Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/06/09 12:0 a.m.31 views

Nginx NJS Denial of Service Vulnerability (CNVD-2022-66505)

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx Inc. njs is one of the scripting language components that supports extended NGINX functionality . A denial of service vulnerability exists in Nginx NJS version v0.7.2, which originates from a...

5.5CVSS5.4AI score0.0028EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.31 views

School Dormitory Management System Cross-Site Scripting Vulnerability

School Dormitory Management System is a school dormitory management system. v1.0 of School Dormitory Management System has a cross-site scripting vulnerability that originates from admin/inc/navigation.php:125 page that lacks a filter for user The vulnerability is caused by a lack of checksum...

4.3CVSS1.9AI score0.03345EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/06/09 12:0 a.m.31 views

Online Fire Reporting System SQL Injection Vulnerability (CNVD-2022-55739)

Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/admin/?page=requests/ managerequest&id=Lack of validation of external input SQL...

7.2CVSS4.8AI score0.02624EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.31 views

Car Rental Management System SQL Injection Vulnerability (CNVD-2022-61085)

Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...

7.2CVSS4.1AI score0.00946EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.31 views

Owl Labs Meeting Owl Trust Management Issue Vulnerability

Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to a trust management issue, which could be exploited by an attacker to activate network sharing mode using hard-coded hoothoot credentials via a certain c 150 value...

7.4CVSS4.2AI score0.03408EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/06 12:0 a.m.31 views

XXL-JOB Cross-Site Scripting Vulnerability (CNVD-2022-66673)

XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...

3.5CVSS2.9AI score0.00496EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/06/06 12:0 a.m.31 views

TOTOLINK EX1200T Command Injection Vulnerability (CNVD-2022-53572)

TOTOLINK EX1200T is a Wi-Fi range extender from China-based TOTOLINK, and a command injection vulnerability exists in TOTOLINK EX1200T. deviceName to conduct attacks...

9.8CVSS2.6AI score0.02494EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/01 12:0 a.m.31 views

WordPress VikBooking Hotel Booking Engine

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress VikBooking Hotel Booking Engine...

6.1CVSS0.9AI score0.00757EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/31 12:0 a.m.31 views

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability

Microsoft Support Diagnostic Tool MSDT, Microsoft Support Diagnostic Tool is a utility program used to troubleshoot and collect diagnostic data for professionals to analyze and solve problems.Microsoft Office is a popular office software developed by Microsoft Corporation. Microsoft Support...

9.3CVSS8.3AI score0.99374EPSS
Exploits62References1
CNVD
CNVD
added 2022/05/27 12:0 a.m.31 views

Apache Tika Denial of Service Vulnerability (CNVD-2022-73491)

Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office format documents, Pdfbox a pure Java class library for reading and creating PDF...

4.3CVSS3AI score0.02495EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2022/05/24 12:0 a.m.31 views

ChatBot Application with a Suggestion Feature SQL注入漏洞

ChatBot Application with a Suggestion Feature is a ChatBot application with a suggestion feature. chatBot Application with a Suggestion Feature version 1.0 is vulnerable to a SQL injection vulnerability that originates in /simple chatbot/admin/responses/viewresponse.php with an id parameter that...

7.5CVSS2.9AI score0.01678EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/20 12:0 a.m.31 views

TotoLink A3100R Command Injection Vulnerability (CNVD-2022-54652)

TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 are vulnerable to command injection, which originates from uci cloudupdateconfig function in the magicid parameter fails to properly filter the...

9.3CVSS6.2AI score0.01773EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.31 views

AMD System Management Unit Denial of Service Vulnerability (CNVD-2022-63547)

AMD System Management Unit SMU is a system management unit of AMD, Inc. A denial of service vulnerability exists in AMD System Management Unit, which can be exploited by attackers to cause a denial of resources or a denial of service...

5.5CVSS4.6AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.31 views

Cambium Networks cnMaestro OS Command Injection Vulnerability (CNVD-2022-64237)

Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...

9.3CVSS7.5AI score0.00725EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.31 views

Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72858)

Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...

6.8CVSS5.7AI score0.0223EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/05/12 12:0 a.m.31 views

Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2022-60132)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which arises from a failure of a networked system or product to properly filter specific elements of externally entered data during the...

