Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2016/10/21 12:0 a.m.•38 views

Libass Arbitrary Code Execution Vulnerability

libass is a lightweight library of functions for rendering subtitles in ASS/SSA format. An arbitrary code execution vulnerability exists in Libass, which can be exploited by a remote attacker to execute arbitrary code...

7.5CVSS8.3AI score0.04227EPSS
Exploits0References1
CNVD
CNVD
•added 2016/10/20 12:0 a.m.•39 views

potrace null pointer back-reference vulnerability (CNVD-2016-10140)

potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A null pointer back-reference vulnerability exists in potrace bitmapio.c:651:11. A remote attacker can exploit...

5.5CVSS7.8AI score0.01906EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/21 12:0 a.m.•38 views

QEMU Denial of Service Vulnerability (CNVD-2016-07820)

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU. An attacker can exploit this vulnerability to crash the QEMU process, resulting in a denial of service...

6CVSS8.8AI score0.00364EPSS
Exploits0References1
CNVD
CNVD
•added 2016/08/21 12:0 a.m.•38 views

CHICKEN has multiple vulnerabilities

CHICKEN is a compiler for the CHICKEN programming language. A buffer overflow and information disclosure vulnerability exists in CHICKEN. An attacker could exploit the vulnerabilities to obtain sensitive information or execute arbitrary code in the context of an affected application...

9.8CVSS7.5AI score0.02148EPSS
Exploits0References1
CNVD
CNVD
•added 2016/08/10 12:0 a.m.•38 views

Microsoft Windows Graphics Remote Code Execution Vulnerability (CNVD-2016-06272)

Microsoft Windows is the popular computer operating system. A remote code execution vulnerability exists in Microsoft Windows due to a font library that does not properly handle constructed embedded fonts. This vulnerability could be exploited by an attacker to take full control of an affected...

9.3CVSS8AI score0.50506EPSS
Exploits1References1
CNVD
CNVD
•added 2016/05/27 12:0 a.m.•38 views

MEDHOST Perioperative Information Management System Unauthorized Operation Vulnerability

MEDHOST Perioperative Information Management System PIMS is a suite of solutions covering surgical treatment, nursing care and other services from MEDHOST, Inc. that includes an anesthesia information management system AIMS, remote host control and streamlined patient tracking. A security...

10CVSS6.6AI score0.03957EPSS
Exploits3References1
CNVD
CNVD
•added 2015/03/12 12:0 a.m.•38 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2015-01691)

Apache HTTP Server is an open source web server from the Apache Software Foundation that runs on most computer operating systems and is widely used as one of the most popular web server-side software due to its multi-platform and security. A denial-of-service vulnerability exists in Apache HTTP...

5CVSS6.9AI score0.18812EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/26 12:0 a.m.•37 views

Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

5.4CVSS7.6AI score0.01727EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/21 12:0 a.m.•37 views

Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-14982)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox that stems from improper handling of WASM register values. An attacker can exploit the vulnerability to create invalid wasm values...

3.7CVSS6.6AI score0.00437EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/02 12:0 a.m.•37 views

TP-LINK Tapo C100 Denial of Service Vulnerability

TP-LINK Tapo C100 is a webcam device from China P&L TP-LINK. The TP-LINK Tapo C100 suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by an attacker to cause a denial of service DoS by serving a crafted web request...

6.5CVSS6.9AI score0.00334EPSS
Exploits2References1
CNVD
CNVD
•added 2023/09/15 12:0 a.m.•37 views

Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany, that uses discrete-event simulation to analyze and optimize throughput and thereby improve manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from a buffer overflow vulnerability...

7.8CVSS7.7AI score0.00201EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/11 12:0 a.m.•37 views

Apache Superset REST API Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...

5.4CVSS6.8AI score0.00806EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/25 12:0 a.m.•37 views

Apache Airflow code issue vulnerability (CNVD-2023-85615)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has a code issue vulnerability that can be exploited by an attacker ...

8.1CVSS7AI score0.01488EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•37 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-64865)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...

8.8CVSS8.1AI score0.02559EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•37 views

Microsoft Office Code Execution Vulnerability (CNVD-2024-02722)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

7.8CVSS7.9AI score0.01084EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/10 12:0 a.m.•37 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-59026)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which can be exploited by a remote attacker to submit a special WEB request that can be tricked into being parsed by the user, which can crash the...

8.8CVSS7.7AI score0.00753EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/31 12:0 a.m.•37 views

Linux kernel command execution vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A command execution vulnerability exists in the Linux kernel that stems from a lack of functionality checking and can be exploited by an attacker to execute administrative...

