Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2023/05/06 12:0 a.m.39 views

Google Chrome PictureInPicture Security Bypass Vulnerability

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome PictureInPicture, which can be exploited by attackers to bypass security restrictions...

4.3CVSS6.6AI score0.00801EPSS
Exploits0References1
CNVD
CNVD
added 2023/03/17 12:0 a.m.39 views

Mozilla Firefox Code Problem Vulnerability (CNVD-2023-68213)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code issue vulnerability that stems from the fact that by displaying a prompt with a long description, a full-screen notification may be hidden, which can be exploited by...

4.3CVSS7AI score0.00348EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/20 12:0 a.m.39 views

Siemens JT Open Toolkit Stack Buffer Overflow Vulnerability

Siemens JT Open Toolkit Siemens JTTK is a C++ application programming interface API from Siemens, Germany. It provides support for 64-bit application development on Microsoft Windows, Linux and MacOS. Siemens JT Open Toolkit suffers from a stack buffer overflow vulnerability that can be exploited...

7.8CVSS7.8AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
added 2023/01/30 12:0 a.m.39 views

Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17079)

Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability, which can be exploited by attackers to cause the execution of arbitrary commands by sending specially crafted...

8.8CVSS4.2AI score0.07085EPSS
Exploits1References1
CNVD
CNVD
added 2023/01/06 12:0 a.m.39 views

Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03058)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to an access control error that could be exploited by an unauthenticated attacker to access other restricted features...

8.1CVSS3.9AI score0.00414EPSS
Exploits0References1
CNVD
CNVD
added 2022/12/23 12:0 a.m.39 views

Tenda F1203 Command Injection Vulnerability

Tenda F1203 is a 11AC 1200M intelligent dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. and Ali. A command injection vulnerability exists in Tenda F1203 V2.0.1.6. An attacker can use this vulnerability to perform command injection via the mac parameter of...

9.8CVSS9.7AI score0.02446EPSS
Exploits1References1
CNVD
CNVD
added 2022/12/20 12:0 a.m.39 views

IBM AIX Denial of Service Vulnerability (CNVD-2023-00808)

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...

6.2CVSS6.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/25 12:0 a.m.39 views

PostgreSQL JDBC Drive Information Disclosure Vulnerability

PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol . An information disclosure vulnerability exists in PostgreSQL JDBC Driver. The vulnerability stems from the fact that a preprocessing statement using...

5.5CVSS5.1AI score0.0048EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/24 12:0 a.m.39 views

ZTE MF286R Buffer Overflow Vulnerability

The ZTE MF286R is a wireless router from ZTE Corporation China.A buffer overflow vulnerability previously existed in the ZTE MF286R mf286rb07 version, which stems from the lack of input validation of the wifi interface parameters and can be exploited by attackers to conduct denial of service...

6.5CVSS6.1AI score0.00605EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/23 12:0 a.m.39 views

Google TensorFlow tf.raw_ops.FusedResizeAndPadConv2D buffer overflow vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow versions prior to 2.7.4, 2.8.0 and later, 2.8.1 and later, 2.9.0 and later, and 2.9.1 and earlier, which originates from "tf.rawops...

7.5CVSS7.5AI score0.0043EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/21 12:0 a.m.39 views

Tenda AC1200 setWanPpoe function stack overflow vulnerability

Tenda AC1200 is a wireless router from Tenda China.A stack overflow vulnerability exists in the Tenda AC1200 setWanPpoe function. An attacker can exploit this vulnerability to cause a denial of service via specially crafted overflow data...

9.8CVSS4.2AI score0.01207EPSS
Exploits2References1
CNVD
CNVD
added 2022/11/21 12:0 a.m.39 views

Simmeth System Supplier Manager Cross-Site Scripting Vulnerability

Simmeth System Supplier Manager, a supply chain software from Simmeth System GmbH, Germany, is vulnerable to a cross-site scripting vulnerability in versions prior to Simmeth System GmbH Supplier Manager 5.6. An attacker could use this vulnerability to execute JavaScript code in the victim's...