8.8CVSS8.8AI score0.41717EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/10 12:0 a.m.31 views

JetBrains Ktor Native Security Feature Issue Vulnerability

JetBrains Ktor Native is an asynchronous framework for creating microservices, web applications, etc. JetBrains Ktor Native versions prior to 2.0.0 are vulnerable to a security feature that stems from the fact that random values used for random number generation are not implemented using...

4CVSS1.9AI score0.00596EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.31 views

F5 BIG-IP APM log information disclosure vulnerability

F5 BIG-IP APM and F5 BIG-IP APM Clients are both products of F5, Inc. F5 BIG-IP APM Clients is a suite of APM client software. F5 BIG-IP APM is vulnerable to log information disclosure, which can be exploited by attackers to view sensitive information related to APM sessions...

5.5CVSS3AI score0.00224EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.31 views

Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service and Information Disclosure Vulnerability

Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of Cisco, a U.S. company. Cisco TelePresence Collaboration Endpoint Software is a set of collaboration endpoint software. cisco TelePresence Collaboration Endpoint and RoomOS Software has a denial of...

8.1CVSS2.4AI score0.00962EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.31 views

JetBrains PyCharm has an unspecified vulnerability

JetBrains PyCharm is an integrated development environment IDE for the Python language from Czech company Jetbrains. security vulnerability exists in versions prior to JetBrains PyCharm 2022.1, which stems from exposing the debugger port to the internal network, no details of the vulnerability ar...

3.5CVSS3.1AI score0.00382EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/24 12:0 a.m.32 views

Podman lifting vulnerability

Podman is an engine for developing, managing, and running OCI containers on Linux systems. Podman suffers from a privilege elevation vulnerability, which stems from improperly managed runtime permissions and can be exploited by attackers to elevate the privileges of the system...

6.8CVSS5.4AI score0.04238EPSS
Exploits2
CNVD
CNVD
added 2022/04/24 12:0 a.m.31 views

Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35527)

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in the find= parameter of...

9.8CVSS3.7AI score0.01233EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/19 12:0 a.m.31 views

WordPress plugin Autolinks cross-site request forgery vulnerability

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin Autolinks has a cross-site request forgery vulnerability, which can be exploited by remote attackers to perform...

5.4CVSS1.2AI score0.00304EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.31 views

Amazon AWS VPN Client has an unspecified vulnerability

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client for Windows version 2.0.0, which stems from the disclosure of a user's Net-NTLMv2 hash when importing VPN configuration files. information, an attacke...

7CVSS1.8AI score0.00518EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Microsoft Windows Telephony Serve Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Telephony Server. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An...

7.8CVSS8.2AI score0.00848EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

RiteCMS path traversal vulnerability

RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...

8.5CVSS4.2AI score0.20963EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Unspecified vulnerability in iot-device-sdk-embedded-c

iot-device-sdk-embedded-c is an application plugin. The Google Cloud IoT Device SDK for embedded C is an easily portable open source C library that connects low-end IoT devices to Google Cloud IoT Core. iot-device-sdk-embedded-c suffers from a security vulnerability that stems from the...

7.8CVSS3.6AI score0.00217EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Microsoft Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft Windows Hyper-V Shared Virtual Hard Disks, a tool from Microsoft Corporation that provides hardware virtualization. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker...

6.8CVSS1.1AI score0.02541EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Microsoft Windows iSCSI Target Service Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows iSCSI Target Service. The vulnerability arises from a configuration or other error in the operation of a networked...

6.5CVSS7.3AI score0.02334EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2022-62516)

Microsoft Windows Win32k is a system file for Windows multi-user management from Microsoft Corporation USA. Microsoft Windows Win32k has an elevation of privilege vulnerability that could be exploited by attackers to execute arbitrary code with elevated privileges...

8.5CVSS7.5AI score0.09415EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.31 views

Jenkins promoted builds Plugin cross-site scripting vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in the Jenkins promoted builds Plugin, which stems from the application not...

5.4CVSS1.8AI score0.00782EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.31 views

KevinLAB Building Energy Management System跨站请求伪造漏洞

KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea.A cross-site request forgery vulnerability exists in KevinLAB Building Energy Management System version 4ST BEMS 1.0.0 and is currently No detailed vulnerability details are available...

6.5CVSS3.6AI score0.01415EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.31 views

Huawei HarmonyOS Business Logic Error Vulnerability (CNVD-2022-53579)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A business logic error vulnerability exists in the Huawei HarmonyOS communication module. The vulnerability stems from a business logic error in the...

