Lucene search
K
CnvdMost viewed

131179 matches found

CNVD
CNVD
added 2022/05/12 12:0 a.m.43 views

Microsoft Windows Server Service Information Disclosure Vulnerability

Microsoft Windows is a desktop operating system from Microsoft Corporation USA, and an information disclosure vulnerability exists in Microsoft Windows Server Service. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker could use...

6.5CVSS1.6AI score0.02714EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.43 views

WordPress Advanced Page Visit Counter plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Advanced Page Visit Counter plug...

6.1CVSS1.3AI score0.01277EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.43 views

Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software Redirection Vulnerability

Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of Cisco, a U.S. company.Cisco RoomOS Software is a set of automated management software for Cisco devices. Cisco TelePresence Collaboration Endpoint Software is a set of collaboration endpoint...

6.5CVSS2.1AI score0.00698EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/29 12:0 a.m.43 views

Cisco Firepower Threat Defense输入验证错误漏洞

Cisco Firepower Threat Defense is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense Software is vulnerable to an input validation error that could be exploited by an authenticated local attacker to inject XML into the command...

7.8CVSS3.2AI score0.00257EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/28 12:0 a.m.43 views

Monstaftp server-side request forgery vulnerability

Monstaftp is a modern Web interface for FTP. version v2.10.3 of Monstaftp is vulnerable to server-side request forgery, which stems from the product's failure to properly validate user input and can be exploited by attackers to probe server intranet resources...

7.5CVSS3.9AI score0.01366EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/04/22 12:0 a.m.43 views

MISP Cross-Site Scripting Vulnerability (CNVD-2022-64091)

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerability exists in versions prior to MISP 2.4.158, which...

5.4CVSS2.4AI score0.0081EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/22 12:0 a.m.43 views

Samsung SMR Device Heap Buffer Overflow Vulnerability

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A heap buffer overflow vulnerability exists in Samsung SMR devices, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system...

10CVSS9.9AI score0.01306EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.43 views

Cisco IOS XE Elevation of Privilege Vulnerability (CNVD-2022-55149)

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices.Cisco IOS XE has an elevation of privilege vulnerability that can be exploited by attackers to execute arbitrary commands as root...

7.2CVSS6.2AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.43 views

RiteCMS path traversal vulnerability

RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...

8.5CVSS4.2AI score0.20963EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.43 views

Siemens SCALANCE X-300 Switch Family Devices Cross-Site Scripting Vulnerability

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. A cross-site scripting vulnerability exists in Siemens SCALANCE X-300 Switch Famil...

6.1CVSS6.1AI score0.0054EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.43 views

KevinLAB Building Energy Management System跨站请求伪造漏洞

KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea.A cross-site request forgery vulnerability exists in KevinLAB Building Energy Management System version 4ST BEMS 1.0.0 and is currently No detailed vulnerability details are available...

6.5CVSS3.6AI score0.01415EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.43 views

jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability

jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...

3.5CVSS5.1AI score0.71209EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/04/07 12:0 a.m.43 views

Schneider Electric ConneXium Network Manager Software Denial of Service Vulnerability

Schneider Electric ConneXium Network Manager Software, an industrial Ethernet network management software from Schneider Electric, France, is vulnerable to a denial of service in Schneider Electric ConneXium Network Manager Software03.23 and earlier versions contain a denial of service...

7.5CVSS1.8AI score0.0096EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.43 views

TotoLink EX300_v2 Command Injection Vulnerability

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 is vulnerable to command injection, which can be exploited by unauthenticated attackers to remotely execute code as root via MitM attack...

7.9CVSS6.6AI score0.00967EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/29 12:0 a.m.43 views

WordPress WP-DownloadManager plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress WP-DownloadManager plugin version 1.68.6...

5.4CVSS1.3AI score0.00544EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.43 views

TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53560)

TotoLink N600R is a wireless router from TotoLink, Taiwan, China. TotoLink N600R is vulnerable to command injection, which can be exploited by attackers via the exportOvpn interface of cstecgi.cgi...

9.8CVSS5.2AI score0.03986EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.43 views

Google Android Elevation of Privilege Vulnerability (CNVD-2022-22949)

Google Android is a Linux-based open source operating system from Google, Inc. An elevation-of-privilege vulnerability exists in Google Android due to a code logic error in kbasejduserbufpinpages in malikbasemem.c. error. An attacker could exploit this vulnerability to elevate local privileges...

7.2CVSS4.1AI score0.00732EPSS
Exploits0
CNVD
CNVD
added 2022/03/22 12:0 a.m.43 views

Jenkins Extended Choice Parameter Plugin任意文件读取漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Extended Choice Parameter Plugin...

