Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/05/18 12:0 a.m.•31 views

Google Chrome DevTools memory misreference vulnerability (CNVD-2023-43874)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 113.0.5672.126, which stems from a confusion in the DevTools instruction responsible for freeing memory. An attacker could use this vulnerability to...

8.8CVSS6.8AI score0.15428EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/12 12:0 a.m.•31 views

Microsoft Excel Code Execution Vulnerability (CNVD-2023-80165)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS7.7AI score0.00705EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/06 12:0 a.m.•31 views

Google Chrome OS Inputs Code Execution Vulnerability

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome OS Inputs, which can be exploited by an attacker to execute arbitrary code or cause a denial of service condition on a system...

8.8CVSS7.9AI score0.00763EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/24 12:0 a.m.•31 views

Linux Kernel RxRPC Competition Condition Issue Vulnerability

Linux Kernel is an open source operating system. A contention condition vulnerability exists in Linux Kernel RxRPC processing, which can be exploited by a local attacker to submit a special request that can kernel contextually execute arbitrary code and elevate privileges...

7CVSS8.5AI score0.00363EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/23 12:0 a.m.•31 views

Linux Kernel af_can.c Denial of Service Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel that stems from a null pointer dereference issue found in the CAN protocol in net/can/afcan.c. mlpriv may not be...

5.5CVSS6.4AI score0.002EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/18 12:0 a.m.•31 views

Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29412)

Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/ballotup.php, which can be...

8.2AI score0.0074EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/04/16 12:0 a.m.•31 views

Adobe InCopy Resource Management Error Vulnerability (CNVD-2023-29805)

Adobe InCopy is a text editing software for authoring by Adobe, Inc. Adobe InCopy suffers from a resource management error vulnerability that stems from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to cause arbitrary code...

7.6AI score0.00365EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2023/04/07 12:0 a.m.•31 views

Google Chrome Browser History Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in Google Chrome Browser History, which can be exploited by an attacker to cause the buffer to overflow and execute arbitrary code on the system, or cause the application to crash...

8.8CVSS7.9AI score0.00975EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/31 12:0 a.m.•31 views

Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2023-23565)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A remote code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

7.8CVSS7.8AI score0.01016EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•31 views

Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-25109)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.9AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•31 views

Adobe Experience Manager URL redirection vulnerability (CNVD-2023-45907)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A URL...

5.4CVSS5.6AI score0.00478EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•31 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-67110)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized MySQL Server hangs or frequent repeated crashes...

6.5CVSS6.2AI score0.00879EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/06 12:0 a.m.•31 views

Mozilla Thunderbird and Firefox Arbitrary Code Execution Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. An arbitrary code execution vulnerability exists in Mozilla Thunderbird versions prior to...

8.8CVSS7.7AI score0.00926EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/28 12:0 a.m.•31 views

Login Bypass Vulnerability in Nacos

Nacos is an open source project, maintained and contributed code by the community. Nacos suffers from a login bypass vulnerability that can be exploited by an attacker to copy successful login packets and log in other users...

7.2AI score
Exploits0
CNVD
CNVD
•added 2023/02/15 12:0 a.m.•31 views

LibTIFF out-of-bounds read vulnerability (CNVD-2023-15759)

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for processing TIFF files. libTIFF suffers from an out-of-bounds read vulnerability that stems from a boundary error in tiffcrop at tools/tiffcrop.c:3400 when...

6.8CVSS3.5AI score0.00421EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•31 views

Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08437)

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

7.5CVSS7.4AI score0.00736EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•31 views

Online Food Ordering System index.php Cross-Site Scripting Vulnerability

Online Food Ordering System is an online food ordering system. A cross-site scripting vulnerability exists in Online Food Ordering System, which is caused by a lack of effective filtering and escaping of user-supplied data in the page parameter of index.php page, which can be exploited by attacke...

