Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/06/09 12:0 a.m.33 views

Online Ordering System SQL注入漏洞

Online Ordering System is a multi-store ordering system that can be used by any small business.An SQL injection vulnerability exists in Online Ordering System version 2.3.2, which originates from /ordering/admin/user/index.php?view=edit&id=page The lack of validation of externally entered SQL...

9.8CVSS4.9AI score0.01067EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.33 views

Elitecms SQL Injection Vulnerability (CNVD-2022-57764)

Elitecms is a web content management by elitecms India. elitecms version 1.01 has a SQL injection vulnerability, which originates from the /admin/editsidebar.php page page parameter lack of validation of external input SQL statements, an attacker can use this vulnerability to execute illegal SQL...

9.8CVSS5.9AI score0.01081EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.33 views

Elitecms SQL Injection Vulnerability

Elitecms is a web content management from elitecms India. elitecms version 1.01 is vulnerable to SQL injection, which originates from admin/editsidebar.php?page=2 & sidebar The page sidebar parameter lacks validation for external input SQL statements, and an attacker could exploit the vulnerabili...

9.8CVSS5.5AI score0.01081EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.33 views

SeedDMS Cross-Site Scripting Vulnerability (CNVD-2022-66668)

SeedDMS formerly known as LetoDMS and MyDMS is a PHP and MySql based document management system. A cross-site scripting vulnerability exists in SEEDMS versions 6.0.18 and 5.1.25, which are primarily used to store and share documents. The vulnerability can be exploited to inject a payload into the...

3.5CVSS1.4AI score0.00556EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/06/06 12:0 a.m.33 views

TOTOLINK EX1200T Command Injection Vulnerability (CNVD-2022-53569)

TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.TOTOLINK EX1200T has a command injection vulnerability, which originates from the NTPSyncWithHost function of the file system containing a remote command injection issue that can be exploited by an attacker to...

9.8CVSS2.4AI score0.01876EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/24 12:0 a.m.33 views

QEMU Buffer Overflow Vulnerability (CNVD-2023-80119)

QEMU Quick Emulator is a set of simulation processor software. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that stems from a double extraction in qxlcursor that could result in a heap buffer overflow. A malicious privileged attacker can exploit this...

8.2CVSS7.9AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/24 12:0 a.m.33 views

Pix-Link MiniRouter 28K.MiniRouter.20190211 Cross-Site Scripting Vulnerability (CNVD-2022-77885)

Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link China.Pix-Link MiniRouter 28K.MiniRouter.20190211 suffers from a cross-site scripting vulnerability, which stems from an unhandled security key parameter. An attacker could exploit the vulnerability to execute JavaScript code ...

3.5CVSS3.6AI score0.00564EPSS
Exploits1
CNVD
CNVD
added 2022/05/23 12:0 a.m.33 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64197)

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS2.4AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.33 views

Aruba ClearPass Policy Manager Remote Authorization Bypass Vulnerability

Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a remote authorization bypass vulnerability, which can be exploited by attackers to bypass authorization...

6.5CVSS4.5AI score0.00966EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/05/19 12:0 a.m.33 views

IBM Sterling Secure Proxy Trust Management Issue Vulnerability

IBM Sterling Secure Proxy is an application proxy used by International Business Machines Corporation IBM to secure the transfer of files in an organization's unprotected zone DMZ.IBM Sterling Secure Proxy version 6.0.3 and IBM Secure External Authentication Server version 6.0.3 contain a trust...

5.3CVSS3.7AI score0.00808EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/18 12:0 a.m.33 views

WordPress BulletProof Securitys plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress BulletProof Securitys plugin versions prior to 6.1 have a cross-site scripting vulnerability that...

4.8CVSS1.1AI score0.00565EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/18 12:0 a.m.33 views

Aruba ClearPass Policy Manager Server-Side Request Forgery Vulnerability

Aruba ClearPass Policy Manager is an application of Aruba, Inc. that provides wireless network security access management system Aruba ClearPass Policy Manager is vulnerable to server-side request forgery, which can be exploited by remote, unauthenticated attackers to conduct server-side request...

4.9CVSS3.9AI score0.00895EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.33 views

Spring Framework Denial of Service Vulnerability (CNVD-2022-68890)

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...

4CVSS3.3AI score0.03126EPSS
Exploits0
CNVD
CNVD
added 2022/05/13 12:0 a.m.33 views

curl information leakage vulnerability

curl is a tool used to transfer data from and to servers. curl versions 7.82.0 to 7.83.1 are vulnerable to an information disclosure vulnerability that stems from the fact that libcurl incorrectly allows cookies to be set for top-level domains TLDs if the hostname has a trailing dot, which can te...

5CVSS2.7AI score0.02414EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/13 12:0 a.m.33 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2022-49970)

Apache Tomcat is a lightweight Web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat suffers from a denial-of-service vulnerability that stems from a flaw in the configuration of Tomcat open...

