Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2024/03/14 12:0 a.m.•31 views

SAP NetWeaver File Upload Vulnerability (CNVD-2024-13535)

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A file upload vulnerability exists in SAP NetWeaver, which stems from the application's lack of effective...

9.1CVSS7.9AI score0.01593EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/08 12:0 a.m.•31 views

Customer Support System SQL Injection Vulnerability (CNVD-2024-14031)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...

8.8CVSS8.1AI score0.00761EPSS
Exploits1References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•31 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11122)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...

4.9CVSS6.1AI score0.01038EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•31 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11123)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...

5.5CVSS6.1AI score0.00839EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•31 views

Fortinet FortiSIEM Operating System Command Injection Vulnerability (CNVD-2024-13100)

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. Fortinet FortiSIEM suffers from an operating system command injection...

10CVSS8.1AI score0.03224EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•31 views

Multiple Mozilla Products Spoofing Vulnerabilities

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

4.3CVSS6.5AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•31 views

Microsoft .NET Denial of Service Vulnerability (CNVD-2024-02713)

Microsoft .NET is a software framework dedicated to agile software development, rapid application development, platform-agnosticism, and web transparency. A denial of service vulnerability exists in Microsoft .NET, which can be exploited by attackers to cause a denial of service...

7.5CVSS6.4AI score0.02895EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/09 12:0 a.m.•31 views

Weak Password Vulnerability in Cloud Mirror Network Asset Vulnerability Scanning System of DeepTrust Technology Co.

CloudMirror Network Asset Vulnerability Scanning System is a new generation of vulnerability risk management products independently developed by DeepSense, combining years of practical experience in vulnerability mining and security services, to help users check the vulnerability risks of assets ...

7AI score
Exploits0
CNVD
CNVD
•added 2023/12/07 12:0 a.m.•31 views

Dell DM5500 Operating System Command Injection Vulnerability

The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from an operating system command injection vulnerability that stems from a failure to properly filter construct...

7.2CVSS8.1AI score0.01589EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/30 12:0 a.m.•31 views

Foxit Reader Memory Misreference Vulnerability (CNVD-2023-96091)

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A memory misreference vulnerability exists in Foxit Reader before version 12.1.2.15356, which can be exploited by an attacker to execute arbitrary code on the system...

8.8CVSS8.7AI score0.0182EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•31 views

Siemens OPC UA Modeling Editor (SiOME) XML External Entity Injection Vulnerability

Siemens OPC UA Modeling Editor SiOME is a free tool to create OPC UA information models or map existing companion specifications. An XML external entity injection vulnerability exists in Siemens OPC UA Modeling Editor SiOME, which can be exploited by an attacker to interfere with the application'...

7.5CVSS6.9AI score0.00652EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•31 views

Unsynchronized Access to Shared Data Vulnerability in Multiple Siemens Products in a Multi-Threaded Context

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

8.8CVSS7AI score0.00666EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•31 views

Google Android elevation of privilege vulnerability (CNVD-2023-96074)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

7.8CVSS7.1AI score0.001EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/27 12:0 a.m.•31 views

Command Injection Vulnerability in Cisco IOS XE

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE suffers from a command injection vulnerability that stems from insufficie...

7.2CVSS7.6AI score0.89634EPSS
Exploits11References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•31 views

Microsoft Office Graphics Elevation of Privilege Vulnerability

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. An elevation of privilege vulnerability exists in Microsoft Office Graphics. An attacker can exploit this...

7CVSS7.1AI score0.00417EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•31 views

Microsoft Skype for Business elevation of privilege vulnerability (CNVD-2023-92201)

Microsoft Skype for Business Server is a secure and unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messages, and sharing capabilities. An elevation of privilege vulnerability exists in Microsoft Skype...

5.3CVSS6.6AI score0.90353EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/11 12:0 a.m.•31 views

Open5GS Access Control Error Vulnerability

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. An Access Control Error vulnerability exists in Open5GS version 2.4.10 and earlier, which stems from a lack of authentication, and can be exploited by an attacker to send an HTTP request to a...

