Lucene search
K
CnvdMost viewed

130997 matches found

CNVD
CNVD
•added 2023/08/17 12:0 a.m.•32 views

Google Chrome Audio memory misreference vulnerability (CNVD-2023-65151)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a mix-up in instructions responsible for freeing memory in Audio. A remote attacker can exploit this vulnerability to...

8.8CVSS6.5AI score0.00829EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/16 12:0 a.m.•32 views

Google Android elevation of privilege vulnerability (CNVD-2023-82067)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from improper input validation in the readFrom module of Uri.java, which can be exploited by an attacker to gain elevated privileges...

7.8CVSS7.1AI score0.00168EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•32 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85902)

Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...

7.8CVSS8.2AI score0.01074EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•32 views

Microsoft Outlook Remote Code Execution Vulnerability (CNVD-2023-92208)

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. The Microsoft Outlook remote code execution vulnerability can be exploited by an attacker to execute arbitrary code on the system...

7.8CVSS8AI score0.0121EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•32 views

Adobe Acrobat Reader Post-Release Reuse Vulnerability

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has a post-release reuse vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.5AI score0.02773EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/20 12:0 a.m.•32 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65509)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized read access to a subset of MySQL Server accessible data...

3.1CVSS5.6AI score0.00835EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/13 12:0 a.m.•32 views

Adobe Coldfusion Access Control Bypass Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An access control bypass vulnerability exists in Adobe Coldfusion, which can be exploited by an attacke...

7.5CVSS6.5AI score0.99754EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/31 12:0 a.m.•32 views

Google Chrome PDF component memory misreference vulnerability (CNVD-2023-46113)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome PDF component, which can be exploited by an attacker to execute arbitrary code on the system or cause an application to crash...

8.8CVSS7.6AI score0.00918EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/18 12:0 a.m.•32 views

Google Chrome Code Execution Vulnerability (CNVD-2023-46125)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome, which can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...

8.8CVSS7.8AI score0.00681EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/21 12:0 a.m.•32 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65513)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...

4.9CVSS6.3AI score0.01128EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/07 12:0 a.m.•32 views

Google Chrome Networking APIs Code Execution Vulnerability

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome Networking APIs that stems from a memory reuse after release issue in the networking APIs. An attacker could exploit this vulnerability to execute arbitrary code on a system or...

8.8CVSS7.9AI score0.00914EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/29 12:0 a.m.•32 views

Delta Electronics InfraSuite Device Master Deserialization Vulnerability (CNVD-2023-23887)

Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. A deserialization vulnerability in Delta Electronics InfraSuite Device Master versions prior to 1.0.5 can be exploited by an unauthenticated attacker to remotely...

9.8CVSS9.7AI score0.5005EPSS
Exploits3References1
CNVD
CNVD
•added 2023/03/29 12:0 a.m.•32 views

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2023-43888)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that originates from a boundary error in TAvgPoolGrad when handling untrusted input. A remote attacker could exploit the...

9.8CVSS8.2AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•32 views

Google Chrome Navigation component code issue vulnerability

Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Navigation component. A remote attacker can exploit the vulnerability to bypass the...

4.3CVSS6AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/18 12:0 a.m.•32 views

Oracle Business Intelligence Enterprise Edition has an unspecified vulnerability (CNVD-2023-05499)

Oracle Business Intelligence Enterprise Edition is an intelligent business analytics software from Oracle Corporation USA. Oracle Business Intelligence Enterprise Edition is a security vulnerability that can be exploited by a low-privilege attacker to compromise Oracle Business Intelligence...

5.4CVSS2.4AI score0.00377EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•32 views

Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2023-51374)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An elevation of privilege vulnerability exists in Microsoft Exchange Server, which can be exploit...

7.8CVSS7.1AI score0.00569EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/09 12:0 a.m.•32 views

Binary Vulnerability in Various Cisco Products (CNVD-2023-09623)

The RV340, RV340W, RV345, and RV345P are all small business VPN routers from Cisco. A binary vulnerability exists in several Cisco products, which can be exploited by an attacker to upload files for overwrite operations...

9.8CVSS7.1AI score0.88874EPSS
Exploits0
CNVD
CNVD
•added 2023/01/08 12:0 a.m.•32 views

Arbitrary File Read Vulnerability in Istar Electronic Document Security Management System (CNVD-2023-09184)

Easetone electronic document security management system is an electronic document security encryption software. Yisetong Electronic Document Security Management System has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...