7.5CVSS7.4AI score0.0079EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.31 views

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57816)

ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program is not properly filtered and can be exploited by remote attackers to execute HTML or JavaScript code with t...

6.1CVSS3.2AI score0.00874EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.31 views

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65621)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute code in the context of the current process...

7.8CVSS4.5AI score0.01911EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/30 12:0 a.m.31 views

KONGA elevation of privilege vulnerability

KONGA is a full-featured open source, multi-user GUI from Dutch individual developer Panagis Tselentis. version 0.14.9 of KONGA contains an elevation of privilege vulnerability that could be exploited by attackers to gain full administrative access...

6.2AI score
Exploits2References1
CNVD
CNVD
added 2022/03/25 12:0 a.m.31 views

WordPress Amelia Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is an application plugin for WordPress. WordPress Amelia Plugin 1.0.46 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the program's failure t...

7.2CVSS1.9AI score0.00519EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/18 12:0 a.m.31 views

Rapid7 Nexpose has an unspecified vulnerability (CNVD-2022-21218)

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can use the scan results to deeply probe the network. The software supports scanning configuration environments for errors, vulnerabilities, malware, etc. Rapid7 Nexpose 6.6.129 and previous versions have a securi...

6.1CVSS3.1AI score0.0041EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.31 views

Huawei Emui and Magic UI Denial of Service Vulnerability (CNVD-2022-20298)

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. a denial of service vulnerability exists in Huawei Emui and Magic UI, which stems from copying the input buffer in the video framework without checking its size. An attacker...

7.8CVSS2.9AI score0.00725EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.31 views

Mattermost Server Buffer Overflow Vulnerability (CNVD-2022-65355)

Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost Server versions 6.3.2 and below, which stems from the fact that Mattermost Server's document extractor does not properly validate data boundaries when performing...

6.5CVSS2.6AI score0.00888EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.31 views

Huawei Emui and Magic UI Nearby module licensing issue vulnerability

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Nearby modules are vulnerable to authorization issues that could be exploited by attackers to compromise availability and integrity...

9.1CVSS3.2AI score0.00695EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.31 views

TP-Link Omada Controller Software Licensing Issue Vulnerability

TP-Link Omada Controller Software is a set of software from Tp-link that supports the management of wireless access points.TP-Link Omada Controller Software versions prior to 5.0.15 are vulnerable to authorization issues, which stem from a lack of authentication measures or insufficient...

7.5CVSS4AI score0.01764EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.31 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59681)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...

7.8CVSS6.3AI score0.02158EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.31 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2022-20139)

Microsoft Office is an office software suite of products from Microsoft Corporation USA. Microsoft Office Visio is vulnerable to remote code execution. The vulnerability is due to a boundary error in the processing of EMRCOMMENTEMFPLUS records in EMF images. A remote attacker could exploit this...

7.8CVSS4.2AI score0.02847EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.31 views

Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CNVD-2022-84602)

Microsoft Windows Common Log File System Driver is a Common Log File System CLFS API from Microsoft that provides a common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An information disclosure vulnerability exists in...

5.5CVSS6.7AI score0.01054EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.31 views

Google Chrome Autofill Security Bypass Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome has a security vulnerability that can be exploited by attackers to bypass security restrictions...

6.5CVSS7.3AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.31 views

Microsoft Defender permission permission and access control issues vulnerability

Microsoft Defender is a threat protection software from Microsoft Corporation USA. Microsoft Defender for IoT is vulnerable to privilege permission and access control issues. No details of the vulnerability are currently available...

7.8CVSS3.1AI score0.01043EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.31 views

Google Chrome ANGLE buffer overflow vulnerability

Google Chrome is a web browser from Google, Inc. Google Chrome ANGLE is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.8CVSS6.4AI score0.01153EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.31 views

Simple Bakery Shop Management SQL Injection Vulnerability

Simple Bakery Shop Management is a bakery management system. simple Bakery Shop Management is vulnerable to SQL injection and no detailed vulnerability details are available at this time...

7.5CVSS2.1AI score0.01195EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.31 views

Qt path traversal vulnerability

Qt is a cross-platform C application development framework from the Norwegian company Qt. It is widely used for developing GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers.Qt versions prior to...

7.5CVSS2.9AI score0.0193EPSS
Exploits0References1
Total number of security vulnerabilities5000