Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/01/04 12:0 a.m.•31 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03062)

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a buffer overflow vulnerability that stems from an uninitialized pointer being freed in lginit. A remote attacker could exploit this vulnerability to execute arbitrary code...

8.8CVSS7.2AI score0.00542EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/30 12:0 a.m.•31 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03066)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to buffer overflow, a memory corruption type of vulnerability in the software that can be exploited by attackers to execute arbitrary code...

8.8CVSS6.2AI score0.0087EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/27 12:0 a.m.•31 views

School Dormitory Management System SQL Injection Vulnerability

School Dormitory Management System is a school dormitory management system. A SQL injection vulnerability exists in School Dormitory Management System version 1.0, which stems from an unknown function in its Admin Login component that allows an attacker to perform SQL injection...

9.8CVSS9.9AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/23 12:0 a.m.•31 views

OpenImageIO Code Execution Vulnerability (CNVD-2023-01790)

A code execution vulnerability exists in the OpenImageIO IFFOutput::close function, which is an image read/write library that also provides tools and applications. An attacker can use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object when the "xmax"...

8.1CVSS2.9AI score0.01962EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/19 12:0 a.m.•31 views

Google Android Denial of Service Vulnerability (CNVD-2023-07664)

Google Android is a Linux-based open-source operating system from the US company Google. Google Android suffers from a denial-of-service vulnerability, which is caused by a flaw in messaging. By sending a specially crafted request, an attacker can exploit this vulnerability to cause a denial of...

5.5CVSS5.3AI score0.00113EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/16 12:0 a.m.•31 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-15828)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS2.4AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•31 views

Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87982)

SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...

7.5CVSS5.2AI score0.00719EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•31 views

Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-87979)

An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...

7.8CVSS5.8AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•31 views

WordPress Ultimate Member plugin remote code execution vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...

7.2CVSS7.4AI score0.02735EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•31 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-08259)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from insufficient untrusted input validation in CORS. An attacker could exploit this vulnerability to bypass security restrictions...

4.3CVSS4.6AI score0.00551EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•31 views

WordPress Ultimate Member plugin remote code execution vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...

7.2CVSS7.5AI score0.0278EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•31 views

SolarWinds Security Event Manager Cross-Site Scripting Vulnerability

SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. A cross-site scripting vulnerability exists in SolarWinds Security Event Manager versions prior to 2022.4. The vulnerability stems from...

6.1CVSS6AI score0.00511EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•31 views

Apartment Visitor Management System SQL Injection Vulnerability

Apartment Visitor Management System is an Apartment Visitor Management System by Carlo Montero Personal Developer. Apartment Visitor Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validity filtering of special characters in /avms/index.php,...

9.8CVSS9.5AI score0.00752EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•31 views

WordPress Ask Me plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.7CVSS4.7AI score0.00355EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•31 views

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15776)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from an empty input to SparseFillEmptyRowsGrad. The vulnerability can be exploited to cause the program to crash...

7.5CVSS3.1AI score0.0044EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•31 views

PHPGurukul Blood Donor Management System Cross-Site Scripting Vulnerability

The PHPGurukul Blood Donor Management System is a blood donor management system from PHPGurukul, USA. A cross-site scripting vulnerability exists in version 1.0 of the Phpgurukul Blood Donor Management System, which stems from a lack of effective filtering and escaping of user-supplied data at Ad...

4.8CVSS4.8AI score0.00632EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/22 12:0 a.m.•31 views

Google TensorFlow buffer overflow vulnerability (CNVD-2022-80696)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow is vulnerable to a buffer overflow vulnerability that originates when an operation with a specified input size receives a different number of inputs, and the executor will crash. No...

7.5CVSS2.6AI score0.0035EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/14 12:0 a.m.•31 views

Foxit PDF Reader Memory Misquoting Vulnerability (CNVD-2023-07826)

Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader version 12.0.1.12430 is vulnerable to a memory misquoting vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.8CVSS6.3AI score0.0135EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/31 12:0 a.m.•31 views

Wireshark Denial of Service Vulnerability (CNVD-2023-62294)

Wireshark formerly known as Ethereal is a set of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from a denial of service vulnerability that stems from not properly...

7.5CVSS7.1AI score0.008EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/27 12:0 a.m.•31 views

Google Chrome Security Bypass Vulnerability (CNVD-2022-85089)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from insufficient data validation in Extensions. An attacker could use this vulnerability to bypass security restrictions...

