Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/06/13 12:0 a.m.32 views

LibreHealth EHR Cross-Site Scripting Vulnerability (CNVD-2022-62206)

LibreHealth EHR is a clinically-focused electronic health record EHR system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. The navigation.php page lacks filtering and escaping for parameters. An attacker could exploit this vulnerability to...

6.1CVSS2.8AI score0.00852EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.32 views

Wolters Kluwer TeamMate Audit SQL Injection Vulnerability

Wolters Kluwer TeamMate Audit is a cloud-based audit management tool from Wolters Kluwer Netherlands. A SQL injection vulnerability exists in Wolters Kluwer TeamMate Audit version 28.0.19.0, which stems from a lack of filtering and escaping of SQL data in search forms. An attacker could use this...

8.8CVSS3.3AI score0.01001EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.32 views

Elasticsearch Denial of Service Vulnerability

Elasticsearch is a search engine based on the Lucene library. A denial of service vulnerability exists in Elasticsearch versions 8.0.0 included through 8.2.1 not included. An unauthenticated attacker could exploit the vulnerability to forcefully shut down an Elasticsearch node via a network reque...

5CVSS4AI score0.074EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/08 12:0 a.m.32 views

HUAWEI HarmonyOS Input Validation Error Vulnerability (CNVD-2022-66177)

HUAWEI HarmonyOS is an operating system from China's Huawei HUAWEI. HUAWEI HarmonyOS 2.0 is vulnerable to an input validation error, which can be exploited by attackers to cause elevation of privilege...

7.8CVSS4.4AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/24 12:0 a.m.32 views

Pix-Link MiniRouter 28K.MiniRouter.20190211 Cross-Site Scripting Vulnerability (CNVD-2022-77885)

Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link China.Pix-Link MiniRouter 28K.MiniRouter.20190211 suffers from a cross-site scripting vulnerability, which stems from an unhandled security key parameter. An attacker could exploit the vulnerability to execute JavaScript code ...

3.5CVSS3.6AI score0.00564EPSS
Exploits1
CNVD
CNVD
added 2022/05/20 12:0 a.m.32 views

InHand Networks InRouter302 OS Command Injection Vulnerability (CNVD-2022-59175)

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.37 contains an operating system command injection vulnerability that could be exploited by an attacker to cause remote code execution with the help of a specially crafted...

9.9CVSS5.7AI score0.04774EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.32 views

NVIDIA vGPU Software Memory Misreference Vulnerability

NVIDIA vGPU Software is a management software from NVIDIA Corporation that provides GPU capabilities to virtual machines. The software supports multiple virtual machines accessing the host GPU, providing graphics performance and application compatibility for virtual machines. vGPU Software is...

1.9CVSS2.5AI score0.00218EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/05/16 12:0 a.m.32 views

JetBrains TeamCity Log Information Disclosure Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity versions prior to 2022.04 have a log information disclosure...

4.9CVSS1.9AI score0.00459EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.32 views

HCL Technologies HCL Sametime File Upload Vulnerability

HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6. The vulnerability stems from the fact that the user SID in the application can be modified, which can be exploited to modify the SID to enable arbitrary file...

8.2CVSS2.7AI score0.00683EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.32 views

Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72853)

Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...

6.5CVSS5.7AI score0.0227EPSS
Exploits0
CNVD
CNVD
added 2022/05/13 12:0 a.m.32 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2022-49970)

Apache Tomcat is a lightweight Web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat suffers from a denial-of-service vulnerability that stems from a flaw in the configuration of Tomcat open...

7.5CVSS3.2AI score0.73139EPSS
Exploits5References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.32 views

curl information leakage vulnerability

curl is a tool used to transfer data from and to servers. curl versions 7.82.0 to 7.83.1 are vulnerable to an information disclosure vulnerability that stems from the fact that libcurl incorrectly allows cookies to be set for top-level domains TLDs if the hostname has a trailing dot, which can te...

5CVSS2.7AI score0.02414EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/13 12:0 a.m.32 views

SourceCodester Car Rental Management System Arbitrary File Upload Vulnerability

Sourcecodester Car Rental Management System is a car rental management system from Sourcecodester, Inc. SourceCodester Car Rental Management System version 1.0 is vulnerable to an arbitrary file upload vulnerability, which originates from The vulnerability is caused by a lack of validation of...

7.2CVSS2.8AI score0.01336EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.32 views

SAP NetWeaver ABAP Server Cross-Site Scripting Vulnerability

SAP NetWeaver ABAP Server is a Web application server for SAP products from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

5.4CVSS5.7AI score0.00425EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/22 12:0 a.m.32 views

Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64254)

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR has an input validation error vulnerability that can be exploited by an attacker to initiate certain activities...