6.1CVSS2.4AI score0.00486EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/06 12:0 a.m.•31 views

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76764)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

8.3CVSS6.8AI score0.00884EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•31 views

Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17066)

Siretta QUARTZ-GOLD is an industrial router with multiple features and services.A buffer overflow vulnerability exists in Siretta QUARTZ-GOLD, which can be exploited by attackers to cause arbitrary command execution by sending specially crafted network packets...

9.8CVSS6.9AI score0.01666EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•31 views

F5 BIG-IP APM Virtual Server Open Redirect Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An open redirection vulnerability exists in the F5 BIG-IP APM virtual server, which can be exploited by an unauthenticated...

6.1CVSS3.3AI score0.00348EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•31 views

Microsoft Office Remote Code Execution Vulnerability (CNVD-2023-18287)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office. An attacker could exploit this vulnerability to execute code on the target host...

7.8CVSS7.9AI score0.00915EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•31 views

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2023-18290)

Microsoft Windows is a windowed operating system developed by Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in Microsoft Windows Kernel. An attacker can exploit this vulnerability to elevate privileges...

7.8CVSS7.9AI score0.00826EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•31 views

Siemens Automation License Manager File Name or Path External Control Vulnerability

The Automation License Manager ALM centrally manages license keys for various Siemens software products. Software products that require a license key automatically report this requirement to ALM. When ALM finds a valid license key for the software, the software can be used according to the end-us...

8.2CVSS8.5AI score0.00965EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•31 views

Siemens JT Open, JT Utilities and Solid Edge Memory Corruption Vulnerability

JT Open Toolkit is an application programming interface API for software developers who support JT, a publicly released data format developed by Siemens Digital Industry Software and widely used for communication, visualization, digital modeling and various other purposes.Solid Edge is a portfoli...

7.8CVSS1.3AI score0.00279EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•31 views

Siemens SINEC INS Path Traversal Vulnerability (CNVD-2023-02707)

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in a single tool. This simplifies the installation and management of all network services related to industrial networks.A path traversal vulnerability exists in Siemens SINEC INS, which...

8.8CVSS5.8AI score0.01174EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•31 views

Wireshark has an unspecified vulnerability (CNVD-2023-04534)

Wireshark formerly known as Ethereal is a network packet analysis software from the Wireshark team. The software's function is to intercept network packets and display detailed data for analysis.Wireshark has a security vulnerability that stems from an infinite loop in the BPv6, OpenFlow, and Kaf...

6.5CVSS4.2AI score0.00675EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•31 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04325)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.01099EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/06 12:0 a.m.•31 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03061)

Mozilla Firefox is an open source web browser from the Mozilla Foundation, U.S. A buffer overflow vulnerability exists in Mozilla Firefox, which can be exploited by unauthenticated attackers to execute arbitrary code...

8.8CVSS6.2AI score0.00995EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•31 views

Mozilla Firefox code issue vulnerability (CNVD-2023-05207)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A code issue vulnerability exists in Mozilla Firefox, which stems from an error in the product's handling of JavaScript dialog boxes. A remote attacker could exploit the vulnerability to perform a spoofing attack...

2.2AI score0.0037EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•31 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03062)

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a buffer overflow vulnerability that stems from an uninitialized pointer being freed in lginit. A remote attacker could exploit this vulnerability to execute arbitrary code...

8.8CVSS7.2AI score0.00542EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/30 12:0 a.m.•31 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03066)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to buffer overflow, a memory corruption type of vulnerability in the software that can be exploited by attackers to execute arbitrary code...

8.8CVSS6.2AI score0.0087EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/27 12:0 a.m.•31 views

School Dormitory Management System SQL Injection Vulnerability

School Dormitory Management System is a school dormitory management system. A SQL injection vulnerability exists in School Dormitory Management System version 1.0, which stems from an unknown function in its Admin Login component that allows an attacker to perform SQL injection...

9.8CVSS9.9AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/23 12:0 a.m.•31 views

OpenImageIO Code Execution Vulnerability (CNVD-2023-01790)

A code execution vulnerability exists in the OpenImageIO IFFOutput::close function, which is an image read/write library that also provides tools and applications. An attacker can use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object when the "xmax"...

