Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/06/14 12:0 a.m.32 views

dynamicMarkt SQL Injection Vulnerability (CNVD-2022-67151)

dynamicMarkt is a software. dynamicMarkt 3.10 and earlier versions are vulnerable to SQL injection, which stems from a missing filter escape for SQL data in the parent parameter of index,php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data...

7.5CVSS4.8AI score0.01181EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/06/13 12:0 a.m.32 views

LibreHealth EHR Cross-Site Scripting Vulnerability (CNVD-2022-62206)

LibreHealth EHR is a clinically-focused electronic health record EHR system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. The navigation.php page lacks filtering and escaping for parameters. An attacker could exploit this vulnerability to...

6.1CVSS2.8AI score0.00852EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.32 views

Barco Control Room Cross-Site Scripting Vulnerability (CNVD-2022-61399)

Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the...

6.1CVSS2AI score0.00525EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.32 views

HUAWEI HarmonyOS Input Validation Error Vulnerability (CNVD-2022-66177)

HUAWEI HarmonyOS is an operating system from China's Huawei HUAWEI. HUAWEI HarmonyOS 2.0 is vulnerable to an input validation error, which can be exploited by attackers to cause elevation of privilege...

7.8CVSS4.4AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.32 views

Owl Labs Meeting Owl Information Disclosure Vulnerability

Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Equipped with a series of cameras and microphones, it captures 360-degree video and audio and automatically focuses on the speaker, making meetings more dynamic and inclusive.Owl Labs Meeting Owl version 5.2.0.15 contains an...

7.4CVSS1.3AI score0.00791EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/01 12:0 a.m.32 views

WordPress VikBooking Hotel Booking Engine

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress VikBooking Hotel Booking Engine...

6.1CVSS0.9AI score0.00757EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/27 12:0 a.m.32 views

Apache Tika Denial of Service Vulnerability (CNVD-2022-73491)

Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office format documents, Pdfbox a pure Java class library for reading and creating PDF...

4.3CVSS3AI score0.02495EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2022/05/20 12:0 a.m.32 views

InHand Networks InRouter302 OS Command Injection Vulnerability (CNVD-2022-59175)

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.37 contains an operating system command injection vulnerability that could be exploited by an attacker to cause remote code execution with the help of a specially crafted...

9.9CVSS5.7AI score0.04774EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.32 views

NVIDIA vGPU Software Memory Misreference Vulnerability

NVIDIA vGPU Software is a management software from NVIDIA Corporation that provides GPU capabilities to virtual machines. The software supports multiple virtual machines accessing the host GPU, providing graphics performance and application compatibility for virtual machines. vGPU Software is...

1.9CVSS2.5AI score0.00218EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/05/18 12:0 a.m.32 views

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2022-54343)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon, which stems from insufficient cleaning of...

6.1CVSS6.2AI score0.00662EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.32 views

HCL Technologies HCL Sametime File Upload Vulnerability

HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6. The vulnerability stems from the fact that the user SID in the application can be modified, which can be exploited to modify the SID to enable arbitrary file...

8.2CVSS2.7AI score0.00683EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.32 views

JetBrains TeamCity Log Information Disclosure Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity versions prior to 2022.04 have a log information disclosure...

4.9CVSS1.9AI score0.00459EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.32 views

Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72853)

Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...

6.5CVSS5.7AI score0.0227EPSS
Exploits0
CNVD
CNVD
added 2022/05/13 12:0 a.m.32 views

Cambium Networks cnMaestro OS Command Injection Vulnerability (CNVD-2022-64237)

Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...

9.3CVSS7.5AI score0.00725EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.32 views

SourceCodester Car Rental Management System Arbitrary File Upload Vulnerability

Sourcecodester Car Rental Management System is a car rental management system from Sourcecodester, Inc. SourceCodester Car Rental Management System version 1.0 is vulnerable to an arbitrary file upload vulnerability, which originates from The vulnerability is caused by a lack of validation of...

7.2CVSS2.8AI score0.01336EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.32 views

AMD System Management Unit Denial of Service Vulnerability (CNVD-2022-63547)

AMD System Management Unit SMU is a system management unit of AMD, Inc. A denial of service vulnerability exists in AMD System Management Unit, which can be exploited by attackers to cause a denial of resources or a denial of service...

