Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/11/21 12:0 a.m.34 views

Tenda AC1200 Command Injection Vulnerability

Tenda AC1200 is a wireless router from Tenda, China.A command injection vulnerability exists in the IPsecLocalNet and IPsecRemoteNet parameters of the Tenda AC1200 setIPsecTunnelList function. An attacker can exploit this vulnerability to perform command injection...

7.8CVSS4AI score0.01377EPSS
Exploits1References1
CNVD
CNVD
added 2022/10/27 12:0 a.m.34 views

Google Chrome Security Bypass Vulnerability (CNVD-2022-85084)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...

8.8CVSS3.3AI score0.01659EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/19 12:0 a.m.34 views

Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91134)

Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and cause it to hang o...

4.9CVSS5AI score0.00962EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/14 12:0 a.m.34 views

Dell GeoDrive DLL Hijacking Vulnerability

Dell GeoDrive is a free application from Dell Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. A DLL hijacking vulnerability exists in Dell GeoDrive versions prior to 2.2.3, which can be exploited by an attacker to execute arbitrary code on a...

7.8CVSS7.8AI score0.00169EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/14 12:0 a.m.34 views

Adobe ColdFusion XML External Entity Injection Vulnerability

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

7.5CVSS2.1AI score0.53028EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/14 12:0 a.m.34 views

Adobe ColdFusion XML External Entity Injection Vulnerability (CNVD-2023-08756)

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

7.5CVSS2.1AI score0.35527EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/13 12:0 a.m.34 views

Microsoft Windows USB Serial Driver Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.Microsoft Windows USB Serial Driver is vulnerable to information disclosure, which stems from insufficient protection of sensitive information on network systems or products, and can be exploited b...

3.4AI score0.00662EPSS
Exploits0
CNVD
CNVD
added 2022/10/13 12:0 a.m.34 views

Microsoft Windows ALPC Elevation of Privilege Vulnerability

Microsoft Windows ALPC is a process-to-process communication tool for high-speed messaging from Microsoft, Inc. An elevation of privilege vulnerability exists in Microsoft Windows ALPC, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause ...

4.5AI score0.00607EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/13 12:0 a.m.34 views

Microsoft DWM Core Library privilege elevation vulnerability

Microsoft DWM Core Library is a core library. An elevation of privilege vulnerability exists in Microsoft Windows DWM Core Library, which stems from the presence of improper privilege assignment in the application and can be exploited by an attacker to cause an elevation of privilege...

4.3AI score0.00456EPSS
Exploits0
CNVD
CNVD
added 2022/10/10 12:0 a.m.34 views

TOTOLINK NR1800X UploadCustomModule Buffer Overflow Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China-based Gion Electronics TOTOLINK, designed to provide fast and easy deployment of NR fixed data services for homes and offices.A buffer overflow vulnerability exists in TOTOLINK NR1800X V9.1.0u.6279B20210910 version, whic...

8.8CVSS3.9AI score0.00865EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.34 views

Tacitine Firewall EN6200 Command Injection Vulnerability

Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...

9.8CVSS10AI score0.01863EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.34 views

WordPress GS Testimonial Slider plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS5.2AI score0.00425EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/23 12:0 a.m.34 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-66020)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager is...

5.4CVSS3.1AI score0.00533EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/08 12:0 a.m.34 views

VM2 Remote Code Execution Vulnerability

VM2 is a sandbox that can run untrusted code with built-in modules for whitelisted nodes. versions of VM2 prior to 3.9.11 have a remote code execution vulnerability that can be exploited by an attacker to bypass sandbox protection in order to gain remote code execution privileges on the host...

10CVSS5.6AI score0.47868EPSS
Exploits2References1
CNVD
CNVD
added 2022/09/07 12:0 a.m.34 views

Huawei HarmonyOS Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. A conditional contention vulnerability exists in Huawei HarmonyOS, which stems from improper handling of concurrent accesses when concurrent code needs to access...

5.9CVSS1.4AI score0.00365EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/06 12:0 a.m.34 views

Online Employee Leave Management System跨站请求伪造漏洞

Online Employee Leave Management System is an employee leave management system that provides an employee and management platform to efficiently manage leave departures and approvals. The vulnerability can be exploited by attackers to disguise user identity and send malicious requests...

