Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/04/15 12:0 a.m.37 views

Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2022-60135)

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio Code, which stems from...

7.8CVSS7.8AI score0.00753EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.37 views

Microsoft Windows Hyper-V Shared Virtual Hard Disks信息泄露漏洞(CNVD-2022-62514)

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Windows Hyper-V Shared Virtual Hard Disks has an information disclosure vulnerability that could be exploited by attackers to obtain...

9CVSS2AI score0.03665EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/05 12:0 a.m.37 views

unspecified vulnerability in simple-git-hooks

simple-git-hooks is an application. A simple git hooks manager for small projects. simple-git-hooks versions prior to 3.5.0 have security vulnerabilities that attackers exploit for command injection...

9.8CVSS4.2AI score0.04067EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/18 12:0 a.m.37 views

Netgear W104 has an unspecified vulnerability (CNVD-2022-22305)

Netgear W104 is a wireless access point from Netgear, Inc. A security vulnerability exists in Netgear W104 WAC104-V1.0.4.13, which stems from a lack of protection and privilege restrictions for sensitive information on the BRStop.html page. An unauthenticated attacker could access the page and us...

5.3CVSS4AI score0.20831EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.37 views

SyliusGridBundle SQL Injection Vulnerability

SyliusGridBundle is an open source e-commerce solution built from decoupled components with a robust API and the highest quality code.A SQL injection vulnerability exists in SyliusGridBundle versions prior to 1.10.1 and prior to 1.11-rc2, which stems from the fact that values added at the end of ...

7.5CVSS2.1AI score0.01337EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/03/16 12:0 a.m.37 views

WordPress Sync QCloud COS plugin cross-site scripting vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress Sync QCloud COS plugin version prior to 2.0.1 contains a cross-site scripting vulnerability that stems from the plugin's failure to escape so...

4.8CVSS1AI score0.00588EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.37 views

Nextcloud server information disclosure vulnerability (CNVD-2022-20691)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an information disclosure vulnerabili...

5.3CVSS1.7AI score0.01115EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.37 views

Google Chrome Full screen mode安全绕过漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to bypass security restrictions...

6.5CVSS4AI score0.00863EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.37 views

Siemens Mendix Forgot Password Appstore module存在未明漏洞

Forgot Password module allows users to register applications or reset their own passwords without the need for administrator involvement...

9.8CVSS4.2AI score0.01437EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/08 12:0 a.m.37 views

Tp-link Archer C2 OS Command Injection Vulnerability

TP-Link Archer C2 is a wireless router from Tp-link.TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n is vulnerable due to a security flaw in the device's HTTP parameter XTP ExternalIPv6Address. ExternalIPv6Address in the device lacks filtering and escaping of user data, which...

9CVSS3.1AI score0.53956EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/02 12:0 a.m.37 views

WordPress Yoast SEO plugin information leakage vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. An information disclosure vulnerability exists in versions of the WordPress Yoast SEO plugin prior to...

5.3CVSS1.5AI score0.05632EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.37 views

JetBrains TeamCity Cross-Site Request Forgery Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...

8.8CVSS0.3AI score0.03202EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/25 12:0 a.m.37 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17681)

Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error that could be exploited by an attacker to update, insert, or delete access to MySQL Server accessible data without authorization...

5.5CVSS3.7AI score0.01257EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.37 views

KiCad EDA Buffer Overflow Vulnerability

KiCad Eda is a cross-platform and open source electronic design automation suite from the KiCad community. KiCad EDA is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker with a specially crafted gerber or excellon file to cause code execution...

7.8CVSS5.1AI score0.01539EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/17 12:0 a.m.37 views

Jenkins Pipeline Multibranch Plugin Arbitrary File Read Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Pipeline Multibranch Plugin 706.vd43c65dec013 and earlier versions contain an arbitrary file reading vulnerability...

6.5CVSS0.8AI score0.01786EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.37 views

WordPress WOOF plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress WOOF plugin has a cross-site scripting vulnerability in versions prior to 1.2.6.3, which stems from the lack of escaping of woofredrawelements and can be exploited by attackers to...

6.1CVSS2.8AI score0.01651EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/03 12:0 a.m.37 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09139)

Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server, which originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete...

6.3CVSS5.8AI score0.02686EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/27 12:0 a.m.37 views

Linux kernel buffer overflow vulnerability (CNVD-2022-68570)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a buffer overflow vulnerability that stems from a driver that can randomly access memory, which can be exploited by attackers to run malicious code on the GPU and escalate...

7.8CVSS4.7AI score0.00379EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.37 views

Adobe Acrobat Reader Dc Buffer Error Vulnerability (CNVD-2022-11151)

Adobe Acrobat Reader Dc is a Pdf reading tool from the American company Adobe. It is used to reliably view, print and annotate Pdf documents. Adobe Acrobat Reader Dc suffers from a buffer overflow vulnerability, which can be exploited by attackers to trick victims into opening a carefully...

