Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/09/29 12:0 a.m.•37 views

Nokogiri Code Issue Vulnerability

Nokogiri is an open source software library for parsing HTML and XML in Ruby . Nokogiri suffers from a code issue vulnerability that stems from the SAX parser parsing external entities by default in Nokogiri v1.12.4 and earlier versions, on JRuby only. No detailed vulnerability details are provid...

7.5CVSS7.5AI score0.01374EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•37 views

JetBrains Hub Licensing Issue Vulnerability (CNVD-2022-09222)

JetBrains Hub is a web-based application from JetBrains Czech Republic. The application is able to integrate multiple JetBrains team tools together.JetBrains Hub versions prior to 2021.1.13389 have an authorization issue vulnerability that can be exploited by an attacker to cause an account to be...

9.8CVSS2.6AI score0.0103EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•37 views

libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78434)

libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 has a heap buffer overflow vulnerability in the putweightedbipred16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...

6.5CVSS4.8AI score0.01337EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/26 12:0 a.m.•37 views

F5 BIG-IP TMM Denial of Service Vulnerability (CNVD-2021-65645)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP TMM, which can be exploited by attackers to cause a denial of servi...

7.5CVSS5.9AI score0.0092EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/17 12:0 a.m.•37 views

Discourse code issue vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...

7.5CVSS2.7AI score0.00833EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/13 12:0 a.m.•37 views

Google TensorFlow TFLite Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow TFLite. A local attacker can exploit this vulnerability to cause a denial of service condition...

5.5CVSS5.2AI score0.00154EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/04 12:0 a.m.•37 views

Nexus Control Panel Elevation of Privilege Vulnerability

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare.An elevation of privilege vulnerability exists in versions prior to Nexus Control Panel 7.2.5.7. An attacker could exploit this vulnerability to gain root access to the device, which would allow access to all device...

10CVSS5.1AI score0.01737EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/23 12:0 a.m.•37 views

Linux kernel input validation error vulnerability (CNVD-2021-53926)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel is vulnerable to an input validation error vulnerability that stems from an out-of-bounds write flaw. No detailed vulnerability details are provided at this time...

7.8CVSS7.8AI score0.09729EPSS
Exploits6References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•37 views

Google Chrome dialog box code execution vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in the handling of dialog boxes in Windows in versions prior to Google Chrome 92.0.4515.107. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service conditi...

8.8CVSS6.3AI score0.01053EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•37 views

Adobe Prelude incorrect input validation vulnerability

Adobe Prelude is a video recording and capture tool designed for media finishing and metadata entry to quickly tag and transcode video footage and quickly create rough cuts. Adobe Prelude 10.0 and earlier versions contain an incorrect input validation vulnerability. An attacker could exploit this...

6.8CVSS3.8AI score0.01475EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•37 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54676)

Oracle MySQL is an open source relational database management system from Oracle. A denial of service vulnerability exists in the Server: Replication component in Oracle MySQL Server 5.7.34, 8.0.25 and earlier versions. An attacker could exploit this vulnerability to cause the MySQL server to han...

5CVSS5.2AI score0.0187EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•37 views

Adobe Acrobat/Reader OS Command Injection Vulnerability

Adobe Acrobat is a PDF editor developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to operating system command injection. An attacker can exploit this vulnerability to execute arbitrary code...

8.5CVSS4AI score0.02214EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/13 12:0 a.m.•37 views

Apache CXF Resource Management Error Vulnerability (CNVD-2021-70100)

Apache CXF is the United States Apache Apache Foundation's an open source Web services framework. The framework supports multiple Web service standards, multiple front-end programming APIs, etc. Apache CXF has a resource management error vulnerability that can be exploited by an attacker to submi...

7.5CVSS1.9AI score0.07024EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/30 12:0 a.m.•37 views

Information Disclosure Vulnerability in Kyan Network Monitoring Appliance (CNVD-2021-49589)

Kyan is a network monitoring device. An information disclosure vulnerability exists in the Kyan network monitoring device, which can be exploited by attackers to obtain sensitive information...

