Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/04/19 12:0 a.m.109 views

Multiple Adobe Products Resource Management Error Vulnerability (CNVD-2022-46973)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. A resource management error vulnerability exists in several Adobe products, which can be exploited by attackers to cause a sensitive...

4.3CVSS6.8AI score0.01804EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/09 12:0 a.m.108 views

Oracle MySQL has an unspecified vulnerability (CNVD-2023-07925)

Oracle MySQL is an open source relational database management system from Oracle Corporation USA. Oracle MySQL suffers from a security vulnerability that can be exploited by attackers to cause an unauthorized capability to cause the MySQL server to hang or crash repeatedly and frequently full DOS...

4.9CVSS3AI score0.00767EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.108 views

Google Android elevation of privilege vulnerability (CNVD-2022-50272)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to gain elevated privileges on the system...

7.2CVSS7.3AI score0.00123EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.108 views

Fast Food Ordering System SQL注入漏洞

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/menus/viewmenu.php?id=page Lack of validation of external input SQL statements can be...

9.8CVSS4.9AI score0.01026EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/06 12:0 a.m.108 views

IBM UrbanCode Deploy Encryption Issue Vulnerability

IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...

7.5CVSS2.2AI score0.00692EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/05 12:0 a.m.108 views

Adobe Prelude Memory Corruption Vulnerability (CNVD-2022-02637)

Adobe Prelude is a set of video clip editing tools from Adobe. Adobe Prelude has a memory corruption vulnerability that can be exploited by remote attackers to execute arbitrary code in the context of the current user...

9.3CVSS5.8AI score0.01995EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/15 12:0 a.m.108 views

Adobe InCopy Memory Out-of-Bounds Access Vulnerability (CNVD-2021-87304)

Adobe InCopy is a professional word processing program from Adobe that is integrated with Adobe InDesign. Adobe InCopy 16.3.1, 16.3 and earlier versions are vulnerable to a memory out-of-bounds access vulnerability. An attacker could exploit the vulnerability to achieve arbitrary file system writ...

7.8CVSS5.5AI score0.01659EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/17 12:0 a.m.107 views

Adobe Premiere Rush Stack Buffer Overflow Vulnerability

Adobe Premiere Rush is a set of cross-platform video editing software from the U.S. company Audobee Adobe. A buffer overflow vulnerability exists in Adobe Premiere Rush versions prior to 2.7, which stems from a boundary error when handling untrusted input. An attacker could exploit this...

7.8CVSS7.8AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.107 views

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-48959)

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to SQL injection, which originates from /psrs/classes/Master.php?f=deletecategory The page lacks validation for external input SQL statements, which can b...

7.2CVSS5.6AI score0.00909EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/25 12:0 a.m.107 views

Weak Password Vulnerability in Netnifty's Web Tampering Prevention System

Beijing Netnifty Information Technology Company is a leading enterprise in the domestic information security industry, specializing in the research and development, production and sales of information security products, and providing hierarchical overall security solutions and security profession...

6.8AI score
Exploits0
CNVD
CNVD
added 2022/05/17 12:0 a.m.107 views

Strapi Cross-Site Scripting Vulnerability (CNVD-2022-47471)

Strapi is an open source content management system CMS. Strapi suffers from a cross-site scripting vulnerability that stems from insufficient filtering of user-supplied data in the file upload function, which can be exploited by remote attackers to inject and execute arbitrary HTML and script cod...

4.8CVSS3.9AI score0.00712EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/19 12:0 a.m.107 views

Multiple Adobe Products Resource Management Error Vulnerability (CNVD-2022-46972)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. A resource management error vulnerability exists in several Adobe products, which can be exploited by an attacker to execute arbitrary...

9.3CVSS7.8AI score0.12561EPSS
Exploits0References1
CNVD
CNVD
added 2022/12/16 12:0 a.m.106 views

Adobe Experience Manager open redirect vulnerability

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager has an ope...

5.4CVSS4.1AI score0.00469EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.106 views

SQL Injection Vulnerability in Physical Examination File Management System of Nanjing Zhongwei Xin Software Technology Co.

Ltd. is a national high-tech enterprise relying on independent research and development and technological innovation to form the core technology to carry out production and operation. There is a SQL injection vulnerability in the Medical Examination File Management System of Nanjing Zhongwei Xin...

7.5AI score
Exploits0
CNVD
CNVD
added 2022/06/20 12:0 a.m.105 views

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-48960)

Product Show Room Site is a product showroom website from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to SQL injection, which originates from the /psrs/classes/Master.php?f=deleteinquiry page Lack of validation of external input SQL statements allows...

7.2CVSS5.2AI score0.00909EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.105 views

Product Show Room Site SQL注入漏洞

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to SQL injection, which originates from /psrs/admin/categories/managefieldorder. php?id=page has a SQL injection issue. No detailed vulnerability details...