4.3CVSS3.3AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/25 12:0 a.m.•31 views

Linux kernel resource management error vulnerability (CNVD-2022-72086)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a security flaw that affects the function l2capconndel in the component Bluetooth's file net/bluetooth/l2capcore.c. The operation leads to free post-use. No detailed...

8.8CVSS2AI score0.01067EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•31 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-87657)

Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server a...

4.9CVSS2.3AI score0.00962EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•31 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-06476)

Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Oracle MySQL Server InnoDB component. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server and cause MySQL...

4.1CVSS2.3AI score0.00426EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•31 views

Microsoft Windows Connected User Experiences and Telemetry Privilege Elevation Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows Connected User Experiences and Telemetry, a set of operating systems for personal devices from Microsoft Corporation USA. An attacker could exploit the vulnerability to cause an elevation of privilege...

5AI score0.00365EPSS
Exploits0
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•31 views

SAP 3D Visual Enterprise Author Buffer Overflow Vulnerability (CNVD-2022-69696)

SAP 3D Visual Enterprise Author is a desktop application from SAP Germany for managing 2D, 3D, animation, video and audio assets. SAP 3D Visual Enterprise Author suffers from a buffer overflow vulnerability that stems from a lack of proper memory management and could be exploited by an attacker t...

5.5CVSS3.5AI score0.00196EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•31 views

Microsoft Windows Win32K Elevation of Privilege Vulnerability

Microsoft Windows Win32k is a system file for Windows multi-user management from Microsoft Corporation USA.Microsoft Windows Win32K has an elevation of privilege vulnerability, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause an...

4.5AI score0.0732EPSS
Exploits0
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•31 views

SAP 3D Visual Enterprise Author .cur Buffer Overflow Vulnerability

SAP 3D Visual Enterprise Author is a desktop application for managing 2D, 3D, animation, video and audio assets from SAP. A buffer overflow vulnerability exists in SAP 3D Visual Enterprise Author version 9, which stems from a lack of proper memory management. An attacker can exploit the...

7.8CVSS7.9AI score0.00521EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•31 views

Microsoft Windows Hyper-V Elevation of Privilege Vulnerability

Microsoft Windows Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization, Microsoft Windows Hyper-V has an elevation of privilege vulnerability that stems from improper privilege assignment in the application and...

3.4AI score0.00564EPSS
Exploits0
CNVD
CNVD
•added 2022/10/11 12:0 a.m.•31 views

Autodesk AutoCAD PDF File Buffer Overflow Vulnerability

Autodesk AutoCAD is a professional set of 3D drawing software from Autodesk, Inc. A buffer overflow vulnerability exists in versions prior to Autodesk AutoCAD 2023.1.1, which stems from an unhandled exception in parsing maliciously crafted PDF files, and can be exploited by attackers to cause a...

7.8CVSS5.7AI score0.00252EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/11 12:0 a.m.•31 views

MediaWiki Cross-Site Scripting Vulnerability

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a cross-site scripting vulnerability that can be exploited by attackers to inject...

5.4CVSS3.8AI score0.00562EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/11 12:0 a.m.•31 views

Huawei HarmonyOS Storage Vectors Out-of-Bounds Read Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. An out-of-bounds read vulnerability exists in Huawei HarmonyOS, which stems from an out-of-bounds array read in the storage dimension module. An attacker could...

7.5CVSS3AI score0.00366EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•31 views

Multiple MediaTek chip cpu dvfs local privilege elevation vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips available worldwide each year. Several MediaTek chi...

6.7CVSS2.5AI score0.00125EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•31 views

IBM Robotic Process Automation Access Control Error Vulnerability (CNVD-2022-68277)

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. An Access Control Error vulnerability exists in IBM Robotic Process Automation...

6.5CVSS6.4AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/30 12:0 a.m.•31 views

Food Ordering Management System SQL Injection Vulnerability

Food Ordering Management System is a food ordering management system from Carlo Montero's personal developer. The Food Ordering Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements by username, and can be exploited by attackers...

4.9AI score0.00577EPSS
Exploits1
CNVD
CNVD
•added 2022/09/30 12:0 a.m.•31 views

NextAuth.js authorization issue vulnerability

NextAuth.js is an authentication for Next.js. NextAuth.js version v3.0.2 is vulnerable to authorization issues, which can be exploited by attackers to perform unauthorized actions...

4.8AI score0.00583EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/09/30 12:0 a.m.•31 views

fwupd information disclosure vulnerability

fwupd is a plugin that supports firmware updates for session software on Linux platforms. fwupd 1.8.5 previously contained an information disclosure vulnerability that stemmed from the fact that when creating an OPERATOR user account on BMC, the redfish plugin saved the automatically generated...