5.5CVSS4.6AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.32 views

SAP NetWeaver ABAP Server Cross-Site Scripting Vulnerability

SAP NetWeaver ABAP Server is a Web application server for SAP products from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

5.4CVSS5.7AI score0.00425EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/24 12:0 a.m.32 views

Car Driving School Management System SQL Injection Vulnerability (CNVD-2022-65321)

Car Driving School Management System is a driving school management system. SQL injection vulnerability exists in Car Driving School Managment System, which originates from /cdsms/classes/Master.php?f=delete The vulnerability is caused by the lack of filtering and escaping of SQL data in the id...

9.8CVSS3.4AI score0.01504EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/22 12:0 a.m.32 views

Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64254)

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR has an input validation error vulnerability that can be exploited by an attacker to initiate certain activities...

8.5CVSS7.8AI score0.00136EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/21 12:0 a.m.32 views

Desire2Learn Learning Management System Access Control Error Vulnerability

An access control error vulnerability exists in Desire2Learn Learning Management System, a learning management system from Desire2Learn Canada, due to improper access controls. A remote attacker could disable the "Disable Right Click Control"...

5.8CVSS2.9AI score0.01692EPSS
Exploits1
CNVD
CNVD
added 2022/04/18 12:0 a.m.32 views

ThoughtWorks GoCD path traversal vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A path traversal vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker compromising the GoCD agent to upload malicious files to any directory on the GoCD serve...

7.5CVSS2.5AI score0.02309EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.32 views

E2fsprogs out-of-bounds read/write vulnerability

E2fsprogs is a set of tools for maintaining ext2, ext3 and ext4 file systems. version 1.46.5 of E2fsprogs is vulnerable due to an out-of-bounds read-write issue in the application. An attacker could use this vulnerability to cause a segmentation error and execute arbitrary code via a specially...

7.8CVSS6.2AI score0.01382EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.32 views

Multiple Apple Products Vulnerabilities in Permissions Licensing and Access Control Issues

Apple macOS Big Sur is a mobile app from Apple. Apple macOS Monterey is the 18th major version of MacOS, Apple's desktop operating system for Macintosh. macOS Catalina is Apple's suite of Catalina is Apple's proprietary operating system developed specifically for Mac computers. Several Apple...

5.5CVSS4.2AI score0.00985EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.32 views

Microsoft Azure Site Recovery Information Disclosure Vulnerability (CNVD-2022-56588)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an information disclosure vulnerability, and no details of the vulnerability are available...

4.9CVSS1.5AI score0.02306EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.32 views

Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP, an application used by Microsoft to connect to remote Windows desktops. The vulnerability stems from the failure of a networked system or product to properly filter special elements of code segments...

8.5CVSS4.4AI score0.05294EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/14 12:0 a.m.32 views

MariaDB Denial of Service Vulnerability (CNVD-2022-65008)

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6 and lower, which stems from the inclusion of use-after-free in the component...

7.5CVSS7.9AI score0.02097EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/11 12:0 a.m.32 views

Owncloud ownCloud Access Control Error Vulnerability

Owncloud is a personal cloud storage solution from Owncloud, a U.S. company. versions prior to Owncloud 2.20 contain an access control error vulnerability that could be exploited by attackers to access the application's internal files...

5.5CVSS5.3AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/08 12:0 a.m.32 views

D-Link DIR-878 Command Injection Vulnerability (CNVD-2022-38533)

The D-Link DIR-878 is a wireless router from D-Link, a Taiwan-based company. The D-Link DIR-878 is vulnerable to a command injection vulnerability that could be exploited by an unauthenticated LAN attacker to execute arbitrary system commands to control the system or interrupt services...

8.8CVSS4.6AI score0.01527EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.32 views

Open5GS Denial of Service Vulnerability (CNVD-2022-61342)

Open5Gs is a C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.3.6 and earlier, which stems from a buffer overflow in lib/sbi/message.c. A remote attacker could exploit this vulnerability to deny...

7.5CVSS5.3AI score0.016EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/05 12:0 a.m.32 views

cocoapods-downloader command injection vulnerability

cocoapods-downloader is a small library. It is used to download files from remote controls in folders. cocoapods-downloader versions prior to 1.6.2 have a security vulnerability that stems from the presence of command injection in the hg parameter. An attacker calling the download function could...

9.8CVSS3.5AI score0.01781EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.32 views

Trend Micro Antivirus for Mac Elevation of Privilege Vulnerability (CNVD-2022-55061)

Trend Micro Antivirus for Mac is a Mac-based antivirus software from Trend Micro, Inc. An elevation of privilege vulnerability exists in Trend Micro Antivirus for Mac version 11.5, which could be exploited to create a specially crafted file as a symbol that could lead to elevation of privilege li...

8.5CVSS5.5AI score0.01187EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.32 views

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65624)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...

