Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/04/13 12:0 a.m.35 views

Samsung SMR Information Disclosure Vulnerability (CNVD-2022-63643)

Samsung SMR is a system patch package from South Korea's Samsung Samsung. An information disclosure vulnerability exists in versions prior to Samsung SMR Apr-2022 Release 1, which can be exploited by attackers to cause unauthorized access to the EFRUIMID value...

6.6CVSS3.3AI score0.00121EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.35 views

Jenkins Job Generator Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Job Generator Plugin has...

5.4CVSS1.1AI score0.00798EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/12 12:0 a.m.35 views

D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31545)

D-Link DIR-619 is a series of routers from D-Link, a Chinese company. D-Link DIR-619 Ax v1.00 has a security vulnerability that can be exploited by attackers to cause a denial of service DoS via the curTime parameter...

7.5CVSS5.2AI score0.01448EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.35 views

radare2 buffer overflow vulnerability (CNVD-2022-30438)

radare2 is a set of libraries and tools for processing binary files. radare2 versions prior to 5.6.8 are vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a denial of service...

7.5CVSS5.4AI score0.008EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.35 views

TotoLink EX300_v2 Cross-Site Scripting Vulnerability

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China. version TotoLink EX300v2 V4.0.3c.140B20210429 has a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

6.1CVSS3.6AI score0.00631EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.35 views

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65620)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...

7.8CVSS5.5AI score0.01911EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/30 12:0 a.m.35 views

WordPress Narnoo Distributor plugin path traversal vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A path traversal vulnerability exists in WordPress Narnoo...

9.8CVSS6.6AI score0.4783EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/24 12:0 a.m.35 views

Passwork On-Premise Edition Path Traversal Vulnerability

Passwork On-Premise Edition is a local password manager for your business from Passwork Finland.A path traversal vulnerability exists in versions prior to Passwork On-Premise Edition 4.6.13, no detailed vulnerability details are currently available...

8.8CVSS2.7AI score0.01443EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.35 views

Google Android Elevation of Privilege Vulnerability (CNVD-2022-22949)

Google Android is a Linux-based open source operating system from Google, Inc. An elevation-of-privilege vulnerability exists in Google Android due to a code logic error in kbasejduserbufpinpages in malikbasemem.c. error. An attacker could exploit this vulnerability to elevate local privileges...

7.2CVSS4.1AI score0.00726EPSS
Exploits0
CNVD
CNVD
added 2022/03/23 12:0 a.m.35 views

Moodle SQL Injection Vulnerability (CNVD-2022-25190)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A SQL injection vulnerability exists in Moodle versions 3.9.0 through 3.11.5, which stems from insufficient cleanup of user-supplied da...

8.8CVSS7.8AI score0.00898EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.35 views

CuppaCMS alertConfigField.php file contains a vulnerability

CuppaCMS is a content management system CMS, and a file inclusion vulnerability exists in CuppaCMS version 1.0. The vulnerability stems from the fact that the url parameter in /alerts/alertConfigField.php does not effectively filter calls to local file resources, which could be exploited to read...

7.8CVSS3AI score0.09966EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.35 views

CKEditor4 authentication vulnerability

An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the "Dialog Box" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the...

7.5CVSS1.5AI score0.02448EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.35 views

IBM Spectrum Protect Plus和IBM Spectrum Copy Data Management拒绝服务漏洞

IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management are both products of IBM Corporation, U.S.A. IBM Spectrum Protect Plus is a data protection platform. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual,...

7.5CVSS2.3AI score0.00904EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.35 views

TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-21168)

The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/checkregverifycode, which can be exploited by a remote attacker to submit a special request that can crash the application or can be used to execute...

10CVSS9.8AI score0.02413EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.35 views

Orchard Core Permissions and Access Control Issues Vulnerability

Orchard Core is an open source modular and multi-tenant application framework built with Asp.Net Core and a content management system Cms built on top of the framework from Orchard Core, Inc. Orchard Core is vulnerable to privilege permission and access control issues that could be exploited by a...

