Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2016/10/27 12:0 a.m.•37 views

Cisco IP Interoperability and Collaboration System Authentication Bypass Vulnerability

The Cisco IP Interoperability and Collaboration System is a set of solutions that provide voice interoperability across different systems based on IP standards. An authentication bypass vulnerability exists in Cisco IP Interoperability and Collaboration System Universal Media Services, which coul...

10CVSS7.1AI score0.02174EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/28 12:0 a.m.•37 views

GNU wget Competitive Conditions Vulnerability

wget is a free and open source set of download tools that support automatic downloading of files from the web. A competitive condition vulnerability exists in GNU wget versions 1.17 and earlier. An attacker on the remote server side can exploit this vulnerability by keeping the HTTP link open to...

8.1CVSS8.7AI score0.07499EPSS
Exploits5References1
CNVD
CNVD
•added 2016/08/11 12:0 a.m.•37 views

vBulletin Server-Side Request Forgery Security Bypass Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A security bypass vulnerability exists in vBulletin versions 5.2.2 and earlier, 4.2.3, and 3.8.9 and earlier. An attacker can exploit this vulnerability to...

8.6CVSS6.8AI score0.11945EPSS
Exploits6References1
CNVD
CNVD
•added 2016/07/13 12:0 a.m.•37 views

Microsoft Multiple Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer IE and Microsoft Edge are web browsers developed by Microsoft Corporation. The former is the default browser that comes with operating systems prior to Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10. JScript is...

9.3CVSS7.2AI score0.22955EPSS
Exploits0References1
CNVD
CNVD
•added 2016/05/19 12:0 a.m.•37 views

OpenSLP Denial of Service Vulnerability

OpenSLP Service Location Protocol is an IETF standard protocol developed by the OpenSLP project for dynamic service discovery within the Internet. The protocol supports looking up services in the network by their types and attributes. A denial of service vulnerability exists in the 'xrealloc'...

7.5CVSS6.7AI score0.0536EPSS
Exploits1References1
CNVD
CNVD
•added 2016/04/24 12:0 a.m.•37 views

Joyent Node.js UglifyJS Denial of Service Vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A denial of service vulnerability exists in Joyent Node.js UglifyJS due to the program failing to check the input of the .parse function, allowing remote attackers to submit submit special regular...

7.8CVSS7.9AI score0.02358EPSS
Exploits1References1
CNVD
CNVD
•added 2016/03/07 12:0 a.m.•37 views

BeanShell Arbitrary Command Execution Vulnerability

BeanShell is an open source , free Java source code interpreter . A security vulnerability exists in BeanShell. An attacker can exploit this vulnerability to execute arbitrary commands...

8.1CVSS8.5AI score0.70425EPSS
Exploits1References1
CNVD
CNVD
•added 2025/03/12 12:0 a.m.•36 views

Apache Tomcat Remote Code Execution Vulnerability

Apache Tomcat is an open source lightweight Java Web server and Servlet container , designed to run Java Servlet and JSP core tools designed to support dynamic content processing and hosting of static resources , is the cornerstone of small and medium-sized Java Web application development and...

10CVSS7.8AI score0.99945EPSS
Exploits46References1
CNVD
CNVD
•added 2024/04/18 12:0 a.m.•36 views

Oracle MySQL Denial of Service Vulnerability (CNVD-2024-19015)

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker could exploit this vulnerability to cause MySQL Server to hang or crash frequently and repeatedly...

4.9CVSS7AI score0.00986EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/17 12:0 a.m.•36 views

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Server-Side Request Forgery Vulnerability

IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty are both products of International Business Machines IBM.IBM WebSphere Application Server is an application server IBM WebSphere Application Server is an application server product. The product is a platform for...

4.3CVSS6.6AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/15 12:0 a.m.•36 views

IBM Security verify Access Appliance Security Vulnerability

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

8.1CVSS6.4AI score0.00582EPSS
Exploits1References1
CNVD
CNVD
•added 2024/03/14 12:0 a.m.•36 views

Scholars Tracking System SQL Injection Vulnerability (CNVD-2024-14045)

Scholars Tracking System is a scholars tracking system by the individual developer Fabian Ros. Scholars Tracking System suffers from a SQL injection vulnerability that can be exploited by an attacker to send crafted SQL statements to Eligibility Information Update...

9.8CVSS7.7AI score0.0031EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/29 12:0 a.m.•36 views

Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11663)

Adobe Acrobat Reader is the United States of America Audobee Adobe, a PDF viewer. Adobe Acrobat and Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information caused by an out-of-bounds read...

5.5CVSS6AI score0.03161EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/16 12:0 a.m.•36 views

D-Link R15 Code Issue Vulnerability

The D-Link R15 is a wireless router from China-based AUO D-Link. The D-Link R15 v1.08.02 suffers from a code issue vulnerability that stems from the device not including firewall restrictions for IPv6 traffic, which can be exploited by an attacker to arbitrarily access services on the device that...

