5.4.0 and...

5.3CVSS3AI score0.02273EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/08 12:0 a.m.•43 views

Owl Labs Meeting Owl Trust Management Issue Vulnerability

Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to a trust management issue, which could be exploited by an attacker to activate network sharing mode using hard-coded hoothoot credentials via a certain c 150 value...

7.4CVSS4.2AI score0.03408EPSS
Exploits1References1
CNVD
CNVD
•added 2022/05/18 12:0 a.m.•43 views

Aruba ClearPass Policy Manager Authentication Bypass Vulnerability (CNVD-2022-64232)

Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has an authentication bypass vulnerability, which can be exploited by attackers to bypass authentication leading to remote code...

10CVSS4.5AI score0.02682EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/18 12:0 a.m.•43 views

Aruba ClearPass Policy Manager Command Injection Vulnerability (CNVD-2022-64231)

Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a command injection vulnerability, the vulnerability stems from the user input structure to execute the command process, the...

7.2CVSS3.9AI score0.01429EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/27 12:0 a.m.•43 views

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2022-61334)

OpenEMR is an open source medical management system from the OpenEMR community. A cross-site scripting vulnerability exists in versions of OpenEMR prior to 6.1.0.1, which stems from a lack of data validation filters for user-supplied data and output data in the file name on the "Upload Document...

7.3CVSS2.5AI score0.0068EPSS
Exploits1References1
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•43 views

Microsoft Windows Network File System Remote Code Execution Vulnerability (CNVD-2022-74601)

Microsoft Windows Network File System is a file sharing solution from Microsoft that allows you to transfer files between computers running Windows Server and UNIX operating systems using the NFS protocol. Network File System is vulnerable to a remote code execution vulnerability caused by a flaw...

9.8CVSS3.6AI score0.34552EPSS
Exploits1References1
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•43 views

RiteCMS path traversal vulnerability

RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...

8.5CVSS4.2AI score0.20963EPSS
Exploits1References1
CNVD
CNVD
•added 2022/04/12 12:0 a.m.•43 views

Samsung Flow Access Control Error Vulnerability

Samsung flow is an application for Samsung Samsung mobile devices, a software used to connect Samsung to Win10-based computers for a seamless, secure, and connected experience.An access control error vulnerability exists in versions prior to Samsung Flow 4.8.06.5, which stems from a lack of prope...

5.1CVSS5AI score0.00251EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/07 12:0 a.m.•43 views

jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability

jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...

3.5CVSS5.1AI score0.71209EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/03/31 12:0 a.m.•43 views

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65620)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...

7.8CVSS5.5AI score0.02041EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/29 12:0 a.m.•43 views

WordPress WP-DownloadManager plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress WP-DownloadManager plugin version 1.68.6...

5.4CVSS1.3AI score0.00544EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/23 12:0 a.m.•43 views

TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53560)

TotoLink N600R is a wireless router from TotoLink, Taiwan, China. TotoLink N600R is vulnerable to command injection, which can be exploited by attackers via the exportOvpn interface of cstecgi.cgi...

9.8CVSS5.2AI score0.03986EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/23 12:0 a.m.•43 views

Red Hat 389 Directory Server Code Issue Vulnerability

Red Hat 389 Directory Server formerly known as Fedora Directory Server is an enterprise-class Linux directory server from Red Hat, Inc. The server fully supports the LDAPv3 specification and features scalable, multi-master replication, etc. A security vulnerability exists in Red Hat 389 Directory...

6.5CVSS1.3AI score0.01531EPSS
Exploits2References1
CNVD
CNVD
•added 2022/03/16 12:0 a.m.•43 views

WordPress Page Builder KingComposer plugin access control error vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Page Builder KingComposer plugin version...

6.1CVSS1.9AI score0.0428EPSS
Exploits4References1
CNVD
CNVD
•added 2022/03/14 12:0 a.m.•44 views

Samsung AppLock licensing issue vulnerability

Samsung AppLock is an application lock for Samsung mobile devices used to lock applications on Android.An authorization issue vulnerability exists in Samsung AppLock, which stems from a lack of authentication measures or insufficient authentication strength for Unprotected Activity in AppLock. An...

4.1CVSS2.9AI score0.00099EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/04 12:0 a.m.•43 views

Google Chrome Omnibox code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Omnibox, which is caused by a confusion in the program's instructions for freeing memory and can be exploited by attackers to execute arbitrary code on the system or cause a denial of service...

8.8CVSS7.2AI score0.00924EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/03 12:0 a.m.•43 views

MaxSite CMS Cross-Site Scripting Vulnerability (CNVD-2022-33826) (CVE-2022-25413)

MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.MaxSite CMS 108 has a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks via the ftags parameter in /admin/pageedit/3...

5.4CVSS3.2AI score0.00485EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/02 12:0 a.m.•43 views

WordPress TI WooCommerce Wishlist plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...