7.1CVSS2.5AI score0.00728EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.35 views

Vim Buffer Error Vulnerability (CNVD-2022-18520)

Vim is a UNIX-based editor. vim suffers from a buffer overflow vulnerability that stems from base read out-of-bounds. No detailed vulnerability details are currently available...

8.4CVSS4.2AI score0.01393EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.35 views

Microsoft Media Foundation Information Disclosure Vulnerability

Microsoft Media Foundation, a next-generation multimedia platform for Windows, is vulnerable to information disclosure. An attacker could use this vulnerability to obtain sensitive information...

4.3CVSS2AI score0.02297EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.35 views

Vim Resource Management Error Vulnerability (CNVD-2022-20100)

Vim is an editor for the UNIX platform. A resource management error vulnerability exists in vim, which can be exploited by an attacker to input a specially crafted file, resulting in a crash or code execution...

8.4CVSS8.8AI score0.01395EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.35 views

vim buffer overflow vulnerability (CNVD-2022-20693)

Vim is a UNIX-based editor. vim suffers from a buffer overflow vulnerability that could be exploited by an attacker to input a specially crafted file, leading to a crash or code execution...

8.4CVSS6.4AI score0.01505EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.35 views

Google Chrome OS Shell Memory Misreference Vulnerability

Google Chrome is a web browser from Google, Inc. A memory mis-reference vulnerability exists in Google Chrome OS Shell, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS6.8AI score0.00878EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/03 12:0 a.m.35 views

Spring Cloud Gateway Remote Code Execution Vulnerability

Spring Cloud GateWay is a library provided for building API gateways on top of Spring WebFlux.A remote code execution vulnerability exists in Spring Cloud Gateway, which occurs in the Actuator endpoint of the Spring Cloud Gateway application, which is enabled, public and insecure, is vulnerable t...

10CVSS2.9AI score0.98253EPSS
Exploits54References1
CNVD
CNVD
added 2022/02/24 12:0 a.m.35 views

vim buffer overflow vulnerability (CNVD-2022-20696)

Vim is a UNIX-based editor. buffer overflow vulnerability exists in versions prior to Vim 8.2.4436, which stems from a heap overflow in winlbrchartabsize and can be exploited to crash the program...

8.4CVSS3.4AI score0.12272EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.35 views

WordPress Shield Security plugin跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Shield Security plugin version 13.0.6 previously had a cross-site scripting vulnerability, whic...

4.8CVSS1.8AI score0.00588EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/21 12:0 a.m.35 views

Apache ActiveMQ Resource Management Error Vulnerability (CNVD-2022-14699)

Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. A resource management error vulnerability exists in Apache ActiveMQ Artemis, which can be exploited by an...

7.5CVSS8.2AI score0.02718EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/16 12:0 a.m.36 views

Google Chrome Security Feature Issue Vulnerability (CNVD-2022-20551)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security signature issue vulnerability that can be exploited by attackers to bypass security restrictions...

8.8CVSS8.3AI score0.00782EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/03 12:0 a.m.35 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09248)

Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server suffers from an input validation error vulnerability that originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or...

5.3CVSS5.4AI score0.01544EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.35 views

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15483)

Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause unauthorized read access to a subse...

5.3CVSS3AI score0.02877EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.35 views

F5 BIG-IP Resource Management Error Vulnerability (CNVD-2022-70619)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP has a resource management error vulnerability that can be exploited by an unauthenticated attacker to cause a...

5.3CVSS4AI score0.00889EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.35 views

Expat storeAtt function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could...

8.8CVSS6.2AI score0.02778EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/10 12:0 a.m.35 views

Insyde InsydeH2O Buffer Overflow Vulnerability

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System.Insyde InsydeH2O is vulnerable to a buffer overflow A buffer overflow vulnerability exists in InsydeH2O, whi...

8.2CVSS4.3AI score0.00279EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/08 12:0 a.m.35 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2022-03210)

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress has a cross-site scripting vulnerability in versions prior to 5.8.3, which stems from a lack of...

8CVSS1.9AI score0.63418EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/08 12:0 a.m.35 views

Expat has an unspecified vulnerability

Expat is a fast streaming XML parser written in C. Expat is vulnerable in versions prior to 2.4.3. The vulnerability stems from mgroupSize in Expat's xmlparse.c that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations...