8.1CVSS2.9AI score0.01962EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/19 12:0 a.m.•31 views

Google Android Denial of Service Vulnerability (CNVD-2023-07664)

Google Android is a Linux-based open-source operating system from the US company Google. Google Android suffers from a denial-of-service vulnerability, which is caused by a flaw in messaging. By sending a specially crafted request, an attacker can exploit this vulnerability to cause a denial of...

5.5CVSS5.3AI score0.00113EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/16 12:0 a.m.•31 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-15828)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS2.4AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•31 views

Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87982)

SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...

7.5CVSS5.2AI score0.00719EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•31 views

Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-87979)

An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...

7.8CVSS5.8AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/07 12:0 a.m.•31 views

IBM WebSphere MQ Denial of Service Vulnerability (CNVD-2022-87643)

IBM WebSphere MQ is a system from International Business Machines IBM, Inc. A denial-of-service vulnerability exists in IBM WebSphere MQ version 7.1. A remote attacker could use this vulnerability to bypass security configuration settings and cause a denial of service...

7.5CVSS5.3AI score0.01693EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•31 views

WordPress Ultimate Member plugin remote code execution vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...

7.2CVSS7.4AI score0.02735EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•31 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-08259)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from insufficient untrusted input validation in CORS. An attacker could exploit this vulnerability to bypass security restrictions...

4.3CVSS4.6AI score0.00551EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•31 views

WordPress Ultimate Member plugin remote code execution vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...

7.2CVSS7.5AI score0.0278EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•31 views

SolarWinds Security Event Manager Cross-Site Scripting Vulnerability

SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. A cross-site scripting vulnerability exists in SolarWinds Security Event Manager versions prior to 2022.4. The vulnerability stems from...

6.1CVSS6AI score0.00511EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•31 views

NETGEAR R7000P openvpn_push1 buffer overflow vulnerability

NETGEAR R7000P is a wireless router from NETGEAR, Inc. A buffer overflow vulnerability exists in NETGEAR R7000P firmware version V1.3.1.64, which stems from a lack of length validation of data input to the openvpnpush1 parameter, which could be exploited by an attacker to cause a denial of servic...

9.8CVSS7AI score0.00967EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•31 views

WordPress Ask Me plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.7CVSS4.7AI score0.00355EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•31 views

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15776)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from an empty input to SparseFillEmptyRowsGrad. The vulnerability can be exploited to cause the program to crash...

7.5CVSS3.1AI score0.0044EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•31 views

PHPGurukul Blood Donor Management System Cross-Site Scripting Vulnerability

The PHPGurukul Blood Donor Management System is a blood donor management system from PHPGurukul, USA. A cross-site scripting vulnerability exists in version 1.0 of the Phpgurukul Blood Donor Management System, which stems from a lack of effective filtering and escaping of user-supplied data at Ad...

4.8CVSS4.8AI score0.00632EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/22 12:0 a.m.•31 views

Google TensorFlow buffer overflow vulnerability (CNVD-2022-80696)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow is vulnerable to a buffer overflow vulnerability that originates when an operation with a specified input size receives a different number of inputs, and the executor will crash. No...

7.5CVSS2.6AI score0.0035EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/14 12:0 a.m.•31 views

Foxit PDF Reader Memory Misquoting Vulnerability (CNVD-2023-07826)

Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader version 12.0.1.12430 is vulnerable to a memory misquoting vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.8CVSS6.3AI score0.0135EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/31 12:0 a.m.•31 views

Wireshark Denial of Service Vulnerability (CNVD-2023-62294)

Wireshark formerly known as Ethereal is a set of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from a denial of service vulnerability that stems from not properly...

7.5CVSS7.1AI score0.008EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/27 12:0 a.m.•31 views

Google Chrome Security Bypass Vulnerability (CNVD-2022-85089)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from insufficient data validation in Extensions. An attacker could use this vulnerability to bypass security restrictions...

4.3CVSS3.3AI score0.00421EPSS
Exploits0References1
Total number of security vulnerabilities5000