Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/12/09 12:0 a.m.•32 views

WordPress WPS Hide Login plugin authorization issue vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress WPS Hide Login plugin has an authorization issue vulnerability in versions prior to 1.9.1, which ste...

7.5CVSS2.9AI score0.71532EPSS
Exploits5References1
CNVD
CNVD
•added 2021/12/08 12:0 a.m.•32 views

Auerswald Compact has an unspecified vulnerability

The Auerswald Compact Series is an Ict solution from Auerswald Germany. a security vulnerability exists in the Auerswald Compact Series that could be exploited by an attacker to access a web-based management application for full administrative access to the device...

10CVSS6.3AI score0.71979EPSS
Exploits6References1
CNVD
CNVD
•added 2021/12/01 12:0 a.m.•32 views

Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability

Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...

6.1CVSS1.1AI score0.00641EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/22 12:0 a.m.•32 views

LibreCad Buffer Overflow Vulnerability (CNVD-2021-92473)

A buffer error vulnerability exists in LibreCAD, an open source CAD computer-aided design application from the LibreCAD organization, in LibreCad libdxfrw, which stems from the failure of the product's dwgCompressor::copyCompBytes21 function to properly handle special input data. An attacker coul...

8.8CVSS3.3AI score0.02686EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/17 12:0 a.m.•32 views

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2021-92541)

Moodle is a free and open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. This could lead to cross-site request forgery attacks. No details of the vulnerability are currently available...

8.8CVSS4.6AI score0.00607EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•32 views

Microsoft Windows Active Directory Elevation of Privilege Vulnerability

Microsoft Windows Active Directory is a centralized directory management service from Microsoft Corporation USA that is responsible for architecting large network environments. Microsoft Windows Active Directory has an elevation of privilege vulnerability that could be exploited by an attacker to...

7.5CVSS4.6AI score0.70207EPSS
Exploits9References1
CNVD
CNVD
•added 2021/11/11 12:0 a.m.•32 views

Multiple Siemens products with integer underflow vulnerability

Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...

9.1CVSS3.7AI score0.02106EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/01 12:0 a.m.•32 views

MediaWiki Permission License and Access Control Issues Vulnerability (CNVD-2021-84581)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. Mediawiki suffers from a Permission Permission and Access Control Issue vulnerability that stems from the...

8.8CVSS8.5AI score0.01124EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/31 12:0 a.m.•32 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05072)

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a denial of service or a code execution vulnerability...

7.8CVSS6AI score0.00601EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•32 views

Adobe Bridge Resource Management Error Vulnerability

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to execute arbitrary code...

7.8CVSS6.2AI score0.02EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•32 views

Adobe Audition null pointer dereference vulnerability

Adobe Audition is an audio editor and post-production suite. Adobe Audition 14.4 and earlier versions are vulnerable to a null pointer dereference vulnerability that could be exploited by attackers to cause a denial of service for the application...

5.5CVSS4.9AI score0.01209EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/25 12:0 a.m.•32 views

Unspecified vulnerability exists in stb stb_image.h (CNVD-2021-100610)

stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...

7.1CVSS2.5AI score0.0136EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/25 12:0 a.m.•32 views

WordPress code issue vulnerability (CNVD-2021-83670)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Catch Themes Demo Import in versions 1.7 a...

7.2CVSS7.2AI score0.55729EPSS
Exploits6References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•32 views

MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-05529)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. A cross-site scripting vulnerability exists in versions of MediaWiki prior to 1.36.2, which stems from the fact that MediaWiki messages associated with a month are not escaped until they are used on ...

6.1CVSS3.8AI score0.01302EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/12 12:0 a.m.•32 views

TinyXML Infinite Loop Vulnerability

TinyXML is a C++ XML parser that can be easily integrated into other programs. An infinite loop vulnerability exists in TiXmlParsingData::Stamp in tinyxmlparser.cpp in TinyXML 2.6.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted XML...

7.5CVSS7.1AI score0.03055EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•32 views

Adobe Acrobat Reader DC out-of-bounds read vulnerability

Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader DC suffers from an out-of-bounds read vulnerability that can be exploited by attackers to locally elevate privileges in the context of the current user...

4.3CVSS4.8AI score0.01808EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/26 12:0 a.m.•32 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99288)

Chrome is a simple and efficient web browsing tool developed by Google. portals in versions prior to Google Chrome 94.0.4606.61 are vulnerable to post-release reuse. An attacker could exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...

6.8CVSS2.9AI score0.11735EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•32 views

FFmpeg Buffer Overflow Vulnerability (CNVD-2021-74088)

FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. FFmpeg has a security vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...

8.8CVSS5AI score0.01195EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•32 views

Google Chrome DevTools Information Disclosure Vulnerability (CNVD-2021-73423)

Google Chrome is a web browser from Google, Inc. Google Chrome DevTools is vulnerable to information disclosure. A remote attacker could exploit this vulnerability to obtain sensitive information...