8.8CVSS3.1AI score0.00241EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/02 12:0 a.m.35 views

Apache OFBiz Code Injection Vulnerability (CNVD-2023-03918)

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code injection vulnerability exists in Apache OFBiz 18.12.05 and earlier versions, which stems from an error in Birt and can be exploited by attackers to remotely execute code...

9.8CVSS5AI score0.04059EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/19 12:0 a.m.34 views

IBM Sterling B2B Integrator Licensing Issue Vulnerability (CNVD-2022-61908)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates important B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition has an...

6.5CVSS2.8AI score0.00536EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/15 12:0 a.m.34 views

Adobe Acrobat Reader Resource Management Error Vulnerability (CNVD-2022-56977)

Adobe Acrobat Reader is a PDF viewer from Adobe, a U.S. company. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a resource management error that stems from post-release reuse, resulting in a memory leak. No details of the vulnerability are currently...

5.5CVSS2.2AI score0.02404EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/11 12:0 a.m.34 views

Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56660)

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...

8.8CVSS2AI score0.00255EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/04 12:0 a.m.34 views

IBM CICS TX Advanced Access Control Error Vulnerability

IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. An Access Control Error vulnerability exists in IBM CICS TX Advanced version 11.1, which stems from a failure to set a security...

4.3CVSS4.4AI score0.00459EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/03 12:0 a.m.34 views

F5 BIG-IP and BIG-IQ iControl SOAP input validation error vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An input validation error vulnerability exists in F5 BIG-IP and BIG-IQ iControl SOAP, which can be exploited by an...

6.5CVSS2.6AI score0.00658EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/27 12:0 a.m.34 views

LibreOffice encryption problem vulnerability

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...

7.5CVSS2.1AI score0.00804EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.34 views

Oracle MySQL Server PAM Auth Component Input Validation Error Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.28 and earlier versions, which originates in the PAM Auth component of MySQL...

3AI score0.00866EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/07/21 12:0 a.m.34 views

Moodle Input Validation Error Vulnerability (CNVD-2022-54916)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an input validation error vulnerability that stems from insufficient cleanup of SCORM tracking details, which can b...

6.1CVSS2.4AI score0.00879EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.34 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56593)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

4.9CVSS3.7AI score0.0208EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.34 views

Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Input Validation Error Vulnerability (CNVD-2022-84619)

Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain validation and transport layer...

9.8CVSS1AI score0.01019EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.34 views

Tenda M3 formSetAccessCodeInfo function stack overflow vulnerability

Tenda M3 is an access controller from Tenda, China. Tenda M3 V1.0.0.12 is vulnerable to a stack overflow vulnerability, which stems from the formSetAccessCodeInfo function info parameter not checking the length of the input data. An attacker could exploit this vulnerability to cause a denial of...

7.5CVSS4.1AI score0.01055EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.34 views

Tenda M3 formMasterMng function stack overflow vulnerability

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 V1.0.0.12 version has a stack overflow vulnerability, which stems from the formMasterMng function url parameter not checking its length for input data. An attacker could exploit this vulnerability to cause a denial of service...

7.8CVSS5.2AI score0.1335EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.34 views

LDAP Account Manager Injection Vulnerability (CNVD-2022-53544)

LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory.An injection vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from faulty access control and could be exploited by an attacker to pass th...

6.5CVSS3.9AI score0.01201EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.34 views

WordPress Login using WordPress Users plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Login using WordPress Users plugin...

4.8CVSS1.2AI score0.00625EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.34 views

Unspecified vulnerability in Secheron SEPCOS Control and Protection Relay

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A security vulnerability exists in the Secheron SEPCOS Control and...

7.8CVSS2AI score0.01159EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.34 views

Jenkins Image Tag Parameter Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. cross-site scripting vulnerability exists in Jenkins Image Tag Parameter Plug...

3.5CVSS1.6AI score0.00606EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/24 12:0 a.m.34 views

Jenkins Filesystem List Parameter Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins Filesystem List Parameter Plugin version 0.0.7 and earlier versions...

3.5CVSS1.7AI score0.00743EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/20 12:0 a.m.34 views

WUZHI CMS SQL Injection Vulnerability (CNVD-2022-59014)

WUZHI CMS is a PHP and MySQL-based open source content management system CMS from WUZHI. v4.1.0 of WUZHI CMS is vulnerable to SQL injection, which can be exploited to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php. parameter in...