7.2CVSS3.6AI score0.01006EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/16 12:0 a.m.105 views

Adobe Media Encoder Memory Corruption Vulnerability (CNVD-2022-50235)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A memory corruption vulnerability exists in Adobe Media Encoder version 15.4 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the current user environmen...

7.8CVSS7.7AI score0.01908EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.105 views

Multiple Adobe Products Resource Management Error Vulnerability (CNVD-2022-46977)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. A resource management error vulnerability exists in several Adobe products, which can be exploited by an attacker to execute arbitrary...

9.3CVSS7.8AI score0.11085EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/10 12:0 a.m.105 views

Adobe InCopy null pointer dereference vulnerability

Adobe InCopy is a professional word processing program from Adobe that is integrated with Adobe InDesign. Adobe InCopy 16.4 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service...

4.3CVSS5.4AI score0.0201EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/02/17 12:0 a.m.104 views

Adobe Photoshop Input Validation Error Vulnerability (CNVD-2023-17021)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from an input validation error vulnerability that originates from improper user input validation and can be exploited by an...

7.8CVSS7.7AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.104 views

Adobe InCopy Heap Buffer Overflow Vulnerability

Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

9.3CVSS7.9AI score0.05941EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.103 views

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-48962)

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to SQL injection, which originates from the /psrs/admin/?page=user/manageuser&id= page. SQL injection problem. No detailed vulnerability details are...

7.2CVSS4AI score0.00909EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/24 12:0 a.m.103 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-47668)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to a buffer overflow vulnerability that stems from a lack of boundary checks and can be exploited by attackers to cause a local privilege escalation...

7.2CVSS5.5AI score0.00329EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.102 views

Adobe InCopy Out-of-Bounds Write Vulnerability (CNVD-2022-50231)

Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

9.3CVSS7.6AI score0.01934EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.102 views

Jenkins WMI Windows Agents Plugin Buffer Overflow Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A buffer overflow vulnerability exists in...

8.8CVSS2.4AI score0.0168EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.102 views

Multiple Adobe Products Resource Management Error Vulnerability (CNVD-2022-46976)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. A resource management error vulnerability exists in several Adobe products, which can be exploited by an attacker to execute arbitrary...

9.3CVSS7.8AI score0.12508EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/06 12:0 a.m.101 views

Apache HTTP Server Http Request Smuggling Vulnerability (CNVD-2023-30860)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Http request smuggling vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.55 and earlier, which stems from a...

9CVSS6.7AI score0.01879EPSS
Exploits0References1
CNVD
CNVD
added 2023/01/12 12:0 a.m.101 views

Linux kernel has unspecified vulnerabilities (CNVD-2023-06474)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel has a security vulnerability that stems from type obfuscation, which leads to denial of service. No details of the vulnerability are currently available...

5.5CVSS2.2AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/08 12:0 a.m.101 views

Mozilla Firefox Security Feature Issue Vulnerability (CNVD-2023-17326)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security signature issue vulnerability exists in Mozilla Firefox versions prior to 100.0 that stems from Firefox for Android not properly logging and retaining HSTS settings. An attacker can exploit...

6.1CVSS6.4AI score0.00354EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/06 12:0 a.m.101 views

IBM Sterling Partner Engagement Manager权限提升漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from IBM Corporation. IBM Sterling Partner Engagement Manager version 6.2.0 contains an elevation of privilege vulnerability that could be exploited by attackers to elevate privileges and perform unexpected operations on othe...

6.2CVSS4.9AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/08 12:0 a.m.101 views

IBM AIX Denial of Service Vulnerability (CNVD-2022-48943)

IBM AIX is an open standards-based UNIX operating system developed by IBM for the IBM Power architecture. IBM AIX denial-of-service vulnerability, which stems from the product AIX pfcdd kernel extension does not do the correct processing of incoming error messages, an attacker can use the...

6.2CVSS3.7AI score0.00217EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/08 12:0 a.m.101 views

WordPress WP_Query SQL Injection Vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress has a SQL injection vulnerability in versions prior to 5.8.3, which stems from the lack of validation of externally...

8CVSS4.1AI score0.97795EPSS
Exploits14References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.100 views

Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...

6.5CVSS6.8AI score0.00771EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/14 12:0 a.m.100 views

dynamicMarkt SQL Injection Vulnerability

dynamicMarkt is a software. dynamicMarkt 3.10 and earlier versions are vulnerable to SQL injection, which is exploited by attackers to perform SQL injection...

9.8CVSS4.1AI score0.01181EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/26 12:0 a.m.100 views

Snipe-IT Cross-Site Scripting Vulnerability (CNVD-2022-47474)

Snipe-IT is an open source IT asset/license management system. snipe-IT has a cross-site scripting vulnerability that stems from a cross-site scripting vulnerability stored in the checkedoutto parameter, which can be exploited by attackers to obtain user cookies...