6.5CVSS2.4AI score0.01519EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.43 views

Totolink X5000R Command Injection Vulnerability

Totolink X5000R is a router from China-based Jion Electronics Totolink. a command injection vulnerability exists in Totolink X5000R v9.1.0u.6118B20201102, which stems from a failure of the tz parameter in the setNtpCfg function to properly filter the special element of the constructed command. An...

9.8CVSS3.9AI score0.2558EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.43 views

WordPress Page Builder KingComposer plugin access control error vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Page Builder KingComposer plugin version...

6.1CVSS1.9AI score0.0428EPSS
Exploits4References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.43 views

JetBrains TeamCity Code Issue Vulnerability (CNVD-2022-20140)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting. JetBrains TeamCity is vulnerable to a code issue that could be exploite...

7.5CVSS2AI score0.00752EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.43 views

GPAC Buffer Overflow Vulnerability (CNVD-2022-22320)

GPAC is an open source multimedia framework focused on modularity and standards compliance. GPAC suffers from a buffer overflow vulnerability that can be exploited by attackers to corrupt system memory via manually debugged illegitimate input...

7.8CVSS5.8AI score0.00948EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.43 views

Mattermost Server Buffer Overflow Vulnerability

Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost server. POST body to crash the server...

7.5CVSS2.8AI score0.00815EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.43 views

Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22099)

Adobe After Effects is a suite of visual effects and motion graphics software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects, which stems from a failure to properly validate data boundaries when performing operations on memory, and can be exploited by remote...

9.3CVSS4.2AI score0.03803EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/08 12:0 a.m.43 views

NETGEAR WAC120 Cross-Site Scripting Vulnerability

Netgear NETGEAR WAC120 is a wireless access point AP from Netgear, Inc. A cross-site scripting vulnerability exists in the Netgear WAC120 AC Access Point, which stems from unauthenticated cross-site scripting XSS could lead to a variety of attacks, such as session hijacking or even clipboard...

6.1CVSS1.3AI score0.00719EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.43 views

Google Chrome Omnibox code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Omnibox, which is caused by a confusion in the program's instructions for freeing memory and can be exploited by attackers to execute arbitrary code on the system or cause a denial of service...

8.8CVSS7.2AI score0.00924EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.43 views

JetBrains TeamCity XML External Entity Handling Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...

9.8CVSS2.1AI score0.01011EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.43 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-17770)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a security flaw that could be exploited by an attacker to inject data into a victim's TCP session or terminate that session...

5.9CVSS2.1AI score0.00678EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.43 views

Reolink RLC-410W OS Command Injection Vulnerability

Reolink Rlc-410W is a Wifi security camera from Reolink China. The Reolink RLC-410W suffers from an OS command injection vulnerability. An attacker can exploit this vulnerability to cause command execution by sending a specially crafted HTTP request...

9.1CVSS7.4AI score0.27876EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/17 12:0 a.m.43 views

librenms Information Disclosure Vulnerability (CNVD-2022-12751)

Librenms is a PHP and MySQL based open source network monitoring system from the Librenms community. The system features custom alerts, auto-discovery of network environments and automatic updates. librenms suffers from an information disclosure vulnerability that stems from allowing users with...

7.1CVSS2AI score0.01071EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/16 12:0 a.m.43 views

Tenda Router AX12 Buffer Overflow Vulnerability

Tenda Ax12 is a dual-band Gigabit Wifi 6 wireless router from Tenda, China.A security vulnerability exists in the Tenda Router AX12, which stems from a buffer overflow vulnerability in the sub 422CE4 function of the page goform setIPv6Status, which can be exploited by an attacker to cause a denia...

7.8CVSS4AI score0.12294EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/14 12:0 a.m.43 views

Linux kernel buffer overflow vulnerability (CNVD-2022-68616)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel buffer overflow vulnerability, which is caused by a failure of the Transparent Inter-Process Communication TIPC module to properly boundary check. An attacker could exploit the vulnerability...

9CVSS4.1AI score0.67994EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.43 views

WordPress NextScripts:Social Networks Auto-Poster插件跨站脚本漏洞

NextScripts:Social Networks Auto-Poster WordPress plugin is vulnerable to a cross-site scripting vulnerability in versions prior to 4.3.24. The vulnerability stems from the fact that log requests are not escaped before being exported to the relevant administrative The vulnerability stems from the...