6.8CVSS7.3AI score0.0147EPSS
Exploits2References1
CNVD
CNVD
•added 2023/04/13 12:0 a.m.•37 views

Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44303)

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

6.6CVSS7.8AI score0.00836EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•37 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-23550)

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. An information disclosure vulnerability exists in versions prior to Apache Airflow 2.5.2, which stems from the fact that...

5.3CVSS4.7AI score0.01382EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•37 views

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability (CNVD-2023-28105)

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an information disclosure...

7AI score0.01532EPSS
Exploits0
CNVD
CNVD
•added 2023/03/15 12:0 a.m.•37 views

D-Link DIR-867 Command Injection Vulnerability

The D-Link DIR-867 is a wireless router from China Youxun D-Link.A command injection vulnerability exists in the D-Link DIR-867, which is caused by a command injection vulnerability in the SetVirtualServerSettings function. By sending a carefully crafted request using the LocalIPAddress parameter...

9.8CVSS9.8AI score0.02621EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•37 views

Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-14511)

A buffer overflow vulnerability exists in Dell BIOS, which is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. The vulnerability stems from a boundary error when handling untrusted input. A locally authenticated attacker could exploit the vulnerability to execu...

8.8CVSS2.8AI score0.00166EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•37 views

phpIPAM authorization issue issue vulnerability

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM versions prior to 1.5.1 are vulnerable to authorization issues, which can be exploited by attackers to download the findfullsubnets.php endpoint containing sensitive information...

7.5CVSS4.3AI score0.37304EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•37 views

Linux kernel has unspecified vulnerabilities (CNVD-2023-06531)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel has a security vulnerability that stems from type obfuscation, which leads to denial of service. No details of the vulnerability are currently available...

5.5CVSS2.2AI score0.00268EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/07 12:0 a.m.•37 views

Google Android Information Disclosure Vulnerability (CNVD-2023-04550)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by a logic error in the code beginning with Threads.cpp. An attacker can exploit the vulnerability to obtain sensitive information...

5.5CVSS5.2AI score0.00254EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•37 views

XWiki Platform Code Injection Vulnerability

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. A code injection vulnerability exists in XWiki Platform. The vulnerability stems from incorrectly escaping macro content and menu macro parameters, which can be exploited to execute...

9.9CVSS9.5AI score0.01261EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/21 12:0 a.m.•37 views

Linux kernel denial-of-service vulnerability (CNVD-2022-74086)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a denial-of-service vulnerability that results from a null pointer dereference due to an incorrect operation. An attacker could exploit this vulnerability to cause a denial ...

2.8AI score0.00315EPSS
Exploits0
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•37 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-87656)

Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server a...

4.9CVSS2.2AI score0.01144EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•37 views

Microsoft Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability

Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A security feature bypass vulnerability exists in Microsoft Windows Portable Device Enumerator Service, which could be exploited by an attacker to compromise the confidentiality, integrity, or The...

4.2AI score0.00597EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•37 views

Linux kernel denial-of-service vulnerability (CNVD-2022-74090)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a denial of service. The vulnerability is due to the ability of affected versions of the Linux kernel to inject WLAN frames into the mac80211 stack of a local attacker coul...

3.2AI score0.00555EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•37 views

SAP Customer Data Cloud Encryption Issue Vulnerability

SAP Customer Data Cloud is a tool from SAP Germany that provides digital customer identity and access management. It enables companies to collect, aggregate and manage customer data across multiple touch points and applications. An encryption issue vulnerability exists in SAP Customer Data Cloud...

5.2CVSS5.3AI score0.00162EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/11 12:0 a.m.•37 views

Puppet puppetlabs-apt module command injection vulnerability

Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...

9.8CVSS4.3AI score0.02087EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•37 views

SAMSUNG Mobile devices account component access control error vulnerability

SAMSUNG Mobile devices is a series of Samsung mobile devices from South Korea's Samsung SAMSUNG, including cell phones, tablets, etc. SAMSUNG Mobile devices versions prior to 13.5.01.3 contain an access control error vulnerability that stems from improper protection of components in Samsung...

5.1CVSS3.6AI score0.00151EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•37 views

Nepxion Discovery Remote Code Execution Vulnerability

Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...

9.8CVSS4AI score0.01804EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•37 views

Sophos Firewall Code Execution Vulnerability

Sophos Firewall is a firewall from Sophos UK. A code execution vulnerability exists in Sophos Firewall 19.0.1 and prior versions, which fails to properly filter special elements of constructed snippets in User Portal and Webadmin. An attacker can exploit the vulnerability to cause arbitrary code...