9CVSS2.5AI score0.00743EPSS
Exploits1References1
CNVD
CNVD
added 2024/01/03 12:0 a.m.99 views

Command Execution Vulnerability in Green Alliance WAF of Beijing Shenzhou Green Alliance Technology Co., Ltd (CNVD-2024-07088)

Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. Ltd. Green Alliance WAF has a command execution vulnerability that can be exploited by attackers to execute arbitrary commands...

7.9AI score
Exploits0
CNVD
CNVD
added 2023/08/25 12:0 a.m.99 views

Smartbi windowUnloading Authentication Bypass Vulnerability

Smartbi is a one-stop big data analytics platform. An authentication bypass vulnerability exists in Smartbi windowUnloading, which can be exploited by an attacker to obtain system user credentials and execute remote code...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.99 views

Adobe InCopy Out-of-Bounds Write Vulnerability (CNVD-2022-50232)

Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

9.3CVSS7.6AI score0.02242EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.99 views

Adobe InCopy out-of-bounds write vulnerability (CNVD-2022-76627)

Adobe InCopy is a text editing software for authoring from Adobe U.S. An out-of-bounds write vulnerability exists in Adobe InCopy, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory and can be exploited by an attacke...

7.8CVSS4AI score0.00402EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.99 views

Shopware Cross-Site Scripting Vulnerability (CNVD-2022-47472)

Shopware is a suite of open source e-commerce software from the German company Shopware. cross-site scripting vulnerability exists in versions of Shopware prior to 5.7.9, which stems from a lack of filtering and escaping of user data in the plugin. No detailed vulnerability details are available...

6.1CVSS2.1AI score0.00738EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/29 12:0 a.m.99 views

Huawei CV81-WDM FW Buffer Overflow Vulnerability

The Huawei CV81-WDM FW is a laser multifunction printer from Huawei China. A buffer overflow vulnerability exists in the Huawei CV81-WDM FW. The vulnerability stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, and can be...

10CVSS7.5AI score0.00802EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/26 12:0 a.m.99 views

Halo Cross-Site Scripting Vulnerability (CNVD-2022-47473)

Halo is a personal blogging system for individual developers. Halo is vulnerable to a cross-site scripting vulnerability that originates in adminindex.html/system/tools and contains a stored cross-site scripting XSS vulnerability. No detailed vulnerability details are available at this time...

4.8CVSS1.2AI score0.004EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.99 views

MariaDB Denial of Service Vulnerability (CNVD-2022-65012)

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. MariaDB suffers from a denial of service vulnerability that stems from a shaping error in the product sqllex.cc file. An attacker could exploit the...

5.5CVSS6.1AI score0.00425EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/27 12:0 a.m.99 views

Adobe Dimension out-of-bounds write vulnerability

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...

9.3CVSS5.7AI score0.03144EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.98 views

Adobe InCopy Memory Misreference Vulnerability

Adobe InCopy is a text editing software for authoring from Adobe U.S.A. A memory mis-reference vulnerability exists in Adobe InCopy, which stems from a mix-up in the program's instructions for freeing memory. An attacker could exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS4.3AI score0.00489EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.98 views

Huawei HarmonyOS Information Disclosure Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An information disclosure vulnerability exists in Huawei HarmonyOS version 2.0. The vulnerability stems from the failure to properly validate the Array Index...

9.1CVSS6.8AI score0.00741EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/10 12:0 a.m.98 views

Microsoft 3D Viewer remote code execution vulnerability

A code injection vulnerability exists in Microsoft 3D Viewer, a simplified and fast graphics editing application from Microsoft Corporation USA. The vulnerability stems from the process of constructing code segments from external input data that is not properly filtered by the network system or...

7.8CVSS3.5AI score0.03821EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.97 views

Product Show Room Site Cross-Site Scripting Vulnerability (CNVD-2022-48964)

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to cross-site scripting, which stems from using a special string input text box that leads to cross-site scripting. No details of the vulnerability are...

4.8CVSS3.2AI score0.006EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/09 12:0 a.m.97 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-47671)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to a buffer overflow vulnerability that originates in l2cbleprocesssigcmd in l2cble.cc, which could result in an out-of-bounds read due to a boundary check error The vulnerability can be...

6.5CVSS4.9AI score0.00256EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/09 12:0 a.m.97 views

Google Android Elevation of Privilege Vulnerability (CNVD-2022-47670)

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in checkSlicePermission in SliceManagerService.java, due to an input validation error, it is possible to access any slice URI, and an...

7.8CVSS4AI score0.00204EPSS
Exploits0References1
Total number of security vulnerabilities5000