4.3CVSS2.5AI score0.01072EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•32 views

Adobe Acrobat/Reader Heap Buffer Overflow Vulnerability (CNVD-2021-85263)

Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a heap buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS3.9AI score0.12499EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•32 views

Eclipse Equinox has an unspecified vulnerability

Eclipse Equinox is a sub-project of the Eclipse Foundation that provides a certified implementation of the OSGi R4.x core framework specification. versions prior to Eclipse Equinox 4.21 have a security vulnerability that stems from the fact that if a p2 repository with HTTP is used, an attacker...

8.1CVSS1.9AI score0.01125EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/14 12:0 a.m.•32 views

Google Chrome Stack Buffer Overflow Vulnerability (CNVD-2021-92833)

Chrome is a simple and efficient web browsing tool developed by Google. a stack buffer overflow vulnerability exists in ANGLE in versions prior to Google Chrome 93.0.4577.82. An attacker could exploit this vulnerability to potentially exploit stack corruption via a crafted HTML page...

8.8CVSS4.4AI score0.00948EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/10 12:0 a.m.•32 views

Libtiff buffer overflow vulnerability

Libtiff is a library for reading and writing files in the Tagged Image File Format abbreviated as TIFF.A buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the TIFFVGetField function in libtiff/tifdir.c...

6.5CVSS5.4AI score0.01456EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•32 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05074)

Vim is a UNIX-based editor. vim has a buffer overflow vulnerability, which stems from the use of retab in the vim software when the value of memory access is larger invalid, an attacker can use this vulnerability to cause a heap buffer overflow...

8.6CVSS3AI score0.00735EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/06 12:0 a.m.•32 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2022-82655)

Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for reading and writing NTFS partitions.Tuxera NTFS-3G is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to crash an application or execute arbitrary code in the application...

7.8CVSS6.5AI score0.00418EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•32 views

Google Chrome Media code execution vulnerability

Google Chrome is a web browser from Google Inc. A code execution vulnerability exists in Google Chrome Media. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.4AI score0.04159EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•32 views

Google Chrome Autofill Spoofing Vulnerability (CNVD-2021-67541)

Google Chrome is a web browser from Google, Inc. A spoofing vulnerability exists in Google Chrome Autofill. An attacker can exploit this vulnerability to perform spoofing...

6.5CVSS3AI score0.03468EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•32 views

Google Chrome Sign-In code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Sign-In. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.5AI score0.04159EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/26 12:0 a.m.•32 views

F5 BIG IP APM OCSP Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP APM OCSP denial of service vulnerability can be exploited by attackers to cause a denial of service DoS on the...

5.3CVSS3.9AI score0.00579EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/26 12:0 a.m.•32 views

F5 BIG-IP iControl SOAP CSRF Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A CSRF vulnerability exists in F5 BIG-IP iControl SOAP, which could be exploited by an attacker to potentially trick...

8.8CVSS4.9AI score0.00466EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/25 12:0 a.m.•32 views

SQLite Segmentation Error Vulnerability

SQLite is a self-sufficient, serverless, zero-configuration, transactional SQL database engine. idxGetTableInfo function in SQLite version 3.36.0 is vulnerable to a segmentation error. An attacker could exploit the vulnerability via a specially crafted SQL query to cause a denial of service...

7.5CVSS5.2AI score0.03898EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/18 12:0 a.m.•32 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-68453)

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in WebRTC in versions of Google Chrome prior to 92.0.4515.159. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...

8.8CVSS3.5AI score0.02118EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/16 12:0 a.m.•32 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-90322)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox is vulnerable to a resource management error vulnerability that originates from post-release usage in the media channel. No detailed vulnerability details are provided at this time...

8.8CVSS8.7AI score0.01451EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/11 12:0 a.m.•32 views

Adobe Connect Security Feature Bypass Vulnerability

Adobe Connect is an online video conferencing software. A security feature bypass vulnerability exists in Adobe Connect 11.2.2 and earlier versions. The vulnerability stems from a violation of security design principles. No detailed vulnerability details are available at this time...

5.4CVSS5.6AI score0.01568EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•32 views

Exiv2 out-of-bounds read vulnerability (CNVD-2021-61439)

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. an out-of-bounds read vulnerability exists in Exiv2 versions 0.27.4 and earlier. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...

5.5CVSS5.6AI score0.00984EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/07 12:0 a.m.•32 views

JetBrains YouTrack Encryption Issue Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack is vulnerable to an encryption issue prior to version 2021.2.16363, which stems from the software's use of the SHA-256 algorithm for password hashing. An attacker...