8.5CVSS7.8AI score0.00136EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.32 views

E2fsprogs out-of-bounds read/write vulnerability

E2fsprogs is a set of tools for maintaining ext2, ext3 and ext4 file systems. version 1.46.5 of E2fsprogs is vulnerable due to an out-of-bounds read-write issue in the application. An attacker could use this vulnerability to cause a segmentation error and execute arbitrary code via a specially...

7.8CVSS6.2AI score0.01382EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.32 views

ThoughtWorks GoCD path traversal vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A path traversal vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker compromising the GoCD agent to upload malicious files to any directory on the GoCD serve...

7.5CVSS2.5AI score0.02309EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.32 views

Multiple Apple Products Vulnerabilities in Permissions Licensing and Access Control Issues

Apple macOS Big Sur is a mobile app from Apple. Apple macOS Monterey is the 18th major version of MacOS, Apple's desktop operating system for Macintosh. macOS Catalina is Apple's suite of Catalina is Apple's proprietary operating system developed specifically for Mac computers. Several Apple...

5.5CVSS4.2AI score0.00985EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.32 views

Microsoft Azure Site Recovery Information Disclosure Vulnerability (CNVD-2022-56588)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an information disclosure vulnerability, and no details of the vulnerability are available...

4.9CVSS1.5AI score0.02306EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.32 views

Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP, an application used by Microsoft to connect to remote Windows desktops. The vulnerability stems from the failure of a networked system or product to properly filter special elements of code segments...

8.5CVSS4.4AI score0.05294EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/14 12:0 a.m.32 views

MariaDB Denial of Service Vulnerability (CNVD-2022-65008)

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6 and lower, which stems from the inclusion of use-after-free in the component...

7.5CVSS7.9AI score0.02097EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.32 views

Webmin Cross-site Request Forgery Vulnerability (CNVD-2022-61344)

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.Webmin version 1.973 is vulnerable to cross-site request forgery, which stems from the lack of token validation for cross-site request forgery in the scheduled Cron job function. An...

8.8CVSS2.7AI score0.02309EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/11 12:0 a.m.32 views

Owncloud ownCloud Access Control Error Vulnerability

Owncloud is a personal cloud storage solution from Owncloud, a U.S. company. versions prior to Owncloud 2.20 contain an access control error vulnerability that could be exploited by attackers to access the application's internal files...

5.5CVSS5.3AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/08 12:0 a.m.32 views

D-Link DIR-878 Command Injection Vulnerability (CNVD-2022-38533)

The D-Link DIR-878 is a wireless router from D-Link, a Taiwan-based company. The D-Link DIR-878 is vulnerable to a command injection vulnerability that could be exploited by an unauthenticated LAN attacker to execute arbitrary system commands to control the system or interrupt services...

8.8CVSS4.6AI score0.01527EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.32 views

Open5GS Denial of Service Vulnerability (CNVD-2022-61342)

Open5Gs is a C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.3.6 and earlier, which stems from a buffer overflow in lib/sbi/message.c. A remote attacker could exploit this vulnerability to deny...

7.5CVSS5.3AI score0.016EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.32 views

Trend Micro Antivirus for Mac Elevation of Privilege Vulnerability (CNVD-2022-55061)

Trend Micro Antivirus for Mac is a Mac-based antivirus software from Trend Micro, Inc. An elevation of privilege vulnerability exists in Trend Micro Antivirus for Mac version 11.5, which could be exploited to create a specially crafted file as a symbol that could lead to elevation of privilege li...

8.5CVSS5.5AI score0.01187EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.32 views

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65624)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...

7.8CVSS5.5AI score0.01911EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.32 views

Sophos UTM log information leakage vulnerability

Sophos UTM is a next-generation firewall. a security vulnerability existed prior to Sophos UTM 9.710, which stems from the fact that Confd log files contain SHA512crypt password hashes for local users including the root user with insecure access rights, which can be exploited by attackers to...

7.8CVSS1.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.32 views

Open-xchange OX App Suite cross-site scripting vulnerability (CNVD-2022-28451)

Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-xchange OX App Suite versions 7.10.5 and below, and no detailed...

6.1CVSS6.2AI score0.00889EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.32 views

Jenkins Kubernetes Continuous Deploy Plugin Permissions Licensing and Access Control Issues Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...

6.5CVSS1.3AI score0.00887EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.32 views

UltraVNC has an unspecified vulnerability

UltraVNC is an open source remote terminal control software for the Windows platform. versions of UltraVNC prior to 1.3.8.0 have a security vulnerability in the DSM plug-in that can be exploited by a locally authenticated attacker to achieve Local Elevation of Privilege LPE on vulnerable systems...

8.8CVSS5.2AI score0.00265EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.32 views

TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-20080)

The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/getregverifycode, which can be exploited by a remote attacker to submit a special request that can crash an application or can be used to execute...

10CVSS9.8AI score0.02413EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.32 views

Ming Out-of-Bounds Read Vulnerability

Ming is a Flash SWF output library written in C language. Ming has a security vulnerability that can be exploited by attackers to obtain sensitive information...