6.4AI score
Exploits0
CNVD
CNVD
•added 2021/06/28 12:0 a.m.•37 views

Unauthorized Access Vulnerability in TENDA 11N Wireless Router

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. An unauthorized access vulnerability exists in the TENDA 11N Wireless Router, which can be exploited by attackers to obtain sensitive...

6.8AI score
Exploits0
CNVD
CNVD
•added 2020/11/19 12:0 a.m.•37 views

Jupyter Notebook redirection vulnerability

Jupyter Notebook is an open source web application that allows you to create and share documents containing live code, equations, visualizations, and narrative text.A redirection vulnerability exists in versions prior to Jupyter Notebook 6.1.5. An attacker can exploit this vulnerability to redire...

6.1CVSS3.1AI score0.01213EPSS
Exploits0References1
CNVD
CNVD
•added 2020/10/16 12:0 a.m.•37 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61771)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows and Windows Server have an elevation of privilege vulnerability that can be exploited by...

7.8CVSS5.1AI score0.01004EPSS
Exploits0References1
CNVD
CNVD
•added 2020/08/11 12:0 a.m.•37 views

Apache HTTP Server Environment Issues Vulnerabilities

Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.20 through 2.4.43, which can be exploited by ...

7.5CVSS8.4AI score0.89744EPSS
Exploits0References1
CNVD
CNVD
•added 2018/04/04 12:0 a.m.•37 views

Joomla! Joom Sky JS Jobs Extension Cross-Site Scripting Vulnerability

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . Joom Sky JS Jobs extension is used in one of the recruitment features with an extension . A cross-site scripting vulnerability...

5.4CVSS6.1AI score0.02314EPSS
Exploits5References1
CNVD
CNVD
•added 2017/09/20 12:0 a.m.•37 views

Kaltura PHP Object Injection Vulnerability

Kaltura is a suite of open source online video platforms from the US company Kaltura. A security vulnerability exists in the 'getUserzoneCookie' function in Kaltura versions prior to 13.2.0. A remote attacker can exploit this vulnerability with a specially crafted userzone cookie to bypass the...

9.8CVSS9.5AI score0.75497EPSS
Exploits12References1
CNVD
CNVD
•added 2017/06/13 12:0 a.m.•37 views

Red Hat Undertow Security Bypass Vulnerability

Red Hat Undertow is a web server from Red Hat USA. A security bypass vulnerability exists in Red Hat Undertow. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations...

6.5CVSS6.8AI score0.02712EPSS
Exploits0References1
CNVD
CNVD
•added 2016/12/14 12:0 a.m.•37 views

Microsoft Windows Uniscribe Component Remote Code Execution Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Uniscribe component. An attacker could exploit this vulnerability to compromise an affected system...

9.3CVSS7.9AI score0.42488EPSS
Exploits4References1
CNVD
CNVD
•added 2016/11/14 12:0 a.m.•37 views

MoinMoin HTML Injection Vulnerability (CNVD-2016-11259)

MoinMoin is a set of open source , scalable wiki engine program based on the Python environment . An HTML injection vulnerability exists in MoinMoin version 1.9.8. A remote attacker can exploit this vulnerability to inject arbitrary JS code via a specially crafted URL...

6.1CVSS6.8AI score0.01186EPSS
Exploits3References1
CNVD
CNVD
•added 2016/10/27 12:0 a.m.•37 views

Cisco IP Interoperability and Collaboration System Authentication Bypass Vulnerability

The Cisco IP Interoperability and Collaboration System is a set of solutions that provide voice interoperability across different systems based on IP standards. An authentication bypass vulnerability exists in Cisco IP Interoperability and Collaboration System Universal Media Services, which coul...

