Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/05/14 12:0 a.m.•31 views

Exim Backlink Vulnerability

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. Exim suffers from a security vulnerability that exists as a result of the following issue with symbolic links in the Exim log directory. An attacker can exploit the vulnerability to overwri...

7.8CVSS6.6AI score0.0053EPSS
Exploits3References1
CNVD
CNVD
•added 2021/05/12 12:0 a.m.•31 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66101)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the "Container Manager Service" of Microsoft...

7.8CVSS3.6AI score0.01013EPSS
Exploits0References1
CNVD
CNVD
•added 2021/05/12 12:0 a.m.•31 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66100)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the "Container Manager Service" of Microsoft...

7.8CVSS3.6AI score0.00977EPSS
Exploits0References1
CNVD
CNVD
•added 2021/05/07 12:0 a.m.•31 views

OpenEXR DwaCompressor Heap Buffer Overflow Vulnerability

OpenEXR is an image file format for high dynamic range HDR images. a heap buffer overflow vulnerability exists in OpenEXR DwaCompressor. An attacker could exploit this vulnerability to cause a program crash using an application compiled with OpenEXR...

5.5CVSS2.2AI score0.01153EPSS
Exploits0References1
CNVD
CNVD
•added 2021/04/30 12:0 a.m.•31 views

jonfinley Monitorr authorization bypass vulnerability

jonfinley Monitorr is a jonfinley open source application. Used for webfront will display the status of any Web application or service in real time. monitorr version 1.7.6m has an authorization bypass vulnerability, which can be exploited by attackers to create valid credentials...

9.8CVSS4.3AI score0.03318EPSS
Exploits3References1
CNVD
CNVD
•added 2021/04/27 12:0 a.m.•31 views

Vaadin flow path traversal vulnerability

Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A path traversal vulnerability exists in vaadin: flow-server versions 2.0.0 through 2.4.1, which can be exploited by an...

7.5CVSS6.5AI score0.01211EPSS
Exploits0References1
CNVD
CNVD
•added 2021/04/27 12:0 a.m.•31 views

File Upload Vulnerability in FineReport of SailSoft Software Ltd.

FineReport is the leading enterprise-class Web reporting tool. A file upload vulnerability exists in FineReport from SailSoft Software Ltd. that can be exploited by an attacker to upload arbitrary files...

7.1AI score
Exploits0
CNVD
CNVD
•added 2021/04/14 12:0 a.m.•31 views

Microsoft Windows and Windows Server Denial of Service Vulnerability (CNVD-2021-71948)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A denial of service vulnerability exists in the "TCP/IP driver" in Microsoft Windows and Windows Server,...

7.5CVSS4.3AI score0.06112EPSS
Exploits0References1
CNVD
CNVD
•added 2021/04/14 12:0 a.m.•31 views

Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-71409)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in the Network File System in Microsoft Windows and Windows...

8.8CVSS5.4AI score0.0271EPSS
Exploits0References1
CNVD
CNVD
•added 2021/04/14 12:0 a.m.•31 views

Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-58239)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows and Windows Server have a remote code execution vulnerability that can be exploited by...

8.8CVSS5.8AI score0.02536EPSS
Exploits0References1
CNVD
CNVD
•added 2021/02/24 12:0 a.m.•31 views

Apple Xcode has an unspecified vulnerability

Apple Xcode is an integrated development environment provided by Apple for developers to develop applications for Mac OS X and iOS. Apple Xcode 12.4 contains a security vulnerability that could be exploited by attackers to access arbitrary files on the host device...

5.5CVSS4.4AI score0.00642EPSS
Exploits0References1
CNVD
CNVD
•added 2021/01/13 12:0 a.m.•31 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63296)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. The Microsoft Windows/Windows Server TPM device driver is vulnerable to...

5.5CVSS1.2AI score0.03009EPSS
Exploits0References1
CNVD
CNVD
•added 2020/11/13 12:0 a.m.•31 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66110)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server Win32k has an elevation of privilege vulnerability that could be exploit...

7.8CVSS4.3AI score0.0098EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•31 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63317)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that can be exploited by an...

6.5CVSS1.9AI score0.0459EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•31 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63318)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that can be exploited by an...

6.5CVSS1.9AI score0.04477EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•31 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62489)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

9.3CVSS2.9AI score0.53399EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•31 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68747)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. The vulnerability...

7.9CVSS3.2AI score0.02747EPSS
Exploits0References1
CNVD
CNVD
•added 2020/07/17 12:0 a.m.•31 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63329)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...

6.5CVSS0.6AI score0.0642EPSS
Exploits0References1
CNVD
CNVD
•added 2020/05/13 12:0 a.m.•31 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61781)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server,...