6.1CVSS3.4AI score0.01334EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.43 views

Bentley Systems MicroStation Resource Management Error Vulnerability (CNVD-2022-16147)

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A resource management error vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.7AI score0.02005EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/27 12:0 a.m.43 views

vim buffer overflow vulnerability (CNVD-2022-20799)

Vim is a UNIX-based editor. buffer overflow vulnerability exists in versions prior to vim 8.2, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to...

8.4CVSS5.1AI score0.00609EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/26 12:0 a.m.43 views

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2022-08151)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site request forgery vulnerability exists in Moodle 3.11 through 3.11.4, 3.10 through 3.10.8, and 3.9 through 3.9.11, which ste...

8.8CVSS8.6AI score0.00607EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.43 views

Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2022-07642)

Adobe Illustrator is a set of vector-based image creation software from the American company Odobi Adobe. A buffer overflow vulnerability exists in Adobe?Illustrator. An attacker could use this vulnerability to trick a victim into opening a carefully constructed file, triggering an out-of-bounds...

5.5CVSS4.2AI score0.01442EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.43 views

Unspecified Vulnerability in Moddable SDK

Moddable SDK is a set of software development kits SDKs for IoT embedded software development from the US company Moddable. A security vulnerability exists in the Moddable SDK, which stems from the discovery that Moddable SDK v11.5.0 contains a SEGV vulnerability via the xs source xsDataView.c in...

5.5CVSS5.5AI score0.00717EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.43 views

JerryScript js-parser-expr.c denial-of-service vulnerability

JerryScript is a lightweight JavaScript engine from the JerryScript project.JerryScript has a denial of service vulnerability in version 3.0.0, which stems from an assertion failure in /jerry-core/parser/js/js-parser-expr.c. An attacker could use this vulnerability to launch a denial of service...

5.5CVSS3AI score0.00621EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/20 12:0 a.m.43 views

Linux kernel elevation of privilege vulnerability (CNVD-2022-68560)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to bypass Linux kernel restrictions through Cgroup Fd Writing to elevate privileges...

7.8CVSS4AI score0.00541EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/19 12:0 a.m.43 views

Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05874)

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

7.5CVSS1.7AI score0.92331EPSS
Exploits6References1
CNVD
CNVD
added 2022/01/16 12:0 a.m.43 views

Jenkins Badge Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...

5.4CVSS5.6AI score0.00839EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.43 views

Apache Dubbo Deserialization Vulnerability (CNVD-2022-05106)

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery. Apache Dubbo in version 3.2.11 a...

9.8CVSS2.7AI score0.15313EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/12 12:0 a.m.43 views

Adobe Acrobat, Adobe Acrobat Reader buffer overflow vulnerability

Adobe Acrobat is a set of PDF file editing and conversion tools from Adobe. Adobe Acrobat and Reader is vulnerable to a buffer overflow vulnerability that stems from a boundary error when processing PDF files. An unauthenticated, remote attacker could trick a victim into opening a specially craft...

9.3CVSS4.7AI score0.07409EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/11 12:0 a.m.43 views

Google Android Input Validation Error Vulnerability (CNVD-2022-06152)

Google Android is a Linux-based open-source operating system from Google, Inc. Google Android 11 is vulnerable to an input validation error that originates when a network system or product does not properly validate input data. An attacker could exploit the vulnerability to improperly validate th...

7.8CVSS4.2AI score0.00155EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/08 12:0 a.m.43 views

Apache Kylin server-side request forgery vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Apache kylin has a server-side request forgery vulnerability, which ste...

7.5CVSS1.6AI score0.02557EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/06 12:0 a.m.43 views

WordPress Booster for WooCommerce plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Booster for WooCommerce plugin prior to 5.4.9. createproductsxmlresult parameter is escaped and filtered, an attacker can...

6.1CVSS1.9AI score0.00757EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/04 12:0 a.m.43 views

Wireshark Injection Vulnerability (CNVD-2022-11201)

Wireshark formerly Ethereal is a set of network packet analysis software from the Wireshark team. Gryphon dissector is one of the Gryphon protocol parsers. An attacker could exploit this vulnerability to cause a denial of service via packet injection or specially crafted capture files...

7.5CVSS4.3AI score0.03296EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/03 12:0 a.m.43 views

Netgear RAX43 Command Injection Vulnerability

Netgear RAX43 is a wireless router from Netgear, Inc. A command injection vulnerability exists in Netgear RAX43, which stems from the inclusion of a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. No details of the...

8CVSS2.5AI score0.0853EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/27 12:0 a.m.43 views

Adobe Dimension memory corruption vulnerability

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. A memory corruption vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...

9.3CVSS5.9AI score0.02965EPSS
Exploits0References1
Total number of security vulnerabilities5000