10CVSS7.1AI score0.02174EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/28 12:0 a.m.•37 views

GNU wget Competitive Conditions Vulnerability

wget is a free and open source set of download tools that support automatic downloading of files from the web. A competitive condition vulnerability exists in GNU wget versions 1.17 and earlier. An attacker on the remote server side can exploit this vulnerability by keeping the HTTP link open to...

8.1CVSS8.7AI score0.07499EPSS
Exploits5References1
CNVD
CNVD
•added 2016/07/13 12:0 a.m.•37 views

Microsoft Multiple Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer IE and Microsoft Edge are web browsers developed by Microsoft Corporation. The former is the default browser that comes with operating systems prior to Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10. JScript is...

9.3CVSS7.2AI score0.22955EPSS
Exploits0References1
CNVD
CNVD
•added 2016/05/19 12:0 a.m.•37 views

OpenSLP Denial of Service Vulnerability

OpenSLP Service Location Protocol is an IETF standard protocol developed by the OpenSLP project for dynamic service discovery within the Internet. The protocol supports looking up services in the network by their types and attributes. A denial of service vulnerability exists in the 'xrealloc'...

7.5CVSS6.7AI score0.0536EPSS
Exploits1References1
CNVD
CNVD
•added 2016/03/07 12:0 a.m.•37 views

BeanShell Arbitrary Command Execution Vulnerability

BeanShell is an open source , free Java source code interpreter . A security vulnerability exists in BeanShell. An attacker can exploit this vulnerability to execute arbitrary commands...

8.1CVSS8.5AI score0.70425EPSS
Exploits1References1
CNVD
CNVD
•added 2016/01/15 12:0 a.m.•37 views

Swift3 Replay Attack Vulnerability

OpenStack is a cloud platform management project.Swift is one of the storage projects for storing permanent static data.Swift3 is a middleware that provides access to OpenStack Swift through the Amazon S3 API. Swift3 has a security vulnerability that allows a remote attacker to perform a replay...

7.4CVSS7AI score0.02013EPSS
Exploits0References1
CNVD
CNVD
•added 2016/01/08 12:0 a.m.•37 views

Android kernel/sys.c elevation of privilege vulnerability

Android is a cell phone operating system based on the Linux open kernel. A security vulnerability exists in the implementation of the prctlsetvmaanonname function within kernel/sys.c in versions of Android prior to 5.1.1 LMY49F, and 6.0 prior to 2016-01-01, which does not ensure that only one vma...

9.3CVSS6.8AI score0.00729EPSS
Exploits0References1
CNVD
CNVD
•added 2025/03/12 12:0 a.m.•36 views

Apache Tomcat Remote Code Execution Vulnerability

Apache Tomcat is an open source lightweight Java Web server and Servlet container , designed to run Java Servlet and JSP core tools designed to support dynamic content processing and hosting of static resources , is the cornerstone of small and medium-sized Java Web application development and...

10CVSS7.8AI score0.99945EPSS
Exploits46References1
CNVD
CNVD
•added 2024/04/18 12:0 a.m.•36 views

Oracle MySQL Denial of Service Vulnerability (CNVD-2024-19015)

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker could exploit this vulnerability to cause MySQL Server to hang or crash frequently and repeatedly...

4.9CVSS7AI score0.00986EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/17 12:0 a.m.•36 views

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Server-Side Request Forgery Vulnerability

IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty are both products of International Business Machines IBM.IBM WebSphere Application Server is an application server IBM WebSphere Application Server is an application server product. The product is a platform for...

4.3CVSS6.6AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/15 12:0 a.m.•36 views

IBM Security verify Access Appliance Security Vulnerability

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

8.1CVSS6.4AI score0.00582EPSS
Exploits1References1
CNVD
CNVD
•added 2024/03/26 12:0 a.m.•36 views

Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

5.4CVSS7.6AI score0.01727EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/29 12:0 a.m.•36 views

Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11663)

Adobe Acrobat Reader is the United States of America Audobee Adobe, a PDF viewer. Adobe Acrobat and Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information caused by an out-of-bounds read...