7.8CVSS8.6AI score0.00821EPSS
Exploits0References1
CNVD
CNVD
•added 2020/04/17 12:0 a.m.•31 views

Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2021-57173)

The NETGEAR R6700, among others, is a wireless router from NETGEAR. A buffer overflow vulnerability exists in multiple NETGEAR products. The vulnerability originates when a network system or product performs an operation on memory without properly validating data boundaries, resulting in an...

8.8CVSS8.8AI score0.00786EPSS
Exploits0References1
CNVD
CNVD
•added 2019/07/23 12:0 a.m.•31 views

SweetScape 010 Editor Integer Overflow Vulnerability

010 Editor is a professional text editor and hexadecimal editor for quickly and easily editing the contents of any file on your computer. SweetScape 010 Editor 9.0.1 suffers from an integer overflow vulnerability during variable initialization. An attacker can exploit this vulnerability to cause ...

5.5CVSS5.5AI score0.01462EPSS
Exploits1References1
CNVD
CNVD
•added 2019/04/02 12:0 a.m.•31 views

VMware Fusion Virtual Machine Side Remote Code Execution Vulnerability

VMware Fusion is a virtual machine software for the Mac operating system from VMware. A remote code execution vulnerability exists on the virtual machine side of VMware Fusion, which can be exploited by an attacker to execute arbitrary code on all virtual machines with VMware Tools installed via...

8.8CVSS8.6AI score0.03484EPSS
Exploits0References1
CNVD
CNVD
•added 2018/06/28 12:0 a.m.•31 views

Busybox Code Execution Vulnerability

BusyBox is a set of applications containing several linux commands and tools maintained by Ukrainian software developer Denis Vlasenko. A security vulnerability exists in the 'busybox wget' mini-application in Busybox, which stems from the program's failure to validate SSL certificates. An attack...

8.1CVSS6.9AI score0.02462EPSS
Exploits0References1
CNVD
CNVD
•added 2018/03/14 12:0 a.m.•31 views

Microsoft SharePoint Remote Elevation of Privilege Vulnerability (CNVD-2018-07005)

Microsoft Project Server 2013 SP1 and SharePoint Enterprise Server 2016 are both products of Microsoft Corporation.Microsoft Project Server 2013 SP1 is a suite of project management solutions for project portfolio management PPM and Microsoft Project Server 2013 SP1 is a project management soluti...

8.8CVSS7AI score0.04708EPSS
Exploits0References1
CNVD
CNVD
•added 2018/02/12 12:0 a.m.•31 views

CloudMe Buffer Overflow Vulnerability

CloudMe is a file storage service that includes cloud storage, file synchronization, and client browsing software. A buffer overflow vulnerability exists in CloudMe. A remote attacker could exploit this vulnerability to execute arbitrary code...

9.8CVSS7.9AI score0.93597EPSS
Exploits29References1
CNVD
CNVD
•added 2018/01/05 12:0 a.m.•31 views

Microsoft Windows Color Management Module Information Disclosure Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Color Management Module Icm32.dll is one of these color management modules. An information disclosure vulnerability exists in Color Management Module Icm32.dll in Microsoft Windows 7 SP1, Windows Serv...

5.3CVSS6.3AI score0.07226EPSS
Exploits0References1
CNVD
CNVD
•added 2018/01/04 12:0 a.m.•31 views

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is an open source use in the Java EE system UI library . A remote code execution vulnerability exists in version 5.x of Primetek Primefaces. A remote attacker could exploit this vulnerability to execute code...

9.8CVSS8.3AI score0.94104EPSS
Exploits6References1
CNVD
CNVD
•added 2017/11/15 12:0 a.m.•31 views

Foscam C1 Indoor HD Camera DDNS Client Buffer Overflow Vulnerability (CNVD-2017-34263)

Foscam C1 Indoor HD Camera is a wireless high-definition IP camera from Foscam, China.DDNS client is one of the dynamic domain name service clients. A buffer overflow vulnerability exists in the DDNS client in the Foscam C1 Indoor HD Camera. When DDNS is turned on, an attacker can exploit this...

9.3CVSS7.3AI score0.0166EPSS
Exploits2References1
CNVD
CNVD
•added 2017/08/15 12:0 a.m.•31 views

Apache Sling Servlets Post Cross-Site Scripting Vulnerability

Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. A security vulnerability exists in the Javascript method Sling.evalString in Apache Sling Servlets Post versions prior to...

6.1CVSS6AI score0.03657EPSS
Exploits1References1
CNVD
CNVD
•added 2017/05/23 12:0 a.m.•31 views

Cairo denial of service vulnerability

Cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports doing 2D drawings in multiple contexts and provides high-quality display and printouts. A denial of service vulnerability exists in Cairo version 1.15.4. A...