6.5CVSS6.3AI score0.01132EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.32 views

Huawei Emui and Magic UI Heap Buffer Overflow Vulnerability

Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI are vulnerable to heap buffer overflow, which can be exploited by attackers to cause a denial of service...

7.8CVSS4.7AI score0.00814EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.32 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59680)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...

7.8CVSS6.3AI score0.02158EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.32 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59682)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...

7.8CVSS6.3AI score0.02158EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.32 views

Microsoft HEIF Image Extensions Remote Code Execution Vulnerability

Microsoft HEIF Image Extensions is a feature library for Microsoft Windows systems from Microsoft Corporation USA.Microsoft HEIF Image Extensions is vulnerable to remote code execution, which can be exploited by attackers to execute arbitrary code on the system...

7.8CVSS6.3AI score0.02131EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.32 views

Siemens RUGGEDCOM ROS Heap Buffer Overflow Vulnerability

Siemens RuggedCom ROS is an operating system used in the RuggedCom family of switches from Siemens, Germany. Siemens RUGGEDCOM ROS suffers from a heap buffer overflow vulnerability that can be exploited by attackers to cause a heap overflow...

9.8CVSS3.9AI score0.00981EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.32 views

Google Chrome WebShare memory misquoting vulnerability

Google Chrome is a web browser from Google, Inc. Google Chrome WebShare is vulnerable to a memory misreference vulnerability that results from a mix-up in the program's instructions for freeing memory, which could be exploited to execute arbitrary code on the system or cause a denial of service...

8.8CVSS4.3AI score0.00954EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/02 12:0 a.m.32 views

WordPress Crazy Bone plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Crazy Bone plugin 0.6.0 and earlier versions, which stems fr...

6.1CVSS6AI score0.01374EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

Home Owners Collection Management System存在未明漏洞

A security vulnerability exists in the Home Owners Collection Management System, a homeowner collection management system, which can be exploited by attackers to compromise user accounts via a crafted POST request...

9.8CVSS4.9AI score0.01351EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

JetBrains TeamCity Access Control Error Vulnerability (CNVD-2022-18622)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic.JetBrains TeamCity is vulnerable to an access control error that stems from the product's failure to validate data in XML-RPC requests and the identity of the user. An attacker could...

6.5CVSS2.6AI score0.00671EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

MODX Revolution code issue vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...

7.2CVSS5AI score0.09314EPSS
Exploits4References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

HUAWEI EMUI/Magic UI Denial of Service Vulnerability

HUAWEI EMUI is an Android-based mobile operating system developed by Huawei China. HUAWEI EMUI/Magic UI suffers from a denial-of-service vulnerability that can be exploited by attackers to perform DoS attacks and compromise service integrity...

7.5CVSS4.3AI score0.00664EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/28 12:0 a.m.32 views

TOTOLink A800R Command Injection Vulnerability

TOTOLink A800R is a wireless router from TotoLink, China.TOTOLink A800R V4.1.2cu.5137B20200730 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS6.8AI score0.0322EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/25 12:0 a.m.32 views

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy Denial of Service Vulnerability

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy are both products of International Business Machines Corporation IBM. IBM Sterling External Authentication Server and IBM Sterling External Authentication Server and IBM Sterling Secure Proxy have a denial of service...

7.5CVSS3.4AI score0.01968EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/25 12:0 a.m.32 views

Vim Buffer Overflow Vulnerability (CNVD-2022-20695)

A buffer overflow vulnerability exists in Vim, a UNIX-based editor, which stems from a product src/regexpbt.c file that does not effectively check for memory bounds. An attacker could cause a buffer overflow via this vulnerability...

8.8CVSS4.8AI score0.01622EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/24 12:0 a.m.32 views

Envoy Resource Management Error Vulnerability (CNVD-2022-15542)

Envoy is an open source distributed proxy server. Envoy is vulnerable to a resource management error that occurs when configuring "envoyv3apifieldextensions.filters.network.tcpproxy.v3. tunnelingconfig" crashes and the downstream connection is disconnected while the upstream connection or http/2...

7.5CVSS2.7AI score0.01046EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.32 views

libsolv Heap Overflow Vulnerability (CNVD-2022-15950)

libsolv is a library for checking package dependencies. libsolv has a security vulnerability, and no details of the vulnerability are currently provided...

2AI score
Exploits0References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.32 views

WikiDocs has unspecified vulnerabilities

WikiDocs is a database-free Markdown flat file Wiki engine from the personal developer Manuel Zavatta in Italy. WikiDocs suffers from a security vulnerability that stems from the fact that an attacker can exploit the vulnerability to upload malicious files via index.php using the image upload for...

8.8CVSS3.7AI score0.19872EPSS
Exploits1References1
Total number of security vulnerabilities5000