7.5CVSS3.2AI score0.73139EPSS
Exploits5References1
CNVD
CNVD
added 2022/05/08 12:0 a.m.33 views

EmpireCMS SQL Injection Vulnerability

EmpireCMS Empire Content Management System is an open source content management system CMS. EmpireCMS version 7.5 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in AdClass.php and can be exploited to execute illegal SQL commands to steal...

9.8CVSS5AI score0.00914EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.33 views

Rancher Labs Rancher Access Control Error Vulnerability (CNVD-2022-65013)

Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, Inc. Rancher Labs Rancher is vulnerable to an access control error that could be exploited by an attacker to gain write access to directories when the restricted administrator role is enabled...

5.5CVSS2.2AI score0.00566EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.33 views

F5 BIG-IP Resource Management Error Vulnerability (CNVD-2022-77522)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP is vulnerable to resource management errors, which can be exploited by attackers to cause service degradation,...

7.5CVSS5.1AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.33 views

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36028)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

10CVSS9.8AI score0.01138EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.33 views

Microsoft Windows Kerberos Elevation of Privilege Vulnerability

Microsoft Windows Kerberos is a software for authentication in network clusters from Microsoft Corporation USA.Kerberos also serves as a network authentication protocol and is designed to provide strong authentication services for client/server applications through a key system.Microsoft Windows...

8.5CVSS6.4AI score0.01841EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.33 views

Jenkins Publish Over FTP Plugin授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Publish Over FTP Plugin 1.16 an...

4.3CVSS1.4AI score0.0072EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.33 views

Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-71743)

Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system, of which Windows DNS Server is a DNS Domain Name System server. code execution vulnerability, which can be exploited by attackers to execute arbitrary code on the system...

8.5CVSS6.2AI score0.01711EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.33 views

Microsoft Windows Print Spooler Elevation of Privilege Vulnerability (CNVD-2022-62513)

Microsoft Windows Print Spooler is a print backend processor component of Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows Print Spooler, which could be exploited by attackers to execute arbitrary code with elevated privileges...

9CVSS6.4AI score0.03415EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.33 views

Microsoft Windows SMB Remote Code Execution Vulnerability (CNVD-2022-74599)

Microsoft Windows SMB Server is a network file sharing protocol from Microsoft Corporation USA. It allows applications on a computer to read and write files and request services from server programs on the computer network.A remote code execution vulnerability exists in Microsoft Windows SMB, whi...

7.5CVSS4AI score0.01604EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.33 views

Microsoft Remote Procedure Call Runtime Remote Code Execution Vulnerability

Microsoft Remote Procedure Call Runtime is a technology used to create distributed client/server programs from Microsoft Corporation USA. The vulnerability can be exploited to execute arbitrary code on the system...

8.8CVSS3.8AI score0.02435EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/14 12:0 a.m.33 views

MariaDB Denial of Service Vulnerability (CNVD-2022-65007)

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6 and lower, which can be exploited by an attacker to cause a denial of service DoS via a...

7.5CVSS7.5AI score0.02159EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.33 views

Jenkins Google Compute Engine Plugin has an unspecified vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A security vulnerability exists in the Jenkins Google Compute Engine Plugin, which stems from storing unencrypted private...

4.3CVSS1.9AI score0.00724EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.34 views

Samsung SMR Buffer Overflow Vulnerability (CNVD-2022-63634)

Samsung SMR is a system patch package from South Korea's Samsung Samsung. It provides patches for Samsung mobile applications. Samsung SMR suffers from a buffer overflow vulnerability that stems from an incorrect size check in the sapefdparsemetaHEADERold function of the libsapeextractor library...

7.1CVSS4.5AI score0.0028EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.33 views

Rumble Mail Server Code Execution Vulnerability

Rumble Mail Server is a mail server suite for SMTP ESMTPSA, HTTP, POP3 and IMAP4v1 by Daniel Gruno, a personal developer.A code execution vulnerability exists in Rumble Mail Server version 0.51.3135, which stems from an unquoted service path in The service path is not referenced in RumbleService,...

7.8CVSS3.5AI score0.0044EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.33 views

HPE OneView Authentication Bypass Vulnerability

HPE OneView is a software from Hewlett Packard Enterprise HPE that facilitates automated device management for IT departments. versions prior to HPE OneView 6.6 contain an authentication bypass vulnerability that stems from insufficient program authentication strength and can be exploited by an...

7.8CVSS4.2AI score0.00276EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.33 views

Many Apple products competitive conditions problems vulnerability

Apple iOS is an operating system for mobile devices. apple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. apple macOS Big Sur is a mobile application app from Apple. apple iPadOS is an operating system for Apple iPadOS is an operating system for the iPad...

7CVSS2.3AI score0.02312EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.33 views

Jenkins instant-messaging Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...