7.8CVSS5.5AI score0.01911EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/25 12:0 a.m.32 views

WordPress Amelia Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is an application plugin for WordPress. WordPress Amelia Plugin 1.0.46 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the program's failure t...

7.2CVSS1.9AI score0.00519EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.32 views

Sophos UTM log information leakage vulnerability

Sophos UTM is a next-generation firewall. a security vulnerability existed prior to Sophos UTM 9.710, which stems from the fact that Confd log files contain SHA512crypt password hashes for local users including the root user with insecure access rights, which can be exploited by attackers to...

7.8CVSS1.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/17 12:0 a.m.32 views

Jenkins Kubernetes Continuous Deploy Plugin Permissions Licensing and Access Control Issues Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...

6.5CVSS1.3AI score0.00887EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.32 views

Huawei Emui and Magic UI Heap Buffer Overflow Vulnerability

Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI are vulnerable to heap buffer overflow, which can be exploited by attackers to cause a denial of service...

7.8CVSS4.7AI score0.00814EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.32 views

TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-20080)

The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/getregverifycode, which can be exploited by a remote attacker to submit a special request that can crash an application or can be used to execute...

10CVSS9.8AI score0.02413EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.32 views

Ming Out-of-Bounds Read Vulnerability

Ming is a Flash SWF output library written in C language. Ming has a security vulnerability that can be exploited by attackers to obtain sensitive information...

6.5CVSS6.3AI score0.01132EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.32 views

Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CNVD-2022-84602)

Microsoft Windows Common Log File System Driver is a Common Log File System CLFS API from Microsoft that provides a common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An information disclosure vulnerability exists in...

5.5CVSS6.7AI score0.01054EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.32 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59682)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...

7.8CVSS6.3AI score0.0221EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.32 views

Microsoft HEIF Image Extensions Remote Code Execution Vulnerability

Microsoft HEIF Image Extensions is a feature library for Microsoft Windows systems from Microsoft Corporation USA.Microsoft HEIF Image Extensions is vulnerable to remote code execution, which can be exploited by attackers to execute arbitrary code on the system...

7.8CVSS6.3AI score0.02183EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.32 views

WordPress YOP Poll Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress YOP Poll Plugin versions prior to 6.3.5, which stems...

5.4CVSS5.3AI score0.00595EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.32 views

Siemens RUGGEDCOM ROS Heap Buffer Overflow Vulnerability

Siemens RuggedCom ROS is an operating system used in the RuggedCom family of switches from Siemens, Germany. Siemens RUGGEDCOM ROS suffers from a heap buffer overflow vulnerability that can be exploited by attackers to cause a heap overflow...

9.8CVSS3.9AI score0.01005EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.32 views

TerraMasterTOS Command Injection Vulnerability

TerraMaster is a world-renowned professional storage brand. TerraMasterTOS command injection vulnerability can be exploited by attackers to gain server privileges...

9.8CVSS5.3AI score0.31881EPSS
Exploits3References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.32 views

Google Chrome WebShare memory misquoting vulnerability

Google Chrome is a web browser from Google, Inc. Google Chrome WebShare is vulnerable to a memory misreference vulnerability that results from a mix-up in the program's instructions for freeing memory, which could be exploited to execute arbitrary code on the system or cause a denial of service...

8.8CVSS4.3AI score0.00954EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/02 12:0 a.m.32 views

WordPress Crazy Bone plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Crazy Bone plugin 0.6.0 and earlier versions, which stems fr...

6.1CVSS6AI score0.01374EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

Home Owners Collection Management System存在未明漏洞

A security vulnerability exists in the Home Owners Collection Management System, a homeowner collection management system, which can be exploited by attackers to compromise user accounts via a crafted POST request...

9.8CVSS4.9AI score0.01351EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

JetBrains TeamCity Access Control Error Vulnerability (CNVD-2022-18622)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic.JetBrains TeamCity is vulnerable to an access control error that stems from the product's failure to validate data in XML-RPC requests and the identity of the user. An attacker could...

6.5CVSS2.6AI score0.00671EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

HUAWEI EMUI/Magic UI Denial of Service Vulnerability

HUAWEI EMUI is an Android-based mobile operating system developed by Huawei China. HUAWEI EMUI/Magic UI suffers from a denial-of-service vulnerability that can be exploited by attackers to perform DoS attacks and compromise service integrity...

7.5CVSS4.3AI score0.00664EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.32 views

MODX Revolution code issue vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...

7.2CVSS5AI score0.09314EPSS
Exploits4References1
Total number of security vulnerabilities5000