1.2AI score0.00602EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/09/29 12:0 a.m.•31 views

Simple Exam Reviewer Management System Arbitrary File Upload Vulnerability

Simple Exam Reviewer Management System is a simple examiner management system. version 1.0 of Simple Exam Reviewer Management System is vulnerable to arbitrary file uploads, which stem from the lack of valid authentication of uploaded files on the configuration file page. An authenticated attacke...

8.8CVSS3.8AI score0.23189EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•31 views

NETGEAR R7000 Buffer Overflow Vulnerability (CNVD-2022-69163)

The NETGEAR R7000 is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR R7000V1.0.11.13410.2.119 version, which originates from a stack overflow vulnerability due to strncat via the wl binary in the firmware that is susceptible to buffer overflow. An attacker ca...

9.8CVSS9.9AI score0.00982EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•31 views

ZFile arbitrary file upload vulnerability

ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...

9.8CVSS3.2AI score0.0086EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/27 12:0 a.m.•31 views

Vim Resource Management Error Vulnerability (CNVD-2022-68077)

Vim is a cross-platform text editor. A resource management error vulnerability exists in versions prior to Vim 9.0.0579 that stems from reuse after release. No details of the vulnerability are provided at this time...

7.8CVSS6.9AI score0.00496EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/23 12:0 a.m.•31 views

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-66017)

Adobe InDesign, a set of typesetting and editing applications from Adobe, has a buffer overflow vulnerability that originates from out-of-bounds reads and could lead to a memory leak. An attacker could use the vulnerability to execute unauthorized commands and could gain system privileges to...

5.5CVSS5.1AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/21 12:0 a.m.•31 views

Adobe Bridge Buffer Overflow Vulnerability (CNVD-2022-64964)

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a buffer overflow vulnerability that stems from an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...

7.8CVSS4.2AI score0.00493EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/30 12:0 a.m.•31 views

Tenda AC1206 Buffer Overflow Vulnerability (CNVD-2022-78510)

Tenda AC1206 is a wireless through-the-wall king gigabit router from Tenda China. Tenda AC1206 version V15.03.06.23 is vulnerable to a buffer overflow vulnerability caused by incorrect boundary checking of the formSetClientState function. An attacker could exploit this vulnerability to overflow t...

9.8CVSS6.2AI score0.01013EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/23 12:0 a.m.•31 views

WellCMS Cross-site Request Forgery Vulnerability

WellCMS is an open source, billion-load, mobile-leaning, lightweight, super-responsive, high-load CMS that is the best choice for large data volumes and high concurrent access websites. Users - Create User - Add New User does not sufficiently verify that the request is from a trusted user. An...

8.8CVSS0.8AI score0.0035EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/11 12:0 a.m.•31 views

Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56657)

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized Wyse endpoint management, asset tracking, and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...

6.5CVSS2.1AI score0.00701EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/09 12:0 a.m.•31 views

Siemens Teamcenter Command Injection Vulnerability

Teamcenter software is a modern, adaptable product lifecycle management PLM system that connects people and processes across functional silos through digital threads to enable innovation.Siemens Teamcenter is vulnerable to a command injection vulnerability that could be exploited by attackers to...

9.8CVSS5.6AI score0.01091EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/03 12:0 a.m.•31 views

F5 BIG-IP APM null pointer pointer dereference vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A null pointer pointer dereference vulnerability exists in F5 BIG-IP APM, which stems from undisclosed traffic when configuri...

7.5CVSS2.8AI score0.00668EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/03 12:0 a.m.•31 views

F5 BIG-IP HTTP2 profile denial of service vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP2 profile, which stems from the fact that when configuring the...

7.5CVSS2.9AI score0.00668EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/02 12:0 a.m.•31 views

D-Link DSL-3782 Buffer Overflow Vulnerability (CNVD-2022-56666)

The D-Link DSL-3782 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that stems from a stack-based buffer overflow in the getAttrValue method. No detailed vulnerability details are provided at this time...

8.8CVSS9AI score0.01275EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/29 12:0 a.m.•31 views

Adobe Acrobat and Adobe Reader Resource Management Error Vulnerability (CNVD-2022-56129)

Adobe Acrobat and Adobe Reader are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. Adobe Acrobat and Adobe Reader there are resource management error...

5.5CVSS6.6AI score0.03024EPSS
Exploits0References1
Total number of security vulnerabilities5000