7.5CVSS6.4AI score0.00427EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/12 12:0 a.m.•31 views

Google Chrome Media Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome Media, which can be exploited by an attacker to perform arbitrary read/write operations via specially crafted HTML pages...

8.8CVSS6.4AI score0.0055EPSS
Exploits1References1
CNVD
CNVD
•added 2023/09/11 12:0 a.m.•31 views

Linux kernel elevation of privilege vulnerability (CNVD-2023-70082)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS6.4AI score0.00565EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/17 12:0 a.m.•31 views

Google Chrome Extensions Memory Misreference Vulnerability (CNVD-2023-65152)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a mix-up of instructions responsible for freeing memory in Extensions. A remote attacker can exploit this vulnerability...

8.8CVSS6.8AI score0.00645EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•31 views

CrafterCMS is an open source headless CMS for enterprise-level websites and other content-driven digital experiences, especially those that are high-performance, large-scale and ultra-secure. CrafterCMS suffers from a cross-site scripting vulnerability in versions 3.1.0 through 3.1.27 and 4.0.0 through 4.0.2. The vulnerability is due to improper neutralization of inputs during page generation allowing for reflected XSS.No detailed vulnerability details are available at this time.

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.8CVSS6.3AI score0.00327EPSS
Exploits2References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•32 views

Adobe Acrobat Reader Input Validation Error Vulnerability (CNVD-2023-71750)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. An input validation error vulnerability exists in Adobe Acrobat Reader, which can be exploited by an attacker to cause a denial of service in the application...

4.7CVSS6.5AI score0.003EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•31 views

Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...

7.8CVSS8.2AI score0.00803EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•31 views

Huawei HarmonyOS Security Restriction Bypass Vulnerability (CNVD-2023-70288)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security restriction bypass vulnerability that stems from the use of insecure signatures in the osulogin module, which can be...

7.5CVSS6.7AI score0.00211EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/11 12:0 a.m.•31 views

IBM Security Verify Access Input Validation Error Vulnerability (CNVD-2023-68778)

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

6.5CVSS6.6AI score0.00351EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/20 12:0 a.m.•31 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65510)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized MySQL Server hangs or frequent repeated crashes, as well as unauthorized read access to a subset of MySQL Serve...

5.9CVSS5.7AI score0.01152EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/20 12:0 a.m.•31 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65502)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server 8.0.27 and prior versions, which can be exploited by an attacker to cause unauthorized MySQL Server hangs or frequent and repeated crashes full DOS...

4.9CVSS6.3AI score0.00987EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/13 12:0 a.m.•31 views

Microsoft SharePoint Server Security Feature Bypass Vulnerability (CNVD-2023-72194)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

7.5CVSS6.6AI score0.01011EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/13 12:0 a.m.•31 views

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2023-72195)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...

8.8CVSS8.1AI score0.05155EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/13 12:0 a.m.•31 views

Microsoft Excel Information Disclosure Vulnerability (CNVD-2023-80153)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...

5.5CVSS5.9AI score0.0075EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/16 12:0 a.m.•31 views

Apache Struts Denial of Service Vulnerability (CNVD-2023-55422)

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts denial of service...

7.5CVSS6.5AI score0.05467EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/07 12:0 a.m.•31 views

Google Chrome Type Mixing Vulnerability

Google Chrome is a web browser from Google, an American company. A type mixing vulnerability exists in versions of Google Chrome prior to 114.0.5735.110, which can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...

8.8CVSS7.5AI score0.32724EPSS
Exploits2References1
CNVD
CNVD
•added 2023/05/31 12:0 a.m.•31 views

Wireshark Denial of Service Vulnerability (CNVD-2023-62288)

Wireshark formerly known as Ethereal is a set of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from a denial of service vulnerability that stems from not properly...