9.8CVSS2.2AI score0.73998EPSS
Exploits2References1
CNVD
CNVD
•added 2022/02/14 12:0 a.m.•43 views

Linux kernel buffer overflow vulnerability (CNVD-2022-68616)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel buffer overflow vulnerability, which is caused by a failure of the Transparent Inter-Process Communication TIPC module to properly boundary check. An attacker could exploit the vulnerability...

9CVSS4.1AI score0.67994EPSS
Exploits2References1
CNVD
CNVD
•added 2022/01/19 12:0 a.m.•43 views

Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05874)

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

7.5CVSS1.7AI score0.92331EPSS
Exploits6References1
CNVD
CNVD
•added 2022/01/16 12:0 a.m.•43 views

Jenkins Badge Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...

5.4CVSS5.6AI score0.00839EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•43 views

Apache Dubbo Deserialization Vulnerability (CNVD-2022-05106)

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery. Apache Dubbo in version 3.2.11 a...

9.8CVSS2.7AI score0.15313EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/13 12:0 a.m.•43 views

Kaseya Unitrends Backup Appliance has an unspecified vulnerability

Unitrends Backup UB is a suite of data protection software from Unitrends, Inc. that provides data backup, data recovery and deduplication functions.A security vulnerability exists in the Kaseya Unitrends Backup Appliance, which could be exploited by an attacker to log into the target system...

9.8CVSS3.7AI score0.01862EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•43 views

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10290)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. A buffer overflow vulnerability exists in InsydeH2O, which stems from the SWSMI handler not adequately...

8.2CVSS3.6AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/22 12:0 a.m.•43 views

Google Android out-of-bounds write vulnerability (CNVD-2021-101950)

Google Android is a Linux-based open source operating system from Google, Inc. An out-of-bounds write vulnerability exists in Google Android, which can be exploited by attackers to cause remote information disclosure without additional execution privileges...

9.3CVSS5.2AI score0.01012EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•43 views

Atomix Denial of Service Vulnerability

Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. A denial-of-service vulnerability exists in Atomix version 3.1.5. An attacker could exploit this vulnerability to cause a denial of service via a false link event message sent to the primary ONOS node...

8.1CVSS5.1AI score0.01164EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/16 12:0 a.m.•43 views

Apache log4j2 denial of service vulnerability

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j2 suffers from a denial-of-service vulnerability. When improperly configured, an attacker can exploit the vulnerability to cause a denial-of-service attack...

9CVSS4.4AI score0.99977EPSS
Exploits40References1
CNVD
CNVD
•added 2021/11/02 12:0 a.m.•43 views

Google Android Kernel Component Elevation of Privilege Vulnerability (CNVD-2021-101428)

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA. an elevation of privilege vulnerability exists in the Google Android Kernel component Kernel, which could be exploited by an attacker to cause a local elevation of privilege that...

6.9CVSS4.6AI score0.00811EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/09 12:0 a.m.•43 views

Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84817)

Chrome is a web browsing tool developed by Google. a heap buffer overflow vulnerability exists in WebRTC in versions prior to Google Chrome 94.0.4606.81. An attacker could exploit this vulnerability to exploit heap corruption via a crafted HTML page...

8.8CVSS3.8AI score0.01711EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•43 views

libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78432)

libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the putweightedpredavg16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...

6.5CVSS4.8AI score0.01438EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/08 12:0 a.m.•43 views

Microsoft MSHTML Remote Code Execution Vulnerability

MSHTML also known as Trident is Microsoft's Internet Explorer browser engine, and while MHTML is primarily used in the deprecated Internet Explorer browser, the component is also used in Office applications to render Word, Excel, or PowerPoint documents in A remote code execution vulnerability...

8.8CVSS3.2AI score0.96843EPSS
Exploits38References1
CNVD
CNVD
•added 2021/08/25 12:0 a.m.•43 views

LedgerSMB Cross-Site Scripting Vulnerability (CNVD-2021-101203)

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...

9.6CVSS1.4AI score0.03014EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/30 12:0 a.m.•43 views

ForgeRock AM code issue vulnerability

ForgeRock AM is an open source access management, privilege control platform with widespread use in universities and social organizations.ForgeRock AM is vulnerable to a code issue that could be exploited by an unauthenticated attacker to remotely execute arbitrary code by constructing a special...

10CVSS6.9AI score0.99999EPSS
Exploits8References1
CNVD
CNVD
•added 2021/06/08 12:0 a.m.•43 views

HP PageWide Pro 477dw MFP has an unauthorized access vulnerability

Hewlett-Packard Trading Shanghai Co., Ltd. is a company whose business scope includes computer hardware and software equipment, printing equipment, imaging equipment, communication equipment and so on. An unauthorized access vulnerability exists in HP PageWide Pro 477dw MFP, which can be exploite...

6.8AI score
Exploits0
CNVD
CNVD
•added 2021/05/12 12:0 a.m.•43 views

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code injection...

8.8CVSS8.5AI score0.30045EPSS
Exploits5References1
Total number of security vulnerabilities5000