Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/02/09 12:0 a.m.•34 views

Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08438)

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

7.5CVSS7.4AI score0.00949EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•34 views

Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)

An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...

6.5CVSS1.1AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•34 views

Forget Heart Message Box SQL Injection Vulnerability

Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to ste...

8.8CVSS2.2AI score0.0072EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/17 12:0 a.m.•34 views

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76765)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

8.3CVSS6.8AI score0.00987EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/14 12:0 a.m.•34 views

Adobe InCopy out-of-bounds write vulnerability (CNVD-2023-05226)

Adobe InCopy is a text editing software for authoring from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS6AI score0.00295EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•34 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04323)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00929EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•34 views

Google Chrome iframe Sandbox Code Issue Vulnerability

Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...

6.5CVSS6.8AI score0.00595EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•34 views

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-03057)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozila Firefox. An attacker could exploit the vulnerability to execute client-side code...

6.1CVSS2.2AI score0.00575EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•34 views

Mozilla Firefox code issue vulnerability (CNVD-2023-03065)

A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...

8.8CVSS1.9AI score0.00564EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•34 views

Mozilla Firefox Security Feature Issue Vulnerability (CNVD-2023-05206)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature issue that stems from a lack of security checks in the sourceMapURL feature of devtools. A remote attacker could use the vulnerability to trick a victim into performing...

1.7AI score0.00572EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•34 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-03063)

Mozilla Firefox, an open source Web browser from the Mozilla Foundation, is vulnerable to a resource management error that results from improper internal resource management when selecting text. A remote attacker could use the vulnerability to trick a victim into selecting certain portions of tex...

6.5CVSS2.7AI score0.00544EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/03 12:0 a.m.•34 views

File Upload Vulnerability in MetaSoft MetaCrm

hereinafter referred to as "Metsoft" is a professional customer relationship management software provider. A file upload vulnerability exists in MetaCrm, which can be exploited by attackers to upload arbitrary malicious files...

7.2AI score
Exploits0
CNVD
CNVD
•added 2022/12/30 12:0 a.m.•34 views

Mozilla Firefox permission permission and access control issue vulnerability (CNVD-2023-05211)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox, which stems from the way Firefox handles extension updates. An attacker could use the vulnerability to trick victims into...

2AI score0.00644EPSS
Exploits0Affected Software3
CNVD
CNVD
•added 2022/12/26 12:0 a.m.•34 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-00009)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.3AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•34 views

Siemens Teamcenter Visualization and JT2Go Out-of-Bounds Read Vulnerability (CNVD-2022-88424)

Siemens Teamcenter Visualization is a team collaboration software for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to an out-of-bounds read vulnerability that can be exploited by attackers to execute code in the context o...

7.8CVSS4.8AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•34 views

Siemens Teamcenter Visualization and JT2Go Heap Buffer Overflow Vulnerability

Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a heap buffer overflow vulnerability that could be exploited by an attacker ...

7.8CVSS3.2AI score0.00436EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/12 12:0 a.m.•34 views

Google Android Code Execution Vulnerability (CNVD-2023-07645)

Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-range read in the toLanguageTag of LocaleListCache.cpp. An attacker could exploit this vulnerability to execute arbitrary code on th...

9.8CVSS4AI score0.06649EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•34 views

XWiki Platform Information Disclosure Vulnerability

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. The XWiki Platform suffers from an information disclosure vulnerability that originates from the fact that when using XWiki's "Reset forgotten password" feature, passwords are stored in...

6.5CVSS6.2AI score0.0045EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•34 views

ZTE ZXA10 C3XX Access Control Error Vulnerability

ZTE ZXA10 C3XX is a series of optical access aggregation equipment with EPON/GPON function from China ZTE Corporation ZTE. An access control error vulnerability exists in the ZTE ZXA10 C3XX version 2.1.0 and later, before 2.1.0xgp002.4. The vulnerability stems from improper access control setting...

9.8CVSS9.5AI score0.00822EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•34 views

Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability

Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...

4.8CVSS2.7AI score0.01015EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•34 views

NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...

9.1CVSS3.7AI score0.00812EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•34 views

Tenda AC18 addWifiMacFilter function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC18 version V15.03.05.19, which is caused by the addWifiMacFilter function not checking the length and size of the input data, and can be exploited to cause a denial of service...

9.8CVSS9.4AI score0.00682EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/21 12:0 a.m.•34 views

Tenda AC1200 Command Injection Vulnerability

Tenda AC1200 is a wireless router from Tenda, China.A command injection vulnerability exists in the IPsecLocalNet and IPsecRemoteNet parameters of the Tenda AC1200 setIPsecTunnelList function. An attacker can exploit this vulnerability to perform command injection...

7.8CVSS4AI score0.01377EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/09 12:0 a.m.•34 views

Siemens POWER METER SICAM Q100 Input Validation Error Vulnerability (CNVD-2022-75538)

The POWER METER SICAM Q100 is a multifunctional device used to detect, report and analyze measured values and events. Siemens POWER METER SICAM Q100 is vulnerable to an input validation error, which could be exploited by an attacker to crash the device followed by an automatic reboot or execute...

9.9CVSS4.2AI score0.01504EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/27 12:0 a.m.•34 views

Google Chrome Security Bypass Vulnerability (CNVD-2022-85084)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...

8.8CVSS3.3AI score0.01659EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•34 views

Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91134)

Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and cause it to hang o...

4.9CVSS5AI score0.00962EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•34 views

Dell GeoDrive DLL Hijacking Vulnerability

Dell GeoDrive is a free application from Dell Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. A DLL hijacking vulnerability exists in Dell GeoDrive versions prior to 2.2.3, which can be exploited by an attacker to execute arbitrary code on a...