5.3CVSS7AI score0.00492EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/11 12:0 a.m.•36 views

Information Leakage Vulnerability in Urban Security Monitoring DSS System of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. An information leakage vulnerability exists in Zhejiang Dahua Technology Co. city security monitoring DSS system, which can be exploited by attackers to obtain sensitive information...

6.6AI score
Exploits0
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•36 views

Siemens Mendix Authentication Bypass Vulnerability

Mendix is a high-productivity application platform for building and continuously improving mobile and web applications at scale. An authentication bypass vulnerability exists in Siemens Mendix, which can be exploited by an attacker to access or modify objects without proper authorization or to...

8.1CVSS7.1AI score0.0044EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/09 12:0 a.m.•36 views

The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L set_qos function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to crash.

iOS is a mobile operating system developed by Apple. iPadOS is Apple's family of mobile operating systems based on iOS. macOS Ventura is Apple's desktop operating system. An arbitrary code execution vulnerability exists in several Apple products, which can be exploited by an attacker to send...

7.8CVSS7.4AI score0.15263EPSS
Exploits2
CNVD
CNVD
•added 2023/08/25 12:0 a.m.•36 views

WinRAR Code Execution Vulnerability

WinRAR is a shareware program for managing zip files. A code execution vulnerability exists in WinRAR that can be exploited by an attacker to execute arbitrary code when a user attempts to view benign files in a ZIP archive...

7.8CVSS8AI score0.97798EPSS
Exploits49References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•36 views

Microsoft Outlook Spoofing Vulnerability

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. Microsoft Outlook has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

6.5CVSS6.5AI score0.01969EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•36 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-64868)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...

8.8CVSS8.3AI score0.03525EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/12 12:0 a.m.•36 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-53466)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

6.5CVSS6.5AI score0.67452EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/17 12:0 a.m.•36 views

Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2023-28127)

Chrome is a free and fast Internet browser software developed by Google, Inc. with the goal of making Google Chrome is based on the more powerful JavaScript V8 Google Chrome is based on the more powerful JavaScript V8 engine, which improves the browser's processing speed. It supports multi-tab...

8.7AI score0.40798EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/04/13 12:0 a.m.•36 views

Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44303)

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

6.6CVSS7.8AI score0.00836EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•36 views

Google Chrome Out-of-Bounds Access Vulnerability

Google Chrome is a web browser from Google, an American company. An out-of-bounds access vulnerability exists in versions prior to Google Chrome 111.0.5563.110, which stems from out-of-bounds memory access in the Chrome WebHID, and can be exploited by a remote attacker to potentially leverage hea...

9.8CVSS9.3AI score0.01062EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•36 views

Google Chrome ANGLE out-of-bounds read vulnerability

Google Chrome is a web browser from Google, Inc. An out-of-bounds read vulnerability exists in versions of Google Chrome prior to 111.0.5563.110, which stems from a lack of proper validation of user-supplied data by ANGLE, where specially crafted data could trigger a read beyond the end of the...

8.8CVSS8.9AI score0.01339EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/05 12:0 a.m.•36 views

Linux kernel xusb.c file code issue vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel prior to version 5.17, which stems from the drivers/phy/tegra/xusb.c file incorrectly handling the return value of...

5.5CVSS6.6AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•36 views

Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-14511)

A buffer overflow vulnerability exists in Dell BIOS, which is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. The vulnerability stems from a boundary error when handling untrusted input. A locally authenticated attacker could exploit the vulnerability to execu...

8.8CVSS2.8AI score0.00166EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•36 views

Discourse Information Disclosure Vulnerability (CNVD-2023-07923)

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A security vulnerability exists in versions of Discourse prior to 2.8.14. The vulnerability stems from the fact that recipients of group SMTP emails can see the email addresse...

3.5CVSS1.5AI score0.00523EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•36 views

Huawei HarmonyOS Multi-Screen Collaboration Module Elevation of Privilege Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. The Huawei HarmonyOS multi-screen collaboration module is vulnerable to an elevation of privilege vulnerability that could be exploited by attackers to compromise data...

7.5CVSS5.3AI score0.00377EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•36 views

Canteen Management System SQL Injection Vulnerability (CNVD-2023-08051)

Canteen Management System is a canteen management system. version 1.0 of Canteen Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements by parameter id. An attacker could use this vulnerability to execute illegal SQL commands to...

8.1CVSS3.4AI score0.00717EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•36 views

phpIPAM authorization issue issue vulnerability

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM versions prior to 1.5.1 are vulnerable to authorization issues, which can be exploited by attackers to download the findfullsubnets.php endpoint containing sensitive information...

7.5CVSS4.3AI score0.37304EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•36 views

F5 BIG-IP SSL OCSP Authentication Profile Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP SSL OCSP authentication profile, when a virtual server is configure...

