Lucene search
K
CnvdMost viewed

130997 matches found

CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63327)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...

5.5CVSS1AI score0.01079EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90798)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...

7.8CVSS3.3AI score0.00777EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65600)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

9.3CVSS3.3AI score0.04905EPSS
Exploits0References1
CNVD
CNVD
•added 2019/05/15 12:0 a.m.•35 views

MiniUPnP MiniUPnPd Denial of Service Vulnerability

MiniUPnP is a UPnP tool that can be used for embedded systems. MiniUPnP A denial of service detail exists in MiniUPnPd. The vulnerability stems from improper design or implementation during code development of a networked system or product. An attacker can exploit the vulnerability to launch a...

7.5CVSS7AI score0.02575EPSS
Exploits1References1
CNVD
CNVD
•added 2018/02/24 12:0 a.m.•35 views

Apache JMeter Remote Command Execution Vulnerability

Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...

9.8CVSS7.8AI score0.10096EPSS
Exploits0References1
CNVD
CNVD
•added 2017/06/06 12:0 a.m.•35 views

Wireshark SoulSeek Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial-of-service vulnerability exists in the Wireshark SoulSeek parser, which allows ...

7.8CVSS8.8AI score0.03436EPSS
Exploits0References1
CNVD
CNVD
•added 2017/02/23 12:0 a.m.•35 views

DiskSavvy Enterprise Buffer Overflow Vulnerability

Flexense DiskSavvy is a disk space analyzer from Flexense USA. A buffer overflow vulnerability exists in the build-in web server of Flexense DiskSavvy Enterprise. A remote attacker could exploit the vulnerability to send a specially crafted URI request to conduct a denial of service or arbitrary...

9.8CVSS8.2AI score0.33052EPSS
Exploits7References1
CNVD
CNVD
•added 2016/11/02 12:0 a.m.•35 views

Cairo 'cairo-png.c' Integer Overflow Vulnerability

Cairo is a cross-platform open source vector graphics library , it supports in multiple contexts to do 2D drawing , and provides high-quality display and printout . An integer overflow vulnerability exists in Cairo 'cairo-png.c'. An attacker may exploit this issue to crash the affected applicatio...

5.5CVSS7.1AI score0.01995EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/01 12:0 a.m.•35 views

Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2016-07016)

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An information disclosure vulnerability exists in Adobe ColdFusion 11 Update 9 and earlier and ColdFusion 10...

8.6CVSS6AI score0.69044EPSS
Exploits7References1
CNVD
CNVD
•added 2016/08/10 12:0 a.m.•35 views

Microsoft Kerberos Elevation of Privilege Vulnerability

Microsoft Windows is the popular computer operating system. Windows Kerberos re-adopts the NTLM Authentication Protocol as the default protocol if a password change request is not handled correctly during a domain account password change, an elevation of privilege vulnerability exists that can be...

7.5CVSS7.2AI score0.17181EPSS
Exploits5References1
CNVD
CNVD
•added 2015/05/26 12:0 a.m.•35 views

Huawei Mate 7 Local Elevation of Privilege Vulnerability

Huawei Mate 7 is a smartphone developed by the domestic company Huawei. A security vulnerability exists on the Huawei Mate 7 TEEOS module that allows local attackers to exploit the vulnerability to elevate privileges...

7.6CVSS6.5AI score0.0092EPSS
Exploits0References1
CNVD
CNVD
•added 2015/05/26 12:0 a.m.•35 views

python-dbusmock local code execution vulnerability

python-dbusmock is a Python library for creating simulated objects on the D-Bus. A security vulnerability exists in python-dbusmock that allows a local attacker to exploit the vulnerability to execute arbitrary code...

9.3CVSS7.2AI score0.018EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/22 12:0 a.m.•34 views

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-19324)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android Chromium-based suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

5.4CVSS6.3AI score0.00514EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/13 12:0 a.m.•34 views

Linux Kernel suffers from a denial of service vulnerability (CNVD-2024-17902)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux Kernel has a denial of service vulnerability that can be exploited by attackers to conduct denial of service attacks...