5.4CVSS6AI score0.00509EPSS
Exploits3References1
CNVD
CNVD
added 2022/11/09 12:0 a.m.39 views

Aruba Networks ArubaOS Buffer Overflow Vulnerability (CNVD-2022-75544)

Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, is vulnerable to a buffer overflow vulnerability. An attacker could exploit this vulnerability to cause unauthenticated remote code executio...

9.8CVSS6AI score0.01484EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/31 12:0 a.m.39 views

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29425)

Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...

7.8AI score0.00926EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/13 12:0 a.m.39 views

Microsoft Windows TCP/IP component denial of service vulnerability

Microsoft Windows TCP/IP component is a component of Microsoft Corporation USA that provides TCP/IP configuration functionality for Windows.A denial of service vulnerability exists in Microsoft Windows TCP/IP, which stems from a failure to properly handle incoming error messages. An attacker coul...

2.2AI score0.01995EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/09/28 12:0 a.m.39 views

Rocket.Chat Input Validation Error Vulnerability

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an input validation error vulnerability that stems from a failure to type validate input data in the getUsersOfRoom Meteor server method. An authenticated attacker could use this vulnerability to enumerate existing rooms a...

4.3CVSS4.3AI score0.00658EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.39 views

Squid Out-of-Bounds Read Vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. Squid suffers from an out-of-bounds read vulnerability. The vulnerability stems from a boundary error when handling...

8.6CVSS7.9AI score0.0282EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/15 12:0 a.m.39 views

Unspecified Vulnerability in Microsoft Windows Internet

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A security vulnerability exists in Microsoft Windows IKE Extension. No details of the vulnerability are provided at this time...

9.8CVSS9.3AI score0.75711EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/05 12:0 a.m.39 views

Helm Resource Management Error Vulnerability

Helm is a Kubernetes package manager. Helm version 3.9.3 and earlier are vulnerable to a resource management error that stems from a fuzz test provided by CNCF that identifies input to a function in the strvals package that could cause an out-of-memory panic. No detailed vulnerability details are...

6.5CVSS2.8AI score0.00874EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/02 12:0 a.m.39 views

Apache Airflow Licensing Issue Vulnerability (CNVD-2022-76236)

Apache Airflow is the Apache Foundation's open source platform for creating, managing, and monitoring workflows. A security vulnerability exists in Apache Airflow versions 2.2.4 to 2.3.3, which stems from the vulnerability of the "database" web server session backend to session fixation. No detai...

9.8CVSS4AI score0.01881EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/09 12:0 a.m.39 views

Microsoft Edge has an unspecified vulnerability (CNVD-2022-56255)

Microsoft Edge is a Web browser that comes with post-Windows 10 versions of Microsoft Corporation Microsoft. Microsoft Edge has a security vulnerability that stems from the existence of a remote code execution vulnerability. No detailed vulnerability details are available at this time...

8.3CVSS5.1AI score0.0105EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/09 12:0 a.m.39 views

Siemens SCALANCE product command injection vulnerability

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...

9.1CVSS3.3AI score0.01318EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.39 views

WAVLINK WN530HG4 Trust Management Issue Vulnerability

The WAVLINK WN530HG4 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in WAVLINK WN530HG4 M30HG4.V5030.191116 version, which originates from a hard-coded encryption/decryption key contained in the configuration file of xportAllSettings.sh. No details of the...

9.8CVSS9.5AI score0.02415EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.39 views

SAP 3D Visual Enterprise Viewer Input Validation Error Vulnerability (CNVD-2022-56958)

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as stand-alone executable programs and ActiveX spaces. An input validation error...

5.5CVSS5.3AI score0.00447EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/01 12:0 a.m.39 views

GitLab Remote Code Execution Vulnerability

GitLab is an open source, end-to-end software development platform from the U.S. company GitLab, with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. GitLab has a remote code execution vulnerability, the vulnerability...

