Lucene search
K
CnvdMost viewed

130997 matches found

CNVD
CNVD
added 2022/03/22 12:0 a.m.152 views

Linux kernel elevation of privilege vulnerability (CNVD-2022-69204)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability, which stems from watchqueue triggering a memory corruption in the Linux kernel that could be exploited by an attacker to gain elevat...

7.8CVSS3.5AI score0.06197EPSS
Exploits10References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.151 views

Product Show Room Site跨站脚本漏洞

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to cross-site scripting, which stems from the fact that entering a special string into the Message text box leads to cross-site scripting. No details of t...

4.8CVSS3AI score0.00586EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.150 views

Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48945)

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/categories/managecategory .php?id=The page lacks validation for external input SQL statement...

7.2CVSS4.7AI score0.00909EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/16 12:0 a.m.149 views

Adobe Media Encoder Memory Corruption Vulnerability (CNVD-2022-50236)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A memory corruption vulnerability exists in Adobe Media Encoder version 15.4 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the current...

7.8CVSS7.6AI score0.01869EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.149 views

Jenkins Pipeline Security Feature Issue Vulnerability

Jenkins Pipeline is a set of plugins that support the implementation and integration of continuous delivery pipelines into Jenkins.Jenkins Pipeline: Groovy Plugin is vulnerable to a security feature issue that could be exploited by an attacker to load any Groovy source file on the class path of...

8.5CVSS2.4AI score0.01244EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.149 views

WordPress Code Snippets Extended跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Code...

5.8CVSS2.4AI score0.00368EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/09 12:0 a.m.147 views

Unspecified Vulnerability in Exim (CNVD-2022-56952)

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A security vulnerability exists in Exim versions prior to 4.95, which stems from a heap-based buffer overflow in the alias list in hostnamelookup when senderhostname is set. No details of t...

9.8CVSS9.5AI score0.0292EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/24 12:0 a.m.147 views

flatCore remote code execution vulnerability

flatCore is a PHP and SQLite based Web Content Management System CMS. flatCore version 2.0.7 is vulnerable to remote code execution. An attacker can exploit the vulnerability to execute arbitrary php code by uploading the addon plugin...

9CVSS5.7AI score0.45948EPSS
Exploits4References1
CNVD
CNVD
added 2022/05/24 12:0 a.m.145 views

Google Android Resource Management Error Vulnerability in Android (CNVD-2022-47667)

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to a resource management error that could be exploited by attackers to cause a local privilege escalation...

7CVSS4.8AI score0.00083EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.145 views

Adobe Character Animator 2021 memory buffer out-of-bounds access vulnerability

Adobe Character Animator is a motion capture and animation tool that provides everyone with an easy-to-use solution for intuitive 2D character animation, real-time animation, and easy sharing and publishing of characters. Adobe Character Animator 2021 4.4 and earlier versions have a memory buffer...

9.3CVSS5.3AI score0.0155EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/23 12:0 a.m.143 views

Adobe Illustrator 2021 out-of-bounds read vulnerability

Adobe Illustrator 2021 is a vector drawing software. Adobe Illustrator 2021 25.2.3 and earlier versions contain an out-of-bounds read vulnerability when handling specially crafted files. An attacker could exploit this vulnerability to cause a memory leak...

4.3CVSS4.9AI score0.01212EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/22 12:0 a.m.142 views

Apache HTTP Server Server-Side Request Forgery Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

9.1CVSS7.4AI score0.01536EPSS
Exploits5References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.142 views

TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53557)

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the filename parameter in /setting/setUploadSetting...

10CVSS3.5AI score0.02492EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.141 views

Google Android Information Disclosure Vulnerability (CNVD-2022-50279)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

5.5CVSS6.2AI score0.0011EPSS
Exploits0References1
CNVD
CNVD
added 2023/09/15 12:0 a.m.138 views

Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2023-72223)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.3AI score0.01206EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.138 views

WordPress Code Snippets Extended Cross-Site Request Forgery Vulnerability (CNVD-2022-49396)

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets Extended is vulnerable to cross-site request forgery, which can be exploited by...

8.8CVSS3.3AI score0.00894EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.136 views

Jenkins Beaker builder Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...