7.1AI score
Exploits0
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•32 views

Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-03060)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to an input validation error that stems from a lack of ASN.1 parsing restrictions on error formats. An attacker could exploit this vulnerability to compromise the affected system...

9.8CVSS4.1AI score0.007EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/27 12:0 a.m.•32 views

kkFileView cross-site scripting vulnerability (CNVD-2023-00013)

kkFileView is China's Keking Technology Keking company's a Spring-Boot to create a file document online preview project . A cross-site scripting vulnerability exists in kkFileView, which stems from the setWatermarkAttribute function in the /picturesPreview file that allows an attacker to implemen...

6.1CVSS5.8AI score0.00547EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/21 12:0 a.m.•32 views

Apache Traffic Server Cross-Site Scripting Vulnerability (CNVD-2023-03922)

Apache Traffic Server ATS is a set of scalable HTTP proxy and cache servers from the Apache Foundation. Apache Traffic Server suffers from a cross-site scripting vulnerability that can be exploited by attackers to cause cross-site scripting and cache poisoning attacks...

6.1CVSS1.2AI score0.01078EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/20 12:0 a.m.•32 views

Apache Atlas path traversal vulnerability

Apache Atlas is a scalable and extensible set of core functional governance services from the Apache Foundation.Apache Atlas versions 0.8.4 through 2.2.0 have a path traversal vulnerability that stems from improper input validation in the import module, which could be exploited by an authenticate...

8.8CVSS4.4AI score0.01384EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/19 12:0 a.m.•32 views

Microsoft Office Graphics remote code execution vulnerability (CNVD-2022-89423)

Microsoft Office is an office software suite product of the United States Microsoft Corporation Microsoft. Common components of the product include Word, Excel, Access, Powerpoint, FrontPage, etc. A remote code execution vulnerability exists in Microsoft Office Graphics. An attacker could exploit...

7.8CVSS2.6AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/16 12:0 a.m.•32 views

Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-89757)

An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. An attacker could exploit this...

7.8CVSS5.6AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/16 12:0 a.m.•32 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-00609)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS2.2AI score0.00708EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•32 views

Siemens Teamcenter Visualization and JT2Go Stack Buffer Overflow Vulnerability

Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a stack buffer overflow vulnerability that could be exploited by an attacker...

7.8CVSS4.2AI score0.00472EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•32 views

Siemens Polarion ALM Host Header Injection Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release.A security vulnerability exists in Siemens Polarion ALM, which could be exploited by attackers to spoof host...

6.1CVSS2.5AI score0.00375EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•32 views

Google Chrome Accessibility code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Accessibility, which is caused by free usage in Accessibility. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service...

8.8CVSS5.4AI score0.00643EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•32 views

APsystems Access Control Error Vulnerability

APsystems is a microinverter from APsystems, Inc. Combining high efficiency power conversion with a user-friendly monitoring interface, it brings you reliable and smart energy. An access control error vulnerability exists in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software version...

8.8CVSS8.9AI score0.00642EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/29 12:0 a.m.•32 views

Binary vulnerability in libarchive (CNVD-2022-90746)

libarchive is a multi-format archive and compression library. A binary vulnerability exists in libarchive, which can be exploited by attackers to execute arbitrary code...

9.8CVSS8.2AI score0.01936EPSS
Exploits0
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•32 views

D-Link DIR-823G OS Command Injection Vulnerability (CNVD-2022-81490)

D-Link DIR-823G is a wireless router from D-Link, a Chinese company. A security vulnerability exists in D-Link DIR-823G firmware version 1.02B03, which stems from its HNAP API function allowing an attacker to implement arbitrary operating system command execution via a carefully crafted HNAP1...

9.8CVSS6.5AI score0.03826EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•32 views

NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...

9.1CVSS3.7AI score0.00812EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•32 views

Unspecified Vulnerability in Super Xray

Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A security vulnerability exists in Super Xray version 0.2-beta Linux and Mac OS systems, which can be exploited by attackers to elevate privileges...

7.8CVSS7.6AI score0.00381EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•32 views

Google TensorFlow BaseCandidateSamplerOp Buffer Error Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer error vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, and prior to 2.9.3, which stems from a lack of validation of user-supplied data in the...

9.1CVSS9.1AI score0.0038EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•32 views

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15780)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow is vulnerable to an input validation error that could be exploited by an attacker to cause a denial of service...