6.5CVSS1.2AI score0.00887EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.33 views

ARRIS TR3300 OS Command Injection Vulnerability

ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS, Inc. ARRIS TR3300 v1.0.13 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to execute arbitrary commands via crafted requests...

10CVSS8AI score0.0612EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.33 views

Vim has an unspecified vulnerability (CNVD-2022-20153)

Vim is an editor based on the UNIX platform. there is a security vulnerability in Vim and no details of the vulnerability are currently available...

8.4CVSS2.3AI score0.00698EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/15 12:0 a.m.33 views

Huawei Emui and Magic UI improper access control vulnerability

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. a security vulnerability exists in Huawei Emui and Magic UI, which stems from improper access control of the video module. An attacker could exploit this vulnerability to...

7.5CVSS2.6AI score0.00718EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.33 views

Nextcloud server denial of service vulnerability (CNVD-2022-20690)

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server has a denial of service vulnerability that stems from a networked system or product that does not properly validate data boundaries when performing...

6.5CVSS2.5AI score0.01581EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.33 views

Microsoft Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver from Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows Cloud Files Mini Filter Driver, which could be exploited by attackers to execute arbitrary code with elevated privilege...

7CVSS4.4AI score0.04429EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.33 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59684)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...

7.8CVSS6.3AI score0.02158EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.33 views

Microsoft Azure Site Recovery Privilege Permission and Access Control Issue Vulnerability (CNVD-2022-18000)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to privilege permission and access control issues. No details of the vulnerability are available at this time...

6.5CVSS2.6AI score0.02569EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/25 12:0 a.m.33 views

Nvidia GPU Display Driver for Linux拒绝服务漏洞

Nvidia GPU Display Driver for Linux is a driver for interactive support of graphics modules on Linux systems from Nvidia, Inc. A denial-of-service vulnerability exists in the Nvidia GPU Display Driver for Linux kernel driver package, which can be exploited by attackers to The vulnerability can be...

6.1CVSS5.6AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/25 12:0 a.m.33 views

Tensorflow Denial of Service Vulnerability (CNVD-2022-31833)

Tensorflow is an open source machine learning framework. a denial-of-access vulnerability exists in TensorFlow, which can be exploited by attackers to launch a denial-of-service attack against a target...

6.5CVSS4.6AI score0.00458EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/24 12:0 a.m.33 views

Envoy has an unspecified vulnerability (CNVD-2022-16291)

Envoy is an open source distributed proxy server. Envoy has a security vulnerability that stems from Envoy's internal redirection selection configured for direct response or redirection actions, specifically so that generic routers will have segmentation failures that can be exploited by attacker...

7.5CVSS5AI score0.01127EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.33 views

WordPress Shield Security plugin跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Shield Security plugin version 13.0.6 previously had a cross-site scripting vulnerability, whic...

4.8CVSS1.8AI score0.00588EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.33 views

Wyse Device Agent Licensing Issue Vulnerability

DELL Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell USA. The product includes centralized Wyse endpoint management, asset tracking, and automated device discovery.An authorization issue vulnerability exists in Wyse due to an error in processing...

6.7CVSS2.7AI score0.00237EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.33 views

Expat has an unspecified vulnerability (CNVD-2022-18354)

Expat is a fast streaming XML parser written in C. A security vulnerability existed prior to Expat 2.4.5, which could be exploited by an attacker to trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

6.5CVSS4.4AI score0.03268EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.33 views

Cobbler Command Injection Vulnerability (CNVD-2022-18324)

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...

7.8CVSS2.4AI score0.00495EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.33 views

WikiDocs has unspecified vulnerabilities

WikiDocs is a database-free Markdown flat file Wiki engine from the personal developer Manuel Zavatta in Italy. WikiDocs suffers from a security vulnerability that stems from the fact that an attacker can exploit the vulnerability to upload malicious files via index.php using the image upload for...

8.8CVSS3.7AI score0.19872EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.33 views

Unspecified vulnerability in snapd

Snapd is an open source, cross-platform package management tool. snapd suffers from a security vulnerability that can be exploited by local attackers to cause snapd to restrict the execution of other arbitrary binaries, thereby gaining privileged escalation...

8.8CVSS4.6AI score0.00345EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/17 12:0 a.m.33 views

Jenkins Pipeline Shared Groovy Libraries Plugin Sandbox Bypass Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Pipeline Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier versions have a sandbox bypass vulnerability...

8.8CVSS1.2AI score0.01541EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/15 12:0 a.m.33 views

Samsung Wear Os StTheaterModeReceiver access control error vulnerability

Samsung Wear Os is a version of the Android operating system from South Korea's Samsung Samsung. Versions of Samsung Wear OS prior to 3.0 are vulnerable to an access control error. The vulnerability stems from the lack of protective measures in the vulnerable component, which could be exploited b...

4.3CVSS3.8AI score0.00438EPSS
Exploits0References1
Total number of security vulnerabilities5000