4.3CVSS1.7AI score0.00553EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.135 views

Fast Food Ordering System Arbitrary File Deletion Vulnerability

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to an arbitrary file deletion vulnerability, which originates in /ffos/classes/Master.php?f=deleteimg page lacks valid validation and can be...

9.1CVSS3.9AI score0.01147EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.135 views

Jenkins Autocomplete Parameter Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the program not properly escaping the names of th...

5.4CVSS2AI score0.00715EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.134 views

Google Android Information Disclosure Vulnerability (CNVD-2022-50278)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...

6.5CVSS6.2AI score0.00648EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.134 views

Jenkins EasyQA Plugin Cross-Site Request Forgery Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins EasyQA Plugin 1.0 and earlier versions are vulnerable to cross-site...

4.3CVSS1.1AI score0.00521EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.133 views

Jenkins EasyQA Plugin Cross-Site Request Forgery Vulnerability (CNVD-2022-49793)

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins EasyQA Plugin 1.0 and earlier versions are vulnerable to cross-site...

8.8CVSS1.1AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.134 views

WordPress Code Snippets Extended跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets Extended has a cross-site scripting vulnerability, and no details of the...

6.1CVSS0.9AI score0.00358EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/24 12:0 a.m.133 views

Apache HTTP Server Code Issue Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code issue vulnerability exists in Apache HTTP Server that stems from a null pointer reference error in the product. The...

8.2CVSS9AI score0.82295EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.132 views

Cisco AppDynamics Controller Authorization Issues Vulnerability

Cisco AppDynamics Controller is Cisco's ability to monitor and analyze full-stack data through accurate tracking and analysis across a highly distributed application environment. Cisco AppDynamics Controller suffers from an authorization issue vulnerability that arises from incorrect authorizatio...

5.3CVSS7AI score0.00985EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.132 views

Jenkins vboxwrapper Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins vboxwrapper Plugin 1.3 and earlier versions are vulnerable to a...

5.4CVSS1.6AI score0.00715EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/18 12:0 a.m.131 views

Apple WebKit Out-of-Bounds Write Vulnerability

WebKit is the engine for Safari and other browsers on iOS and iPadOS. The Apple WebKit out-of-bounds write vulnerability can be exploited by an attacker to execute arbitrary code by tricking a user into visiting a specially crafted website...

8.8CVSS8.9AI score0.09785EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.131 views

Sourcecodester Hospital Patient Records Management System SQL注入漏洞(CNVD-2022-48760)

Sourcecodester Hospital Patient Records Management System is a web-based application that provides hospitals with an automated platform to store and manage their patient records. sourcecodester Hospital Patient Records Management System is vulnerable to SQL injection, which originates from...

7.2CVSS2AI score0.00909EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/08 12:0 a.m.131 views

lighttpd Buffer Overflow Vulnerability

lighttpd is an open source web server. A buffer overflow vulnerability exists in Lighttpd versions 1.4.46 through 1.4.63, which stems from the modextforwardForwarded function in the product's modextforward plugin failing to handle memory boundaries effectively. An attacker could exploit this...

5.9CVSS5.9AI score0.08969EPSS
Exploits1References1
CNVD
CNVD
added 2024/07/05 12:0 a.m.130 views

Unspecified Vulnerability in Apache HTTP Server (CNVD-2024-36387)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that can be exploited by an attacker to map URLs to file system locations th...

9.1CVSS9.2AI score0.99957EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.130 views

Jenkins Promoted Builds (Simple) Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

5.4CVSS0.9AI score0.00715EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/29 12:0 a.m.130 views

xiaohuanxiong SQL injection vulnerability

xiaohuanxiong is an open source comic CMS by guoguo individual developers. xiaohuanxiong version 1.0 is vulnerable to SQL injection, which originates from the id parameter in /app/controller/Books.php. No detailed vulnerability details are available...

9.8CVSS3.8AI score0.00941EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/08 12:0 a.m.130 views

SQL Injection Vulnerability in Ai Qing Lemon CMS (CNVD-2021-51254)

Aizumi CMS is a php music website developed with php MySQL. Aizumi CMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2022/06/24 12:0 a.m.129 views

Jenkins Convertigo Mobile Platform Plugin跨站请求伪造漏洞(CNVD-2022-49790)

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to perform permission checks in the...