9.8CVSS4AI score0.01011EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.34 views

SourceCodester Bank Management System SQL Injection Vulnerability

Bank Management System is a bank management system. SourceCodester Bank Management System is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

8.8CVSS5.8AI score0.19038EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/16 12:0 a.m.34 views

Adobe Premiere Pro memory corruption vulnerability

Adobe Premiere Pro is a set of non-linear editing video editing software from Adobe. Adobe Premiere Pro version 15.4 and earlier versions contain a security vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS6.2AI score0.01451EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.34 views

Online Car Wash Booking System SQL注入漏洞(CNVD-2022-53349)

Online Car Wash Booking System is an online car wash booking system by Carlo Montero, a personal developer. Online Car Wash Booking System v1.0 is vulnerable to SQL injection, which originates from /ocwbs/admin/vehicles/ managevehicle.php?id=The page lacks validation for external input SQL...

9.8CVSS4.6AI score0.01081EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.34 views

Huawei HarmonyOS Permission Mismanagement Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a mismanagement of privileges in the HwSEServiceAPP. An attacker exploited the...

5.3CVSS5.2AI score0.00473EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/01 12:0 a.m.34 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-06865)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability that stems from a boundary error related to a register allocation issue in WASM for arm64. A remote attacker could exploit this vulnerabilit...

8.8CVSS9.7AI score0.00651EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/26 12:0 a.m.34 views

Open Automation Software OAS Platform访问控制错误漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. An access control error vulnerability exists in Open Automation Software OAS Platform version V16.00.0112, which stems from an external configuration control issue with the OAS...

7.5CVSS2.4AI score0.01208EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/24 12:0 a.m.34 views

Pix-Link MiniRouter 28K.MiniRouter.20190211 Cross-Site Scripting Vulnerability (CNVD-2022-77885)

Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link China.Pix-Link MiniRouter 28K.MiniRouter.20190211 suffers from a cross-site scripting vulnerability, which stems from an unhandled security key parameter. An attacker could exploit the vulnerability to execute JavaScript code ...

3.5CVSS3.6AI score0.00564EPSS
Exploits1
CNVD
CNVD
added 2022/05/23 12:0 a.m.34 views

Oracle E-Business Suite Access Control Error Vulnerability

Oracle Corporation Oracle is the world's largest provider of information management software and services, founded in 1977, headquartered in Redwood shore, California, United States, open to the world oracle certification. Oracle E-Business Suite E-Business Suite is the United States Oracle Oracl...

7.5CVSS2.6AI score0.70589EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.34 views

IBM Sterling Secure Proxy Trust Management Issue Vulnerability

IBM Sterling Secure Proxy is an application proxy used by International Business Machines Corporation IBM to secure the transfer of files in an organization's unprotected zone DMZ.IBM Sterling Secure Proxy version 6.0.3 and IBM Secure External Authentication Server version 6.0.3 contain a trust...

5.3CVSS3.7AI score0.00808EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/18 12:0 a.m.34 views

WordPress BulletProof Securitys plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress BulletProof Securitys plugin versions prior to 6.1 have a cross-site scripting vulnerability that...

4.8CVSS1.1AI score0.00577EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.34 views

Spring Framework Denial of Service Vulnerability (CNVD-2022-68890)

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...

4CVSS3.3AI score0.03126EPSS
Exploits0
CNVD
CNVD
added 2022/05/13 12:0 a.m.34 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2022-49970)

Apache Tomcat is a lightweight Web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat suffers from a denial-of-service vulnerability that stems from a flaw in the configuration of Tomcat open...

7.5CVSS3.2AI score0.73139EPSS
Exploits5References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.34 views

TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53553)

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the devicename parameter in /etting/setDeviceName...

10CVSS3.9AI score0.02492EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.34 views

Microsoft Windows Server Service Information Disclosure Vulnerability

Microsoft Windows is a desktop operating system from Microsoft Corporation USA, and an information disclosure vulnerability exists in Microsoft Windows Server Service. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker could use...

6.5CVSS1.6AI score0.02714EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/11 12:0 a.m.34 views

Unspecified vulnerability in Siemens SICAM P850 and SICAM P855 Devices (CNVD-2022-36397)

The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...

9.8CVSS2.5AI score0.01766EPSS
Exploits0References1
Total number of security vulnerabilities5000