Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/11/24 12:0 a.m.•34 views

Linux kernel competitive conditions issue vulnerability (CNVD-2024-1477122)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Conditions Issue vulnerability, which stems from the presence of a competitive condition that could cause a local user to cause a system...

4.7CVSS6.1AI score0.00275EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/21 12:0 a.m.•34 views

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...

6.1CVSS6.4AI score0.84811EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•34 views

Weak Encryption Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

6.9CVSS6.7AI score0.00446EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•34 views

SAP S/4HANA Authorization Issues Vulnerability (CNVD-2024-10202)

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An authorization issue vulnerability exists in SAP S/4HANA version 106, which can be exploited by an attacker to cause an escalation of privileges, due to a vulnerability...

5.4CVSS6.9AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/17 12:0 a.m.•34 views

Google Chrome Skia buffer overflow vulnerability (CNVD-2023-65153)

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a boundary error in Skia when handling untrusted input, and can be exploited by a remote attacker to corrupt the renderer...

8.8CVSS6.9AI score0.01595EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•34 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2023-64870)

Microsoft HEVC Video Extensions is a video extension application from Microsoft USA. The application enables computers and devices to read High Efficiency Video Coding or HEVC videos. A remote code execution vulnerability exists in Microsoft HEVC Video Extensions, which can be exploited by an...

7.8CVSS8.2AI score0.00712EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/19 12:0 a.m.•34 views

Linux kernel smb2pdu.c file out-of-bounds read vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.3.4, which stems from fs/ksmbd/smb2pdu.c not properly checking the UserName value, and can be...

9.1CVSS6.4AI score0.02975EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/10 12:0 a.m.•34 views

Milesight UR32L set_openvpn_client function buffer overflow vulnerability (CNVD-2023-65481)

The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L setopenvpnclient function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to cras...

7.2CVSS8.1AI score0.01503EPSS
Exploits1References1
CNVD
CNVD
•added 2023/05/28 12:0 a.m.•34 views

Linux kernel resource management error vulnerability (CNVD-2023-48541)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in the Linux kernel prior to version 6.2.9, which arises from a confusion in the program's instructions responsible for freeing...

4.7CVSS6.4AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/21 12:0 a.m.•34 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67102)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...

4.9CVSS6.3AI score0.01116EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/18 12:0 a.m.•34 views

SAP Application Interface Framework Cross-Site Scripting Vulnerability

SAP Application Interface Framework SAP AIF is a German SAP SAP company's application program interface framework. A security vulnerability exists in the SAP Application Interface Framework that stems from the application allowing the use of HTML markup, which can be exploited by an attacker to...

5.4CVSS6.8AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/11 12:0 a.m.•34 views

Buffer Overflow Vulnerability in Various Apple Products

Apple macOS Ventura is a desktop operating system from the American company Apple. A buffer overflow vulnerability exists in several Apple products that stems from incorrect validation of input. An attacker could exploit the vulnerability to execute arbitrary code with kernel privileges...

8.6CVSS8.5AI score0.24513EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•34 views

IBM Aspera Faspex SQL Injection Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM Inc. An SQL injection vulnerability exists in IBM Aspera Faspex version 4.4.2. The vulnerability stems from the application's lack of validation of external...

7.5CVSS8AI score0.00903EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•34 views

Adobe Experience Manager Encryption Issue Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...

5.3CVSS6.7AI score0.00818EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•34 views

Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an elevation of privilege...

8.9AI score0.01289EPSS
Exploits0
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•34 views

Adobe Animate stack buffer overflow vulnerability

Adobe Animate is a Flash animation software from Adobe. Adobe Animate is vulnerable to a stack buffer overflow vulnerability that could be exploited to execute arbitrary code in the context of the current user...

7.8CVSS4.2AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/15 12:0 a.m.•34 views

D-Link DIR-605L Buffer Overflow Vulnerability (CNVD-2023-17670)

The D-Link DIR-605L is a wireless router from D-Link in China.The D-Link DIR-605L is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to cause remote code execution or service disruption...

9.8CVSS6.6AI score0.01191EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•34 views

Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08438)

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

7.5CVSS7.4AI score0.00949EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•34 views

Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)

An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...

6.5CVSS1.1AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•34 views

Forget Heart Message Box SQL Injection Vulnerability

Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to ste...

8.8CVSS2.2AI score0.0072EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/17 12:0 a.m.•34 views

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76765)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

8.3CVSS6.8AI score0.00987EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/14 12:0 a.m.•34 views

Adobe InCopy out-of-bounds write vulnerability (CNVD-2023-05226)

Adobe InCopy is a text editing software for authoring from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS6AI score0.00295EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•34 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04323)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00929EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•34 views

Google Chrome iframe Sandbox Code Issue Vulnerability

Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...

6.5CVSS6.8AI score0.00595EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•34 views

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-03057)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozila Firefox. An attacker could exploit the vulnerability to execute client-side code...

6.1CVSS2.2AI score0.00575EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•34 views

Mozilla Firefox code issue vulnerability (CNVD-2023-03065)

A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...

8.8CVSS1.9AI score0.00564EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•34 views

Mozilla Firefox Security Feature Issue Vulnerability (CNVD-2023-05206)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature issue that stems from a lack of security checks in the sourceMapURL feature of devtools. A remote attacker could use the vulnerability to trick a victim into performing...

1.7AI score0.00572EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•34 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-03063)

Mozilla Firefox, an open source Web browser from the Mozilla Foundation, is vulnerable to a resource management error that results from improper internal resource management when selecting text. A remote attacker could use the vulnerability to trick a victim into selecting certain portions of tex...