7.8CVSS7.8AI score0.00169EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•34 views

Adobe ColdFusion XML External Entity Injection Vulnerability

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

7.5CVSS2.1AI score0.53028EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•34 views

Adobe ColdFusion XML External Entity Injection Vulnerability (CNVD-2023-08756)

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

7.5CVSS2.1AI score0.35527EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•34 views

Microsoft Windows USB Serial Driver Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.Microsoft Windows USB Serial Driver is vulnerable to information disclosure, which stems from insufficient protection of sensitive information on network systems or products, and can be exploited b...

3.4AI score0.00662EPSS
Exploits0
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•34 views

ZoneMinder has an unspecified vulnerability

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...

8CVSS2.4AI score0.05444EPSS
Exploits4References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•34 views

TOTOLINK NR1800X UploadCustomModule Buffer Overflow Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China-based Gion Electronics TOTOLINK, designed to provide fast and easy deployment of NR fixed data services for homes and offices.A buffer overflow vulnerability exists in TOTOLINK NR1800X V9.1.0u.6279B20210910 version, whic...

8.8CVSS3.9AI score0.00865EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•34 views

Tacitine Firewall EN6200 Command Injection Vulnerability

Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...

9.8CVSS10AI score0.01863EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•34 views

WordPress GS Testimonial Slider plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS5.2AI score0.00425EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/23 12:0 a.m.•34 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-66020)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager is...

5.4CVSS3.1AI score0.00533EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/07 12:0 a.m.•34 views

Huawei HarmonyOS Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. A conditional contention vulnerability exists in Huawei HarmonyOS, which stems from improper handling of concurrent accesses when concurrent code needs to access...

5.9CVSS1.4AI score0.00365EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/02 12:0 a.m.•35 views

Apache OFBiz Code Injection Vulnerability (CNVD-2023-03918)

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code injection vulnerability exists in Apache OFBiz 18.12.05 and earlier versions, which stems from an error in Birt and can be exploited by attackers to remotely execute code...

9.8CVSS5AI score0.04059EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/19 12:0 a.m.•34 views

IBM Sterling B2B Integrator Licensing Issue Vulnerability (CNVD-2022-61908)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates important B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition has an...

6.5CVSS2.8AI score0.00536EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/16 12:0 a.m.•34 views

Tenda W6 Stack Overflow Vulnerability

Tenda W6 is a wireless WiFi AP access point router from Tenda China.Tenda W6 is vulnerable to a stack overflow vulnerability caused by a stack buffer overflow in the function wifiSSIDget. A remote attacker can exploit this vulnerability to cause a denial of service...

7.5CVSS5.3AI score0.00889EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/15 12:0 a.m.•34 views

Adobe Acrobat Reader Resource Management Error Vulnerability (CNVD-2022-56977)

Adobe Acrobat Reader is a PDF viewer from Adobe, a U.S. company. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a resource management error that stems from post-release reuse, resulting in a memory leak. No details of the vulnerability are currently...

5.5CVSS2.2AI score0.02404EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/12 12:0 a.m.•34 views

Huawei EMUI and Magic UI Information Disclosure Vulnerability (CNVD-2022-81251)

Huawei EMUI is a mobile operating system developed on Android. Huawei Magic UI is a smart device operating system. Huawei EMUI and Magic UI are vulnerable to an information disclosure vulnerability that originates from the issue of writing data to an arbitrary address in the HWKEYMASTER module,...

7.5CVSS1.7AI score0.0046EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/11 12:0 a.m.•34 views

Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56660)

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...

8.8CVSS2AI score0.00255EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/09 12:0 a.m.•34 views

Siemens Teamcenter Denial of Service Vulnerability

Teamcenter software is a modern, adaptable product lifecycle management PLM system that connects people and processes across functional silos via digital threads to enable innovation. a denial-of-service vulnerability exists in Siemens Teamcenter that can be exploited by attackers to cause a...

7.5CVSS5.4AI score0.00635EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/04 12:0 a.m.•34 views

IBM CICS TX Advanced Access Control Error Vulnerability

IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. An Access Control Error vulnerability exists in IBM CICS TX Advanced version 11.1, which stems from a failure to set a security...

4.3CVSS4.4AI score0.00434EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/04 12:0 a.m.•34 views

IBM DataPower Gateway Cross-Site Scripting Vulnerability (CNVD-2022-56972)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...

5.4CVSS2.1AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/03 12:0 a.m.•34 views

F5 BIG-IP and BIG-IQ iControl SOAP input validation error vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An input validation error vulnerability exists in F5 BIG-IP and BIG-IQ iControl SOAP, which can be exploited by an...

6.5CVSS2.6AI score0.00645EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/27 12:0 a.m.•34 views

Vim buffer overflow vulnerability (CNVD-2022-54899)

Vim is a cross-platform text editor. A buffer overflow vulnerability exists in versions prior to Vim 9.0.0060, which stems from a boundary error when handling untrusted input. A remote attacker can exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS8AI score0.00552EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•34 views

Oracle MySQL Server PAM Auth Component Input Validation Error Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.28 and earlier versions, which originates in the PAM Auth component of MySQL...

3AI score0.00866EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•34 views

Moodle Input Validation Error Vulnerability (CNVD-2022-54916)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an input validation error vulnerability that stems from insufficient cleanup of SCORM tracking details, which can b...

6.1CVSS2.4AI score0.00879EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/19 12:0 a.m.•34 views

Adobe InCopy Buffer Overflow Vulnerability (CNVD-2022-55643)

Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to cause a read to exceed the end of an allocated buffer...

5.5CVSS6.1AI score0.00337EPSS
Exploits0References1
Total number of security vulnerabilities5000