5.5CVSS4.1AI score0.05856EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.37 views

Linux kernel heap buffer overflow vulnerability (CNVD-2022-68564)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a security flaw caused by an integer underflow in the legacyparseparam function in fs/fscontext.c. By sending a carefully crafted request, a locally authenticated attack...

8.4CVSS3AI score0.25151EPSS
Exploits11References1
CNVD
CNVD
added 2022/01/18 12:0 a.m.37 views

WordPress Landing Page Builder plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Landing Page Builder plugin prior to version...

5.4CVSS5.4AI score0.01271EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/06 12:0 a.m.37 views

Shopware Open Redirect Vulnerability

Shopware is a set of open source e-commerce software from the German company Shopware. shopware has an open redirect vulnerability in versions prior to 5.7.7, which stems from incomplete URL handling in shopware routing and can be exploited by attackers to redirect users to arbitrary websites...

6.8CVSS2.9AI score0.00774EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/05 12:0 a.m.37 views

ZOHO ManageEngine ADSelfService Plus has an unspecified vulnerability (CNVD-2022-02473)

A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability stems from build 6116 of ManageEngine ADSelfService Plus containing an observable...

5.3CVSS1.6AI score0.069EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/17 12:0 a.m.37 views

GNOME Web Cross-Site Scripting Vulnerability (CNVD-2022-02768)

GNOME Web Epiphany is a Web browser based on the WebKit rendering engine. The product provides paginated browsing, cookie management, pop-up ad control, etc. GNOME Web contains a cross-site scripting vulnerability that can be exploited by attackers to conduct exploit attacks when viewing in sourc...

6.1CVSS3.9AI score0.01485EPSS
Exploits1References1
CNVD
CNVD
added 2021/11/24 12:0 a.m.37 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05069)

Vim is a UNIX-based editor, and a buffer overflow vulnerability exists in Vim, which stems from the product's failure to properly determine memory boundaries and can be exploited by attackers to cause a buffer overflow...

9.3CVSS5.4AI score0.01669EPSS
Exploits1References1
CNVD
CNVD
added 2021/11/22 12:0 a.m.37 views

Lantronix PremierWave 2050 Path Traversal Vulnerability (CNVD-2022-01596)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to a path traversal vulnerability caused by a lack of filtering and escaping of path parameters by the Web Manager FSBrowsePage feature. An...

4.3CVSS2.8AI score0.01876EPSS
Exploits1References1
CNVD
CNVD
added 2021/11/17 12:0 a.m.37 views

Google Chrome iframe sandbox security bypass vulnerability

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome iframe sandbox that stems from improper policy enforcement in the product's iframe sandbox. An attacker can exploit the vulnerability to bypass security restrictions...

8.8CVSS8.7AI score0.00805EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/10 12:0 a.m.37 views

Microsoft Exchange Server Spoofing Vulnerability (CNVD-2021-101660)

Microsoft Exchange Server is a mail server and calendar server developed by Microsoft. a spoofing vulnerability exists in Microsoft Exchange Server. No detailed vulnerability details are available...

4.3CVSS1.5AI score0.08109EPSS
Exploits0
CNVD
CNVD
added 2021/11/08 12:0 a.m.37 views

FastAdmin has a file upload vulnerability

FastAdmin is an extremely fast backend development framework based on ThinkPHP and Bootstrap.FastAdmin is vulnerable to file upload. An attacker can use this vulnerability to gain server privileges...

2.6AI score
Exploits0
CNVD
CNVD
added 2021/11/04 12:0 a.m.37 views

Adobe Media Encoder memory corruption vulnerability

A memory corruption vulnerability exists in Adobe Media Encoder, an audio and video encoding application from Adobe, which stems from a boundary error when handling untrusted input. An attacker could use this vulnerability to trigger memory corruption and execute arbitrary code on the target syst...

9.3CVSS4.4AI score0.01952EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/02 12:0 a.m.37 views

Google Android Android TV Remote Service Component Remote Code Execution Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the Android TV Remote Service component of Google Android, which can be exploited by an attacker to achieve remote...

10CVSS9.7AI score0.01602EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/21 12:0 a.m.37 views

Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84815)

Chrome is a web browsing tool developed by Google. Skia in versions prior to Google Chrome 95.0.4638.54 is vulnerable to a heap buffer overflow. A remote attacker can exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...

9.6CVSS4AI score0.01EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/20 12:0 a.m.37 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81774)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...

4.9CVSS5.1AI score0.02125EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/20 12:0 a.m.37 views

Oracle Database Server has an unspecified vulnerability (CNVD-2021-84599)

Oracle Database Server is a relational database management system from Oracle Corporation USA. An unspecified vulnerability exists in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c. An attacker could use this...