9.9CVSS9.4AI score0.76884EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/21 12:0 a.m.39 views

FFmpeg vorbis_header() function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in the FFmpeg vorbisheader function, which can be exploited by an attacker to cause a denial of service attack...

5.5CVSS5.3AI score0.00645EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.39 views

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2022-59591)

Microsoft SharePoint Server is a remote code execution vulnerability in Microsoft SharePoint Server, an enterprise business collaboration platform from Microsoft Corporation. An attacker could use this vulnerability to execute arbitrary code on the system...

8.8CVSS3.8AI score0.03229EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.39 views

SAP NetWeaver Developer Studio code issue vulnerability

SAP NetWeaver Developer Studio is a Java part of the integrated development environment IDE of the German company SAP. SAP NetWeaver Developer Studio is vulnerable to a code issue that could be exploited by an attacker to cause a loss of confidentiality and integrity...

3.6CVSS3.2AI score0.00243EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.39 views

Huawei CV81-WDM FW Input Check Vulnerability

The Huawei CV81-WDM FW is a laser multifunction printer from Huawei China. A security vulnerability exists in Huawei CV81-WDM FW 01.70.49.29.46. An attacker can exploit the vulnerability to cause a business anomaly...

7.5CVSS7.4AI score0.00369EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.39 views

Elitecms SQL Injection Vulnerability (CNVD-2022-57760)

Elitecms is a Web content management from elitecms India. elitecms version 1.01 has a SQL injection vulnerability that originates from the /admin/addsidebar.php page's lack of validation of external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal...

9.8CVSS6.6AI score0.01081EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.39 views

Huawei HarmonyOS competition condition issue vulnerability

Huawei HarmonyOS is an operating system from Huawei, China HUAWEI. Huawei HarmonyOS 2.0 is vulnerable to a contention condition issue, which stems from a conditional contention vulnerability in the kernel module and can be exploited by attackers to compromise confidentiality...

4.7CVSS3.7AI score0.00122EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/31 12:0 a.m.39 views

74cms SQL Injection Vulnerability (CNVD-2022-43224)

74cms is an online recruitment system based on PHP and MySQL by China Xunyi Technology Company. A SQL injection vulnerability exists in 74cmsSE v3.5.1, which originates from the lack of validation of the keyword parameter in /home/jobfairol/resumelist for externally entered SQL statements. An...

7.5CVSS8.3AI score0.00991EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/30 12:0 a.m.39 views

Buffer Overflow Vulnerability in Multiple Qualcomm Snapdragon Products

Qualcomm chips are chips from Qualcomm, Inc. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is often manufactured on the surface of semiconductor wafers. Several Qualcomm Snapdragon products are vulnerable to a buffer overflow. The vulnerability...

3.6CVSS3.2AI score0.00146EPSS
Exploits0
CNVD
CNVD
added 2022/05/24 12:0 a.m.39 views

Totolink A3600R Buffer Overflow Vulnerability

TotoLink A3600R is a 6-antenna 1200M wireless router from TotoLink, Taiwan, China.A buffer overflow vulnerability exists in version V4.1.2cu.5182B20201102 of the Totolink A3600R, which stems from a vulnerability in the fread function of infostat.cgi that contains stacker overflow, which can be...

7.5CVSS6AI score0.01002EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.39 views

Spring Framework Denial of Service Vulnerability

Spring Framework is the U.S. Spring team of a set of Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework 5.3.20 , 5.2.22 before the version of the denial of service vulnerability , the vulnerability stems from the data binding to th...

3.5CVSS2.9AI score0.01978EPSS
Exploits1
CNVD
CNVD
added 2022/05/09 12:0 a.m.39 views

HUAWEI HarmonyOS Information Disclosure Vulnerability (CNVD-2022-50634)

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS security component, which stems from a serial number capture vulnerability in th...