8.8CVSS1.7AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.128 views

Jenkins Agent Server Parameter Plugin Cross-Site Scripting Vulnerability (CNVD-2022-49787)

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.A cross-site scripting...

5.4CVSS2.3AI score0.00602EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/08 12:0 a.m.128 views

Adobe Photoshop Out-of-Bounds Read Vulnerability (CNVD-2022-50237)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. An out-of-bounds read vulnerability exists in Adobe Photoshop. An attacker could exploit this vulnerability to cause a sensitive memory leak...

4.3CVSS6.3AI score0.01455EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/21 12:0 a.m.127 views

Adobe Character Animator out-of-bounds read vulnerability

Adobe Character Animator is a motion capture and animation tool that provides everyone with an easy-to-use solution for intuitively animating 2D characters, animating in real time, and easily sharing and publishing characters. an out-of-bounds read vulnerability exists in Adobe Character Animator...

4.3CVSS4.3AI score0.01528EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.126 views

Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48949)

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/sales/receipt.php?id=page missing validation of external input SQL statements, which can be...

7.2CVSS4.7AI score0.00909EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.126 views

Atlassian Fisheye and Crucible Code Execution Vulnerabilities

Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. A security vulnerability exists in Atlassian Fishey and Crucible versions prior to 4.8.9, which can be exploited by an attacker to inject arbitrary HTML and/or JavaScript...

6.1CVSS6.2AI score0.00703EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/12 12:0 a.m.126 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59686)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application allows computers and devices to quickly read and efficiently perform video encoding or HEVC video. Microsoft HEVC Video Extensions suffers from a remote code execution vulnerability th...

9.3CVSS6.4AI score0.03631EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/29 12:0 a.m.126 views

File upload vulnerability exists in Panavision e-office (CNVD-2021-49104)

Panmicro e-office is a standard collaborative mobile office platform under Panmicro. A file upload vulnerability exists in Panmicro e-office, which can be exploited by an attacker to gain control of the server...

7.3AI score
In wildExploits0
CNVD
CNVD
added 2021/06/21 12:0 a.m.126 views

JoomShaper SP Page Builder Lite suffers from a SQL Injection Vulnerability

SP Page Builder is a free page builder component that users can use to design and edit website page content on joomla sites. JoomShaper SP Page Builder Lite suffers from a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive database information...

7.7AI score
Exploits0
CNVD
CNVD
added 2025/07/18 12:0 a.m.125 views

Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-16614)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...

7.5CVSS6.8AI score0.00669EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.125 views

Jenkins Beaker builder Plugin Cross-site Request Forgery Vulnerability (CNVD-2022-49788)

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...

6.5CVSS1.8AI score0.00468EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.126 views

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-48961)

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to SQL injection, which originates from /psrs/admin/?page=products/viewproduct&id= page has a SQL injection issue. No detailed vulnerability details are...

7.2CVSS4AI score0.00909EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.124 views

Google Android Information Disclosure Vulnerability (CNVD-2022-50275)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...

4.9CVSS6.2AI score0.00113EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.124 views

Jenkins SSH Plugin Cross-Site Request Forgery Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins SSH Plugin 2.6.1 and earlier...

8.8CVSS3.1AI score0.00625EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.123 views

Jenkins Random String Parameter Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins Plugin is a cross-site scripting vulnerability in Jenkins Random Stri...

5.4CVSS1.2AI score0.00701EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.123 views

Jenkins SSH Plugin Permissions and Access Control Issues Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins SSH Plugin 2.6.1 and earlier...

4.3CVSS1.7AI score0.00684EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/28 12:0 a.m.122 views

Panmicro ecology9 SQL Injection Vulnerability

Ecology9 is a new and efficient collaborative office system created by Panmicro for medium and large organizations. There is a SQL injection vulnerability in Panmicro ecology9, which can be exploited by attackers to obtain sensitive database information...

3.8AI score
Exploits0References1
Total number of security vulnerabilities5000