5.3CVSS6.6AI score0.00158EPSS
Exploits0
CNVD
CNVD
•added 2024/02/19 12:0 a.m.•34 views

File Upload Vulnerability in Wando ezOFFICE Collaboration Management Platform (CNVD-2024-14208)

Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. A file upload vulnerability exists in Wando ezOFFICE Collaborative Management Platform, which can be exploited by an attacker to gain server privileges...

7AI score
Exploits0
CNVD
CNVD
•added 2024/01/30 12:0 a.m.•34 views

Cups Easy cross-site scripting vulnerability (CNVD-2024-11147)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statemodify.php page. An attacker could...

8.2CVSS6.2AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•34 views

Unspecified vulnerability in Linux kernel (CNVD-2024-06433)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to version 6.4.12, which stems from a post-release reuse vulnerability in amdgpucswaitallfences in...

7.8CVSS6.7AI score0.00319EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•34 views

Unspecified vulnerability in Linux kernel (CNVD-2024-06428)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.7.1 and earlier, which stems from a crash due to a missing paramkernel-datasize check. No details of the vulnerability...

5.5CVSS6.7AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•34 views

Microsoft Win32K Elevation of Privilege Vulnerability (CNVD-2024-11164)

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32K, which can be exploited by an attacker to gain elevated privileges on a system...

7.8CVSS7.3AI score0.04207EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/09 12:0 a.m.•34 views

Apache InLong Code Issue Vulnerability (CNVD-2024-08088)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a code issue vulnerability that stems from the presence of a deserialization vulnerability. An attacker can explo...

7.5CVSS7.1AI score0.01012EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•34 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-9944413)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS7.5AI score0.00597EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/30 12:0 a.m.•34 views

Foxit Reader Arbitrary File Creation Vulnerability

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit Reader suffers from an arbitrary file creation vulnerability, which can be exploited by an attacker to create a file in any location via a specially crafted malicious file, resulting in the execution of arbitrary code...

8.8CVSS6.9AI score0.02001EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/24 12:0 a.m.•34 views

Linux kernel competitive conditions issue vulnerability (CNVD-2024-1477122)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Conditions Issue vulnerability, which stems from the presence of a competitive condition that could cause a local user to cause a system...

4.7CVSS6.1AI score0.00275EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/21 12:0 a.m.•34 views

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...

6.1CVSS6.4AI score0.84811EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•34 views

Weak Encryption Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

6.9CVSS6.7AI score0.00446EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•34 views

SAP S/4HANA Authorization Issues Vulnerability (CNVD-2024-10202)

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An authorization issue vulnerability exists in SAP S/4HANA version 106, which can be exploited by an attacker to cause an escalation of privileges, due to a vulnerability...

5.4CVSS6.9AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/10 12:0 a.m.•34 views

IBM Aspera Faspex Information Disclosure Vulnerability (CNVD-2023-76768)

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera Faspex, which can be exploited by attackers to obtain sensitive information...

5.9CVSS6AI score0.00295EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/17 12:0 a.m.•34 views

Google Chrome Skia buffer overflow vulnerability (CNVD-2023-65153)

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a boundary error in Skia when handling untrusted input, and can be exploited by a remote attacker to corrupt the renderer...

8.8CVSS6.9AI score0.01595EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•34 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2023-64870)

Microsoft HEVC Video Extensions is a video extension application from Microsoft USA. The application enables computers and devices to read High Efficiency Video Coding or HEVC videos. A remote code execution vulnerability exists in Microsoft HEVC Video Extensions, which can be exploited by an...

7.8CVSS8.2AI score0.00712EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/11 12:0 a.m.•34 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-72228)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server. An attacker can exploi...