6.5CVSS7AI score0.01086EPSS
Exploits1References1
CNVD
CNVD
•added 2023/05/29 12:0 a.m.•31 views

Apache JSPWiki cross-site scripting vulnerability (CNVD-2023-43867)

Apache JSPWiki is the United States Apache Apache Foundation of a Java, Servlet and JSP-based open source WikiWiki engine to build . A cross-site scripting vulnerability exists in Apache JSPWiki versions prior to 2.12.0. The vulnerability stems from the application's lack of effective filtering a...

6.1CVSS5.9AI score0.01162EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/18 12:0 a.m.•31 views

Google Chrome DevTools memory misreference vulnerability (CNVD-2023-43874)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 113.0.5672.126, which stems from a confusion in the DevTools instruction responsible for freeing memory. An attacker could use this vulnerability to...

8.8CVSS6.8AI score0.15428EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/12 12:0 a.m.•31 views

Microsoft Excel Code Execution Vulnerability (CNVD-2023-80165)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS7.7AI score0.00705EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/06 12:0 a.m.•31 views

Google Chrome OS Inputs Code Execution Vulnerability

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome OS Inputs, which can be exploited by an attacker to execute arbitrary code or cause a denial of service condition on a system...

8.8CVSS7.9AI score0.00763EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/24 12:0 a.m.•31 views

Linux Kernel RxRPC Competition Condition Issue Vulnerability

Linux Kernel is an open source operating system. A contention condition vulnerability exists in Linux Kernel RxRPC processing, which can be exploited by a local attacker to submit a special request that can kernel contextually execute arbitrary code and elevate privileges...

7CVSS8.5AI score0.00363EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/23 12:0 a.m.•31 views

Linux Kernel af_can.c Denial of Service Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel that stems from a null pointer dereference issue found in the CAN protocol in net/can/afcan.c. mlpriv may not be...

5.5CVSS6.4AI score0.002EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/18 12:0 a.m.•31 views

Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29412)

Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/ballotup.php, which can be...

8.2AI score0.0074EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/04/16 12:0 a.m.•31 views

Adobe InCopy Resource Management Error Vulnerability (CNVD-2023-29805)

Adobe InCopy is a text editing software for authoring by Adobe, Inc. Adobe InCopy suffers from a resource management error vulnerability that stems from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to cause arbitrary code...

7.6AI score0.00365EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2023/04/07 12:0 a.m.•31 views

Google Chrome Browser History Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in Google Chrome Browser History, which can be exploited by an attacker to cause the buffer to overflow and execute arbitrary code on the system, or cause the application to crash...

8.8CVSS7.9AI score0.00975EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/31 12:0 a.m.•31 views

Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2023-23565)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A remote code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

7.8CVSS7.8AI score0.01016EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•31 views

Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-25109)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.9AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•31 views

Adobe Experience Manager URL redirection vulnerability (CNVD-2023-45907)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A URL...

5.4CVSS5.6AI score0.00478EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•31 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-67110)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized MySQL Server hangs or frequent repeated crashes...

6.5CVSS6.2AI score0.00879EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/06 12:0 a.m.•31 views

Mozilla Thunderbird and Firefox Arbitrary Code Execution Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. An arbitrary code execution vulnerability exists in Mozilla Thunderbird versions prior to...

8.8CVSS7.7AI score0.00926EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/28 12:0 a.m.•31 views

Login Bypass Vulnerability in Nacos

Nacos is an open source project, maintained and contributed code by the community. Nacos suffers from a login bypass vulnerability that can be exploited by an attacker to copy successful login packets and log in other users...

7.2AI score
Exploits0
CNVD
CNVD
•added 2023/02/15 12:0 a.m.•31 views

LibTIFF out-of-bounds read vulnerability (CNVD-2023-15759)

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for processing TIFF files. libTIFF suffers from an out-of-bounds read vulnerability that stems from a boundary error in tiffcrop at tools/tiffcrop.c:3400 when...

6.8CVSS3.5AI score0.00421EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•31 views

Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08437)

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

7.5CVSS7.4AI score0.00736EPSS
Exploits0References1
Total number of security vulnerabilities5000