7.5CVSS7.5AI score0.00634EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.39 views

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2023-02194)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A remote code execution vulnerability exists in Microsoft Excel. An attacker can exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS7.8AI score0.02583EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.39 views

Microsoft Windows Kerberos Remote Code Execution Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows Kerberos. The vulnerability stems from failure to properly process input data and can be exploited by an attacker to...

8.1CVSS9.1AI score0.02134EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/14 12:0 a.m.39 views

Gin-Vue-Admin SQL Injection Vulnerability

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin. Gin-Vue-Admin is vulnerable to SQL injection, which can be exploited by attackers to execute arbitrary SQL statements...

8.8CVSS5.1AI score0.0144EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.39 views

Samsung SMR Information Disclosure Vulnerability (CNVD-2022-63643)

Samsung SMR is a system patch package from South Korea's Samsung Samsung. An information disclosure vulnerability exists in versions prior to Samsung SMR Apr-2022 Release 1, which can be exploited by attackers to cause unauthorized access to the EFRUIMID value...

6.6CVSS3.3AI score0.00121EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/24 12:0 a.m.39 views

Passwork On-Premise Edition Path Traversal Vulnerability

Passwork On-Premise Edition is a local password manager for your business from Passwork Finland.A path traversal vulnerability exists in versions prior to Passwork On-Premise Edition 4.6.13, no detailed vulnerability details are currently available...

8.8CVSS2.7AI score0.01443EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.39 views

Totolink X5000R and TotoLink A7000R Command Injection Vulnerability (CNVD-2022-21813)

Totolink X5000R is a router from Totolink, China.TotoLink A7000R is a wireless router from TotoLink, China.Totolink routers X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115 B20201022 contain a security vulnerability that could be exploited by attackers to execute arbitrary commands via crafte...

9.8CVSS6.6AI score0.02932EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.39 views

vim buffer overflow vulnerability (CNVD-2022-18519)

Vim is an editor based on the UNIX platform. vim is vulnerable to a buffer overflow vulnerability, which originates from a heap-based buffer overflow. No detailed vulnerability details are currently available...

7.8CVSS3.3AI score0.01514EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.39 views

Tor Browser Information Disclosure Vulnerability

Tor Browser is a browser used to access the Internet anonymously. Tor Browser is vulnerable to an information disclosure vulnerability that could be exploited by attackers to bypass the expected anonymity features and obtain information about the Onion service accessed by local users...

5.5CVSS3.3AI score0.00386EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.39 views

WordPress Shield Security plugin跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Shield Security plugin version 13.0.6 previously had a cross-site scripting vulnerability, whic...

4.8CVSS1.8AI score0.00588EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.39 views

Reolink RLC-410W OS Command Injection Vulnerability

Reolink Rlc-410W is a Wifi security camera from Reolink China. The Reolink RLC-410W suffers from an OS command injection vulnerability. An attacker can exploit this vulnerability to cause command execution by sending a specially crafted HTTP request...

9.1CVSS7.4AI score0.27876EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/26 12:0 a.m.39 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-07912)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation. Oracle MySQL Cluster 7.4.34, 7.5.24, 7.6.20, 8.0.27 and earlier versions are vulnerable to an input validation error. An attacker could use this vulnerability to corrupt or...

6.3CVSS4.5AI score0.02686EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.39 views

GPAC Buffer Overflow Vulnerability (CNVD-2022-07643)

GPAC is an open source multimedia framework. Version v1.0.1 of GPAC has a security vulnerability that stems from a heap-based buffer overflow vulnerability in the gfisomdoviconfigget function of MP4Box, which could be exploited by an attacker to cause a denial of service or execute arbitrary code...

7.8CVSS7.4AI score0.01127EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/20 12:0 a.m.39 views

Apache log4j Chainsaw deserialization code execution vulnerability

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A...

9CVSS3.8AI score0.52458EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/20 12:0 a.m.39 views

Apache Log4j SQL Injection Vulnerability

Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...

9.8CVSS1.6AI score0.66537EPSS
Exploits1References1
Total number of security vulnerabilities5000