4CVSS3.3AI score0.01381EPSS
Exploits5Affected Software1
CNVD
CNVD
added 2021/10/20 12:0 a.m.37 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2021-81782)

Oracle MySQL Server is a relational database from Oracle Corporation. An unspecified vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to compromise MySQL Server by accessing the network via multiple protocols...

5.5CVSS5.4AI score0.01579EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/08 12:0 a.m.37 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99279)

Chrome is a simple and efficient web browsing tool developed by Google Google Chrome 94.0.4606.71 Previous versions of Safe Browsing have a post-release reuse vulnerability. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...

8.8CVSS3.2AI score0.01303EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/08 12:0 a.m.37 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99278)

Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 94.0.4606.71. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...

8.8CVSS3.4AI score0.34887EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/29 12:0 a.m.37 views

Nokogiri Code Issue Vulnerability

Nokogiri is an open source software library for parsing HTML and XML in Ruby . Nokogiri suffers from a code issue vulnerability that stems from the SAX parser parsing external entities by default in Nokogiri v1.12.4 and earlier versions, on JRuby only. No detailed vulnerability details are provid...

7.5CVSS7.5AI score0.01374EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/23 12:0 a.m.37 views

JetBrains Hub Licensing Issue Vulnerability (CNVD-2022-09222)

JetBrains Hub is a web-based application from JetBrains Czech Republic. The application is able to integrate multiple JetBrains team tools together.JetBrains Hub versions prior to 2021.1.13389 have an authorization issue vulnerability that can be exploited by an attacker to cause an account to be...

9.8CVSS2.6AI score0.0103EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/17 12:0 a.m.37 views

libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78434)

libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 has a heap buffer overflow vulnerability in the putweightedbipred16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...

6.5CVSS4.8AI score0.01337EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/26 12:0 a.m.37 views

F5 BIG-IP TMM Denial of Service Vulnerability (CNVD-2021-65645)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP TMM, which can be exploited by attackers to cause a denial of servi...

7.5CVSS5.9AI score0.0092EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/17 12:0 a.m.37 views

Discourse code issue vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...

7.5CVSS2.7AI score0.00833EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/13 12:0 a.m.37 views

Google TensorFlow TFLite Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow TFLite. A local attacker can exploit this vulnerability to cause a denial of service condition...

5.5CVSS5.2AI score0.00154EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/04 12:0 a.m.37 views

Nexus Control Panel Elevation of Privilege Vulnerability

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare.An elevation of privilege vulnerability exists in versions prior to Nexus Control Panel 7.2.5.7. An attacker could exploit this vulnerability to gain root access to the device, which would allow access to all device...

10CVSS5.1AI score0.01737EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/23 12:0 a.m.37 views

Linux kernel input validation error vulnerability (CNVD-2021-53926)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel is vulnerable to an input validation error vulnerability that stems from an out-of-bounds write flaw. No detailed vulnerability details are provided at this time...

7.8CVSS7.8AI score0.09729EPSS
Exploits6References1
CNVD
CNVD
added 2021/07/21 12:0 a.m.37 views

Google Chrome dialog box code execution vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in the handling of dialog boxes in Windows in versions prior to Google Chrome 92.0.4515.107. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service conditi...

8.8CVSS6.3AI score0.01053EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/21 12:0 a.m.37 views

Adobe Prelude incorrect input validation vulnerability

Adobe Prelude is a video recording and capture tool designed for media finishing and metadata entry to quickly tag and transcode video footage and quickly create rough cuts. Adobe Prelude 10.0 and earlier versions contain an incorrect input validation vulnerability. An attacker could exploit this...

6.8CVSS3.8AI score0.01475EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/21 12:0 a.m.37 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54676)

Oracle MySQL is an open source relational database management system from Oracle. A denial of service vulnerability exists in the Server: Replication component in Oracle MySQL Server 5.7.34, 8.0.25 and earlier versions. An attacker could exploit this vulnerability to cause the MySQL server to han...

5CVSS5.2AI score0.0187EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/14 12:0 a.m.37 views

Adobe Acrobat/Reader OS Command Injection Vulnerability

Adobe Acrobat is a PDF editor developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to operating system command injection. An attacker can exploit this vulnerability to execute arbitrary code...

8.5CVSS4AI score0.02214EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/13 12:0 a.m.37 views

Apache CXF Resource Management Error Vulnerability (CNVD-2021-70100)

Apache CXF is the United States Apache Apache Foundation's an open source Web services framework. The framework supports multiple Web service standards, multiple front-end programming APIs, etc. Apache CXF has a resource management error vulnerability that can be exploited by an attacker to submi...

7.5CVSS1.9AI score0.07024EPSS
Exploits0References1
Total number of security vulnerabilities5000