5.5CVSS6AI score0.03161EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/16 12:0 a.m.•36 views

D-Link R15 Code Issue Vulnerability

The D-Link R15 is a wireless router from China-based AUO D-Link. The D-Link R15 v1.08.02 suffers from a code issue vulnerability that stems from the device not including firewall restrictions for IPv6 traffic, which can be exploited by an attacker to arbitrarily access services on the device that...

5.3CVSS7AI score0.00492EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/11 12:0 a.m.•36 views

Information Leakage Vulnerability in Urban Security Monitoring DSS System of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. An information leakage vulnerability exists in Zhejiang Dahua Technology Co. city security monitoring DSS system, which can be exploited by attackers to obtain sensitive information...

6.6AI score
Exploits0
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•36 views

Siemens Mendix Authentication Bypass Vulnerability

Mendix is a high-productivity application platform for building and continuously improving mobile and web applications at scale. An authentication bypass vulnerability exists in Siemens Mendix, which can be exploited by an attacker to access or modify objects without proper authorization or to...

8.1CVSS7.1AI score0.0044EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/09 12:0 a.m.•36 views

The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L set_qos function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to crash.

iOS is a mobile operating system developed by Apple. iPadOS is Apple's family of mobile operating systems based on iOS. macOS Ventura is Apple's desktop operating system. An arbitrary code execution vulnerability exists in several Apple products, which can be exploited by an attacker to send...

7.8CVSS7.4AI score0.15263EPSS
Exploits2
CNVD
CNVD
•added 2023/08/25 12:0 a.m.•36 views

WinRAR Code Execution Vulnerability

WinRAR is a shareware program for managing zip files. A code execution vulnerability exists in WinRAR that can be exploited by an attacker to execute arbitrary code when a user attempts to view benign files in a ZIP archive...

7.8CVSS8AI score0.97798EPSS
Exploits49References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•36 views

Microsoft Outlook Spoofing Vulnerability

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. Microsoft Outlook has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

6.5CVSS6.5AI score0.01969EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•36 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-64868)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...

8.8CVSS8.3AI score0.03525EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/12 12:0 a.m.•36 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-53466)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

6.5CVSS6.5AI score0.67452EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/17 12:0 a.m.•36 views

Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2023-28127)

Chrome is a free and fast Internet browser software developed by Google, Inc. with the goal of making Google Chrome is based on the more powerful JavaScript V8 Google Chrome is based on the more powerful JavaScript V8 engine, which improves the browser's processing speed. It supports multi-tab...

8.7AI score0.40798EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/04/13 12:0 a.m.•36 views

Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44303)

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

6.6CVSS7.8AI score0.00836EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•36 views

Google Chrome Out-of-Bounds Access Vulnerability

Google Chrome is a web browser from Google, an American company. An out-of-bounds access vulnerability exists in versions prior to Google Chrome 111.0.5563.110, which stems from out-of-bounds memory access in the Chrome WebHID, and can be exploited by a remote attacker to potentially leverage hea...

9.8CVSS9.3AI score0.01062EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•36 views

Google Chrome ANGLE out-of-bounds read vulnerability

Google Chrome is a web browser from Google, Inc. An out-of-bounds read vulnerability exists in versions of Google Chrome prior to 111.0.5563.110, which stems from a lack of proper validation of user-supplied data by ANGLE, where specially crafted data could trigger a read beyond the end of the...

8.8CVSS8.9AI score0.01339EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/05 12:0 a.m.•36 views

Linux kernel xusb.c file code issue vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel prior to version 5.17, which stems from the drivers/phy/tegra/xusb.c file incorrectly handling the return value of...

5.5CVSS6.6AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•36 views

Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-14511)

A buffer overflow vulnerability exists in Dell BIOS, which is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. The vulnerability stems from a boundary error when handling untrusted input. A locally authenticated attacker could exploit the vulnerability to execu...

8.8CVSS2.8AI score0.00166EPSS
Exploits0References1
Total number of security vulnerabilities5000