8CVSS8.3AI score0.11143EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/19 12:0 a.m.•34 views

Linux kernel smb2pdu.c file out-of-bounds read vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.3.4, which stems from fs/ksmbd/smb2pdu.c not properly checking the UserName value, and can be...

9.1CVSS6.4AI score0.02975EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/10 12:0 a.m.•34 views

Milesight UR32L set_openvpn_client function buffer overflow vulnerability (CNVD-2023-65481)

The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L setopenvpnclient function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to cras...

7.2CVSS8.1AI score0.01405EPSS
Exploits1References1
CNVD
CNVD
•added 2023/06/29 12:0 a.m.•34 views

Unspecified vulnerability in Trend Micro Apex One (CNVD-2023-65415)

Trend Micro Apex One is an endpoint protection software from Trend Micro. Trend Micro Apex One has a security vulnerability that can be exploited by local attackers to obtain sensitive information...

5.5CVSS6.4AI score0.00286EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/28 12:0 a.m.•34 views

Linux kernel resource management error vulnerability (CNVD-2023-48541)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in the Linux kernel prior to version 6.2.9, which arises from a confusion in the program's instructions responsible for freeing...

4.7CVSS6.4AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/21 12:0 a.m.•34 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67102)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...

4.9CVSS6.3AI score0.01116EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/18 12:0 a.m.•34 views

SAP Application Interface Framework Cross-Site Scripting Vulnerability

SAP Application Interface Framework SAP AIF is a German SAP SAP company's application program interface framework. A security vulnerability exists in the SAP Application Interface Framework that stems from the application allowing the use of HTML markup, which can be exploited by an attacker to...

5.4CVSS6.8AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•34 views

IBM Aspera Faspex SQL Injection Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM Inc. An SQL injection vulnerability exists in IBM Aspera Faspex version 4.4.2. The vulnerability stems from the application's lack of validation of external...

7.5CVSS8AI score0.00903EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•34 views

Adobe Experience Manager Encryption Issue Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...

5.3CVSS6.7AI score0.00818EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•34 views

Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an elevation of privilege...

8.9AI score0.01289EPSS
Exploits0
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•34 views

Adobe Animate stack buffer overflow vulnerability

Adobe Animate is a Flash animation software from Adobe. Adobe Animate is vulnerable to a stack buffer overflow vulnerability that could be exploited to execute arbitrary code in the context of the current user...

7.8CVSS4.2AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/15 12:0 a.m.•34 views

D-Link DIR-605L Buffer Overflow Vulnerability (CNVD-2023-17670)

The D-Link DIR-605L is a wireless router from D-Link in China.The D-Link DIR-605L is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to cause remote code execution or service disruption...

9.8CVSS6.6AI score0.01191EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•34 views

Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08438)

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

7.5CVSS7.4AI score0.00949EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•34 views

Google Android Licensing Issue Vulnerability (CNVD-2023-08088)

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to authorization issues that can be exploited by remote attackers to cause authentication bypass...

6.8CVSS5.4AI score0.00206EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•34 views

Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)

An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...

6.5CVSS1.1AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•34 views

Forget Heart Message Box SQL Injection Vulnerability

Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to ste...

8.8CVSS2.2AI score0.0072EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/17 12:0 a.m.•34 views

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76765)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

8.3CVSS6.8AI score0.00987EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/14 12:0 a.m.•34 views

Adobe InCopy out-of-bounds write vulnerability (CNVD-2023-05226)

Adobe InCopy is a text editing software for authoring from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS6AI score0.00295EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•34 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04323)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00929EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•34 views

Google Chrome iframe Sandbox Code Issue Vulnerability

Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...

6.5CVSS6.8AI score0.00595EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•34 views

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-03057)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozila Firefox. An attacker could exploit the vulnerability to execute client-side code...

6.1CVSS2.2AI score0.00575EPSS
Exploits0References1
Total number of security vulnerabilities5000