6.5CVSS2.7AI score0.00544EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/03 12:0 a.m.•34 views

File Upload Vulnerability in MetaSoft MetaCrm

hereinafter referred to as "Metsoft" is a professional customer relationship management software provider. A file upload vulnerability exists in MetaCrm, which can be exploited by attackers to upload arbitrary malicious files...

7.2AI score
Exploits0
CNVD
CNVD
•added 2022/12/26 12:0 a.m.•34 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-00009)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.3AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•34 views

Siemens Teamcenter Visualization and JT2Go Out-of-Bounds Read Vulnerability (CNVD-2022-88424)

Siemens Teamcenter Visualization is a team collaboration software for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to an out-of-bounds read vulnerability that can be exploited by attackers to execute code in the context o...

7.8CVSS4.8AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•34 views

Siemens Teamcenter Visualization and JT2Go Heap Buffer Overflow Vulnerability

Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a heap buffer overflow vulnerability that could be exploited by an attacker ...

7.8CVSS3.2AI score0.00436EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/12 12:0 a.m.•34 views

Google Android Code Execution Vulnerability (CNVD-2023-07645)

Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-range read in the toLanguageTag of LocaleListCache.cpp. An attacker could exploit this vulnerability to execute arbitrary code on th...

9.8CVSS4AI score0.06649EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•34 views

Airtable.js misconfiguration vulnerability

Airtable.js is Airtable open source an Airtable javascript client . Provides a simple way to access the data . A misconfiguration vulnerability exists in Airtable.js versions prior to 0.11.6 that stems from a misconfiguration in a script that binds environment variables to the build target of a...

7.6CVSS6.3AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•34 views

Botan has an unspecified vulnerability

Botan is a library of cryptographic algorithms written in C++. It supports a variety of algorithms such as AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in Botan versions 1.11.34 and later up to 2.19.3, which stems from a certificate validation error and can be...

9.1CVSS9AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•34 views

ZTE ZXA10 C3XX Access Control Error Vulnerability

ZTE ZXA10 C3XX is a series of optical access aggregation equipment with EPON/GPON function from China ZTE Corporation ZTE. An access control error vulnerability exists in the ZTE ZXA10 C3XX version 2.1.0 and later, before 2.1.0xgp002.4. The vulnerability stems from improper access control setting...

9.8CVSS9.5AI score0.00822EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•34 views

Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability

Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...

4.8CVSS2.7AI score0.01015EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•34 views

Tenda AC18 addWifiMacFilter function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC18 version V15.03.05.19, which is caused by the addWifiMacFilter function not checking the length and size of the input data, and can be exploited to cause a denial of service...

9.8CVSS9.4AI score0.00682EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/21 12:0 a.m.•34 views

Tenda AC1200 Command Injection Vulnerability

Tenda AC1200 is a wireless router from Tenda, China.A command injection vulnerability exists in the IPsecLocalNet and IPsecRemoteNet parameters of the Tenda AC1200 setIPsecTunnelList function. An attacker can exploit this vulnerability to perform command injection...

7.8CVSS4AI score0.01377EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/09 12:0 a.m.•34 views

Siemens POWER METER SICAM Q100 Input Validation Error Vulnerability (CNVD-2022-75538)

The POWER METER SICAM Q100 is a multifunctional device used to detect, report and analyze measured values and events. Siemens POWER METER SICAM Q100 is vulnerable to an input validation error, which could be exploited by an attacker to crash the device followed by an automatic reboot or execute...

9.9CVSS4.2AI score0.01504EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/27 12:0 a.m.•34 views

Google Chrome Security Bypass Vulnerability (CNVD-2022-85084)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...

8.8CVSS3.3AI score0.01659EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•34 views

Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91134)

Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and cause it to hang o...

4.9CVSS5AI score0.00962EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•34 views

Dell GeoDrive DLL Hijacking Vulnerability

Dell GeoDrive is a free application from Dell Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. A DLL hijacking vulnerability exists in Dell GeoDrive versions prior to 2.2.3, which can be exploited by an attacker to execute arbitrary code on a...

7.8CVSS7.8AI score0.00169EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•34 views

Adobe ColdFusion XML External Entity Injection Vulnerability

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

7.5CVSS2.1AI score0.53028EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•34 views

Adobe ColdFusion XML External Entity Injection Vulnerability (CNVD-2023-08756)

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

7.5CVSS2.1AI score0.35527EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•34 views

Microsoft Windows USB Serial Driver Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.Microsoft Windows USB Serial Driver is vulnerable to information disclosure, which stems from insufficient protection of sensitive information on network systems or products, and can be exploited b...

3.4AI score0.00662EPSS
Exploits0
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•34 views

SAP 3D Visual Enterprise Author Buffer Overflow Vulnerability

SAP 3D Visual Enterprise Author is a desktop application from SAP Germany for managing 2D, 3D, animation, video and audio assets. SAP 3D Visual Enterprise Author suffers from a buffer overflow vulnerability that stems from a lack of proper memory management and could be exploited by an attacker t...

5.5CVSS4AI score0.00196EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•34 views

ZoneMinder has an unspecified vulnerability

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...

8CVSS2.4AI score0.05444EPSS
Exploits4References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•34 views

TOTOLINK NR1800X UploadCustomModule Buffer Overflow Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China-based Gion Electronics TOTOLINK, designed to provide fast and easy deployment of NR fixed data services for homes and offices.A buffer overflow vulnerability exists in TOTOLINK NR1800X V9.1.0u.6279B20210910 version, whic...

8.8CVSS3.9AI score0.00865EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•34 views

Tacitine Firewall EN6200 Command Injection Vulnerability

Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...

9.8CVSS10AI score0.01863EPSS
Exploits0References1
Total number of security vulnerabilities5000