8.1CVSS3.6AI score0.03759EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/28 12:0 a.m.35 views

Apache Apisix Licensing Issue Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...

9.8CVSS2.9AI score0.85943EPSS
Exploits5References1
CNVD
CNVD
added 2021/12/19 12:0 a.m.35 views

Quality Open Software logback remote code execution vulnerability

Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...

8.5CVSS3.4AI score0.04439EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/09 12:0 a.m.35 views

WordPress Secure Copy Content Protection and Content Locking plugin SQL injection vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. The WordPress Secure Copy Content Protection and Content Locking plugin has a SQL injection vulnerabili...

9.8CVSS2.2AI score0.78812EPSS
Exploits7References1
CNVD
CNVD
added 2021/12/02 12:0 a.m.35 views

Vim has an unspecified vulnerability

Vim is a UNIX-based editor, and a security vulnerability exists in Vim that can be exploited by attackers to perform buffer overflow attacks...

7.8CVSS5.8AI score0.01461EPSS
Exploits1References1
CNVD
CNVD
added 2021/11/17 12:0 a.m.35 views

Google Chrome referrer security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome due to an improper implementation of certain features in the product. A remote attacker could exploit the vulnerability to bypass security restrictions...

6.5CVSS3.2AI score0.00788EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/01 12:0 a.m.35 views

Adobe Safari cross-site scripting vulnerability

Adobe Safari is a popular WEB browser from Apple Inc. A cross-site scripting vulnerability exists in Adobe Safari, which can be exploited by remote attackers to submit special WEB requests that trick users into parsing and executing arbitrary code in the context of the application...

6.1CVSS6.1AI score0.01309EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/28 12:0 a.m.35 views

Nextcloud file traversal vulnerability

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...

8.8CVSS2.5AI score0.01727EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/21 12:0 a.m.35 views

Google Chrome WebApp Installer improperly implemented vulnerability

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper implementation of WebApp Installer. An attacker could potentially override and spoof the content of the multi-function box URL bar via a crafted HTML page...

6.5CVSS3.5AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.35 views

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-82957)

Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. Microsoft SharePoint Server has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code...

6.5CVSS3.7AI score0.06131EPSS
Exploits0
CNVD
CNVD
added 2021/10/09 12:0 a.m.35 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84819)

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in Garbage Collection in versions of Google Chrome prior to 94.0.4606.81. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3.9AI score0.00861EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/14 12:0 a.m.35 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-92836)

Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in the Selection API in versions prior to Google Chrome 93.0.4577.82. A remote attacker exploits heap corruption via a crafted HTML page...

8.8CVSS4.3AI score0.10127EPSS
Exploits1References1
CNVD
CNVD
added 2021/09/10 12:0 a.m.35 views

libtiff buffer overflow vulnerability (CNVD-2021-93892)

Libtiff is a library for reading and writing tagged image file format abbreviated as TIFF files. a buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the in TIFFmemcpy function in tifunix.c...

6.5CVSS5.5AI score0.01594EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/09 12:0 a.m.35 views

Mozilla Firefox Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-90098)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox for Android, which stems from Firefox allowing navigation via the intent:// protocol. A remote attacker could exploit the...

8.1CVSS4.5AI score0.00703EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/26 12:0 a.m.35 views

F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...

7.5CVSS2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/23 12:0 a.m.35 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04457EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/10 12:0 a.m.35 views

Linux kernel denial-of-service vulnerability (CNVD-2021-60519)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...

6.8CVSS2.5AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/10 12:0 a.m.35 views

Exiv2 Assertion Failure Vulnerability

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. exiv2 0.27.4 and earlier versions are vulnerable to an assertion failure. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...

5.5CVSS5.3AI score0.01104EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/29 12:0 a.m.35 views

Foxit PDF Reader Resource Management Error Vulnerability

Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader is vulnerable to resource management errors, which can be exploited by remote attackers to execute arbitrary code on the target system...

6.8CVSS5.7AI score0.019EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000