9.8CVSS9.7AI score0.98905EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/26 12:0 a.m.•37 views

Apache XML Graphics Batik Server-Side Request Forgery Vulnerability

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw in the DefaultScriptSecurity function. An attacker could exploi...

1.9AI score0.05791EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/09/02 12:0 a.m.•37 views

Apache OFBiz Code Issue Vulnerability (CNVD-2023-03920)

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code issue vulnerability exists in Apache OFBiz Solr plugin 18.12.05 and earlier, which stems from the default configuration of automatically issuing RMI requests on port 1099 on localhost, which can be...

9.8CVSS1.8AI score0.03716EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/23 12:0 a.m.•37 views

Tenda AC15 Buffer Overflow Vulnerability (CNVD-2022-75823)

Tenda AC15 is a wireless router from Tenda, China. Tenda AC15 is vulnerable to a buffer overflow vulnerability caused by improper boundary checking of the WifiBasicSet function. A remote attacker could exploit this vulnerability to overflow the buffer and execute arbitrary code on the system...

9.8CVSS5.1AI score0.00862EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/22 12:0 a.m.•37 views

Cisco Nexus Dashboard OS Command Injection Vulnerability

Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It can simplify the operation and management of data center networks. Cisco Nexus Dashboard has a security vulnerability that can be exploited by an unauthenticated, remote attacker to access specific APIs running in the dat...

9.8CVSS9.8AI score0.01437EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•37 views

Oracle MySQL Server Encryption Component Denial of Service Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a denial of service vulnerability that originates from incorrect input validation in the Encryption component of MySQL Server, which...

3.1CVSS6.2AI score0.00705EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/19 12:0 a.m.•37 views

Apache Hive Authorization Issues Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...

7.5CVSS7.3AI score0.01393EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/19 12:0 a.m.•37 views

Adobe InCopy Buffer Overflow Vulnerability (CNVD-2022-55643)

Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to cause a read to exceed the end of an allocated buffer...

5.5CVSS6.1AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•37 views

PbootCMS Code Injection Vulnerability

PbootCMS is a new core and permanent open source free PHP enterprise website development and construction management system , is a set of efficient , simple , strong and free commercial PHP CMS source code , to meet the needs of various types of enterprise website development and construction...

9.8CVSS9.8AI score0.32731EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•37 views

Siemens RUGGEDCOM ROX Command Injection Vulnerability

RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. Siemens RUGGEDCOM ROX has a command injection vulnerability that could be exploited by an attacker with administrator privileges to access the shell o...

10CVSS3.6AI score0.01573EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•37 views

Apache Druid Clickjacking Vulnerability

Apache Druid is a column-oriented open source distributed data storage system written in Java, designed to quickly access large amounts of event data and provide low-latency queries on top of the data. A clickjacking vulnerability exists in Apache Druid. The vulnerability is due to the server not...

4.3CVSS4.6AI score0.01738EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•37 views

Vega Charts Kibana Cross-Site Scripting Vulnerability

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega Charts...

6.1CVSS6AI score0.00777EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/07 12:0 a.m.•37 views

VICIdial Cross-Site Scripting Vulnerability

Vicidial is a software suite from Vicidial, Inc. Designed to interact with the Asterisk open source Pbx phone system as a complete inbound/outbound contact center suite with inbound email support. A cross-site scripting vulnerability exists in VICIdial versions prior to 2.14b0.5, which stems from...

6.5CVSS6AI score0.00485EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/05 12:0 a.m.•37 views

Vim inc function buffer overflow vulnerability

Vim is a cross-platform text editor. versions prior to Vim 9.0.0011 are vulnerable to a buffer overflow vulnerability that stems from a boundary error in the inc function when handling untrusted input. A remote attacker could exploit this vulnerability to crash the software, modify memory, and...

7.8CVSS6.1AI score0.01224EPSS
Exploits1References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•37 views

Ruby ruby-mysql security vulnerability (CNVD-2022-74096)

Ruby ruby-mysql is a pure Ruby version of the MySQL connector from the Ruby community.An access control error vulnerability exists in Ruby ruby-mysql Gem versions prior to 2.10.0, which stems from the fact that a malicious MySQL server can request local file content from a client without explicit...

4.3CVSS3.9AI score0.01107EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/06/27 12:0 a.m.•37 views

74cmsSE SQL Injection Vulnerability

74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/resume/index keyword parameter. An attacker could use this vulnerability to execute...

7.5CVSS2.7AI score0.00901EPSS
Exploits1References1
Total number of security vulnerabilities5000