5CVSS3.2AI score0.00699EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/08/06 12:0 a.m.•32 views

Unspecified Vulnerability in HCC Embedded InterNiche (CNVD-2021-59225)

HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche stack versions prior to 4.3 and NicheLite versions prior to 4.3, which can be exploited by an attacker to cause an infinite loop that interrupts TCP/IP communication...

7.5CVSS7.4AI score0.02588EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/05 12:0 a.m.•32 views

Industrial Light And Magic OpenEXR Buffer Overflow Vulnerability (CNVD-2022-19853)

OpenEXR is an image file format developed by Industrial Light and Magic LIM for high dynamic range HDR images. Industrial Light And Magic OpenEXR suffers from a buffer overflow vulnerability that stems from OpenEXR incorrectly handling certain formatted An attacker could exploit this vulnerabilit...

5.5CVSS2.6AI score0.01007EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/04 12:0 a.m.•32 views

Nexus Control Panel Buffer Overflow Vulnerability (CNVD-2021-62180)

Swisslog Healthcare Nexus Panel, a medical device from Swisslog Healthcare, has a security vulnerability in versions prior to Nexus Control Panel 7.2.5.7. The vulnerability can be exploited to override the internal queue data structure, allowing for remote code execution...

9.8CVSS5AI score0.03264EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/03 12:0 a.m.•32 views

Prosodical Thoughts Prosody Information Disclosure Vulnerability

Prosodical Thoughts Prosody is an open source application of Prosodical Thoughts. A modern XMPP communication server. Prosodical Thoughts Prosody is vulnerable to an information disclosure vulnerability that originates in muc.lib.lua in Prosody versions 0.11.0 through 0.11.9, which can be exploit...

7.5CVSS1.9AI score0.02329EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/23 12:0 a.m.•32 views

Apple macOS Big Sur Buffer Overflow Vulnerability (CNVD-2021-102842)

Apple macOS Big Sur is a mobile application app from Apple Inc. Apple macOS Big Sur is vulnerable to a buffer overflow vulnerability that could be exploited by remote attackers to create a specially crafted font file and trick victims into opening it, triggering an out-of-bounds read error and...

7.8CVSS4.7AI score0.01204EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•32 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66080)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation-of-privilege vulnerability exists in the Remote Access Connection Manager in Microsoft...

7.8CVSS3.8AI score0.00524EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•32 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-90105)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. Mozilla Firefox is vulnerable to a resource management error that stems from a post-release usage error in the outdated Cairo library. An attacker could exploit the vulnerability to create a specially crafted web page...

8.8CVSS3.4AI score0.01046EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•32 views

Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2021-70146)

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS4AI score0.04331EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/08 12:0 a.m.•32 views

SQL Injection Vulnerability in RG-UAC Ruijie Unified Internet Behavior Management and Auditing System

Ruijie Unified Internet Behavior Management and Auditing System is an Internet behavior management and auditing product independently developed by Ruijie Networks. The RG-UAC Unified Internet Behavior Management and Audit System has a SQL injection vulnerability, which can be exploited by an...

7.4AI score
Exploits0
CNVD
CNVD
•added 2021/07/07 12:0 a.m.•32 views

Command execution vulnerability in Zhiyuan OA (CNVD-2021-51370)

Zhiyuan OA is a collaborative management software, a digital collaborative operation platform for medium-sized and large group organizations. A command execution vulnerability exists in Zhiyuan OA, which can be exploited by an attacker to execute arbitrary commands...

7.9AI score
Exploits0
CNVD
CNVD
•added 2021/07/01 12:0 a.m.•32 views

NETGEAR WAC104 Authentication Bypass Vulnerability

NETGEAR WAC104 is a wireless access point AP from Netgear, Inc. The NETGEAR WAC104 authentication bypass vulnerability can be exploited by an unauthenticated attacker to bypass the AP by placing...

10CVSS3.6AI score0.03064EPSS
Exploits2References1
CNVD
CNVD
•added 2021/06/29 12:0 a.m.•32 views

NVIDIA GeForce Experience Cross-Site Scripting Vulnerability

NVIDIA GeForce Experience is a set of automatic graphics card update tools from Nvidia Corporation. A cross-site scripting vulnerability exists in NVIDIA GeForce Experience, which could be exploited by attackers to trick users into clicking on a maliciously formatted link in their browser and...

8.3CVSS4.4AI score0.009EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/22 12:0 a.m.•32 views

Unauthorized access vulnerability in HP Photosmart 5520 series

The HP Photosmart 5520 series is a mid-range inkjet printer. An unauthorized access vulnerability exists in the HP Photosmart 5520 series. An attacker could exploit the vulnerability to obtain sensitive information...

6.7AI score
Exploits0
CNVD
CNVD
•added 2021/05/12 12:0 a.m.•32 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66099)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the "Container Manager Service" of Microsoft...

7.8CVSS3.6AI score0.00977EPSS
Exploits0References1
Total number of security vulnerabilities5000