7.5CVSS3.2AI score0.00663EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/30 12:0 a.m.•36 views

IBM AIX has an unspecified vulnerability (CNVD-2023-05472)

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX has a security vulnerability that stems from a buffer overflow caused by a non-privileged local user exploiting a vulnerability in X11, resulting in a...

7.8CVSS3.8AI score0.0021EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•36 views

Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-03059)

Mozilla Firefox, an open source web browser from the Mozilla Foundation, is vulnerable to an input validation error that results from a request initiated in reader mode that does not properly omit cookies with the SameSite attribute. An attacker could use this vulnerability to elevate privileges ...

6.1CVSS4.8AI score0.00644EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•36 views

Apache Kylin Command Injection Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. kylin has a command injection vulnerability, the vulnerability stems fr...

8.8CVSS2.9AI score0.56844EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/30 12:0 a.m.•36 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-03067)

Mozilla Firefox is an open source web browser from the Mozilla Foundation, U.S. Mozilla Firefox suffers from a resource management error vulnerability, which stems from a post-release reuse problem after VR process corruption. An attacker could exploit the vulnerability to cause the browser to...

6.5CVSS4AI score0.00718EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/20 12:0 a.m.•36 views

Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2022-89420)

Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. The application supports interactive data analysis and collaborative documentation. versions of Apache Zeppelin prior to 0.8.2 contai...

5.4CVSS2.2AI score0.01118EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/16 12:0 a.m.•36 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-00603)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS2.2AI score0.00708EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•36 views

XWiki Platform Code Injection Vulnerability

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. A code injection vulnerability exists in XWiki Platform. The vulnerability stems from incorrectly escaping macro content and menu macro parameters, which can be exploited to execute...

9.9CVSS9.5AI score0.01261EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/21 12:0 a.m.•36 views

DedeCMS Arbitrary File Upload Vulnerability (CNVD-2022-80695)

DedeCMS Weaving Dream Content Management System is a PHP-based open source content management system CMS. The system has content publishing, content management, content editing and content retrieval functions.An arbitrary file upload vulnerability exists in the /dede/filemanagecontrol.php compone...

6.7CVSS3.9AI score0.00345EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/05 12:0 a.m.•36 views

Tenda AC23 Stack Overflow Vulnerability

Tenda AC23 is a dual-band gigabit wireless router from Tenda, China. Tenda AC23 is vulnerable to a stack overflow vulnerability, which can be exploited by attackers to execute arbitrary code...

9.8CVSS6.3AI score0.00928EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/20 12:0 a.m.•36 views

Oracle E-Business Suite has an unspecified vulnerability (CNVD-2023-05481)

Oracle E-Business Suite E-Business Suite is a fully integrated global business management software from Oracle Corporation USA. A security vulnerability exists in Oracle Web Applications Desktop Integrator for Oracle E-Business Suite. An unauthenticated attacker could exploit the vulnerability to...

9.8CVSS1.5AI score0.36455EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•36 views

Oracle Supply Chain Denial of Service Vulnerability

Oracle Supply Chain Products Suite is a set of supply chain solutions from Oracle Oracle. The product provides value chain planning, value chain execution, product lifecycle management and other functions. A denial of service vulnerability exists in Oracle Transportation Management versions 6.4.3...

2.7CVSS3.5AI score0.00669EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•36 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-87656)

Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server a...

4.9CVSS2.2AI score0.01144EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•36 views

Microsoft Windows Secure Channel Denial of Service Vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA. A denial of service vulnerability exists in Microsoft Windows Secure Channel, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to cause a...

3.7AI score0.01954EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•36 views

Microsoft Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Microsoft Windows Resilient File System ReFS is a resilient file system from Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows Resilient File System ReFS, which stems from an improper assignment of privileges in an application. An attacker could exploit...

4.2AI score0.00542EPSS
Exploits0
CNVD
CNVD
•added 2022/10/11 12:0 a.m.•36 views

Puppet puppetlabs-apt module command injection vulnerability

Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...

9.8CVSS4.3AI score0.02087EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/29 12:0 a.m.•36 views

Google Chrome Media Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a mix-up in instructions responsible for freeing memory in Media. An attacker could exploit the vulnerability potential...

8.8CVSS8.2AI score0.0055EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/20 12:0 a.m.•36 views

Google TensorFlow Conv2D Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that if Conv2D is specified as an empty input and the filter and padding sizes are valid, the output is all zeros...

7.5CVSS3.1AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/19 12:0 a.m.•36 views

File upload vulnerability exists in Tongda OA (CNVD-2022-70712)

Tongda OA is a mobile intelligent office application. There is a file upload vulnerability in Tongda OA, which can be exploited by attackers to gain control of the server...

4.2AI score
Exploits0
Total number of security vulnerabilities5000