7.5CVSS3.4AI score0.0044EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•32 views

Google TensorFlow tf.raw_ops.ImageProjectiveTransformV2 buffer overflow vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, and 2.9.3 and earlier, which stems from a lack of proper validation of user-supplied data in...

7.5CVSS7.5AI score0.0043EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•32 views

automotive shop management system SQL injection vulnerability (CNVD-2022-87033)

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability. The vulnerability stems from a lack of validation of the...

7.2CVSS7.4AI score0.00821EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•32 views

LAVA Denial of Service Vulnerability

LAVA is a continuous integration system open sourced by LAVA. It is used to deploy operating systems to physical and virtual hardware to run tests.A denial of service vulnerability exists in versions of LAVA prior to 2022.11. The vulnerability stems from the fact that a user with valid credential...

3.5AI score0.00972EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/11/21 12:0 a.m.•32 views

Student Attendance Management System Cross-Site Scripting Vulnerability

Student Attendance Management System is a student attendance management system. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the className parameter of the createClass.php file, which can be exploited to cause cross-site scripting attacks...

2.1AI score0.00427EPSS
Exploits1
CNVD
CNVD
•added 2022/11/18 12:0 a.m.•32 views

FreeRDP Buffer Overflow Vulnerability (CNVD-2022-78857)

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team.FreeRDP suffers from a buffer overflow vulnerability that stems from an out-of-bounds read in the ZGFX decoder component. No detailed vulnerability details are currently available...

5.7CVSS4.3AI score0.00967EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/16 12:0 a.m.•32 views

IBM CICS TX Encryption Issue Vulnerability

IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. IBM CICS TX version 11.1 is vulnerable to an encryption issue that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt...

7.5CVSS3.5AI score0.00486EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/16 12:0 a.m.•32 views

Fortinet FortiSOAR Rights Management Error Vulnerability

FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, U.S.A. Fortinet FortiSOAR is vulnerable to a privilege management error. An attacker could exploit this vulnerability to execute arbitrary Python commands with root privileges...

7.8CVSS3.8AI score0.00202EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/13 12:0 a.m.•32 views

Huawei HarmonyOS Elevation of Privilege Vulnerability (CNVD-2022-78140)

Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyOS is vulnerable to an elevation of privilege vulnerability caused by a serialization/deserialization mismatch in the AMS module. An attacker could exploit this vulnerability to elevate privileges...

9.8CVSS3AI score0.00571EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/10 12:0 a.m.•32 views

Grafana Account Enumeration Vulnerability

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. Grafana has a security vulnerability that stems from the fact that an attacker can bypass access...

6.7CVSS2.2AI score0.00696EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/10 12:0 a.m.•32 views

SAP GUI OS Command Injection Vulnerability

SAP GUI is an application of SAP, the graphical user interface of the SAP system. SAP GUI is vulnerable to operating system command injection, which results from the failure of the network system or product to properly filter special characters, commands, etc. during the execution of commands...

6.1CVSS3.5AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/09 12:0 a.m.•32 views

Aruba Networks ArubaOS Buffer Overflow Vulnerability (CNVD-2022-75543)

Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, is vulnerable to a buffer overflow vulnerability. An attacker could exploit this vulnerability to cause unauthenticated remote code executio...

9.8CVSS6AI score0.01539EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/09 12:0 a.m.•32 views

Siemens JT2Go and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2022-75551)

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...

7.8CVSS3.7AI score0.00382EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/03 12:0 a.m.•32 views

Apache Spark Injection Vulnerability

Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...

3.2AI score0.01473EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/11/02 12:0 a.m.•32 views

Apple tvOS Resource Management Error Vulnerability

Apple tvOS is a smart TV operating system from Apple, Inc. Apple tvOS has a security vulnerability that originates from post-release reuse and can be exploited by attackers to execute arbitrary code with kernel privileges...

5.9AI score0.00263EPSS
Exploits0Affected Software3
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•32 views

Oracle MySQL Shell Information Disclosure Vulnerability (CNVD-2023-01495)

Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in the Shell: Core Client component of Oracle MySQL. An attacker can exploit this vulnerability to corrupt the MySQL Shell and gain unauthorized access to a subset of MySQL...

4.3CVSS3.7AI score0.0042EPSS
Exploits0References1
Total number of security vulnerabilities5000