5.5CVSS6.8AI score0.01839EPSS
Exploits0References1
CNVD
CNVD
•added 2017/05/15 12:0 a.m.•31 views

Microsoft Office Remote Code Execution Vulnerability (CNVD-2017-07394)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office due to the program not properly handling objects in memory. A remote attacker could exploit this vulnerability by tricking ...

9.3CVSS7.8AI score0.15757EPSS
Exploits1References1
CNVD
CNVD
•added 2016/12/20 12:0 a.m.•31 views

Bottle CRLF Injection Vulnerability

Bottle is a lightweight Python web framework developed by German software developer Marcel Hellkamp, which provides a file with path mapping, templates, simple database access and other web framework components. A security vulnerability exists in the 'redirect' function in Bottle version 0.12.10 ...

6.5CVSS6.8AI score0.01761EPSS
Exploits0References1
CNVD
CNVD
•added 2016/12/05 12:0 a.m.•31 views

BlueZ buffer overflow vulnerability (CNVD-2016-11954)

BlueZ is an official Bluetooth stack for Linux. A buffer overflow vulnerability exists in the 'commandsdump' function in the original 'tools/parser/csr.c' file in BlueZ version 5.42, which stems from the lack of a buffer boundary check for the The vulnerability stems from a lack of buffer bounds...

5.3CVSS9AI score0.02523EPSS
Exploits1References1
CNVD
CNVD
•added 2016/11/08 12:0 a.m.•31 views

Dracut Local Information Disclosure Vulnerability

Dracut is an initramfs infrastructure that is primarily used to create initramfs images. Dracut suffers from a local information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...

7.8CVSS6AI score0.00309EPSS
Exploits1References1
CNVD
CNVD
•added 2016/10/20 12:0 a.m.•31 views

Unspecified Vulnerability in Oracle Fusion Middleware NetBeans Component

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. NetBeans is one of the components that includes an open source development environment and application...

5.7CVSS5.7AI score0.01038EPSS
Exploits5References1
CNVD
CNVD
•added 2016/04/14 12:0 a.m.•31 views

Microsoft Internet Explorer Information Disclosure Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. An information leakage vulnerability exists in Microsoft IE versions 9 through 11, which arises from the program's failure to proper...

4.3CVSS7.6AI score0.22088EPSS
Exploits0References1
CNVD
CNVD
•added 2016/02/04 12:0 a.m.•31 views

libdwarf Local Buffer Overflow Vulnerability

libdwarf is a set of tools for reading and writing DWARF2 debugging information. A local buffer overflow vulnerability exists in libdwarf. Due to the program failing to perform proper boundary checking on user-submitted input. An attacker could exploit this vulnerability to execute arbitrary code...

9.8CVSS7.7AI score0.02985EPSS
Exploits0References1
CNVD
CNVD
•added 2016/01/16 12:0 a.m.•31 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2016-00258)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. WordPress suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...

6.1CVSS6.2AI score0.02694EPSS
Exploits2References1
CNVD
CNVD
•added 2015/11/13 12:0 a.m.•31 views

Symantec Endpoint Protection Manager-RU6-MP3 Arbitrary Java Code Execution Vulnerability

Symantec Endpoint Protection Manager is a centralized manager for Symantec's enterprise-class antivirus software. An arbitrary Java code execution vulnerability exists in Symantec Endpoint Protection Manager version 12.1 prior to 12.1-RU6-MP3, which allows remote attackers to execute arbitrary Ja...

8.5CVSS8.1AI score0.02743EPSS
Exploits0References1
CNVD
CNVD
•added 2015/05/26 12:0 a.m.•31 views

Lighttpd 'http_auth.c' Security Bypass Vulnerability

Lighttpd is an open source web server. A security bypass vulnerability exists in Lighttpd that allows remote attackers to bypass security restrictions and perform unauthorized operations...

7.5CVSS7AI score0.09978EPSS
Exploits1References1
CNVD
CNVD
•added 2015/02/28 12:0 a.m.•31 views

FastCGI denial of service vulnerability

FastCGI is a protocol that allows interactive programs to communicate with a Web server, the Fast Common Gateway Interface Fast Common Gateway Interface. A denial of service vulnerability exists in FastCGI 2.4.0, which allows remote attackers to cause a denial of service via a large number of...

5CVSS6.8AI score0.06086EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•30 views

Apache Spark Deserialization Vulnerability

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...

8.8CVSS6.3AI score0.05341EPSS
Exploits1References1
CNVD
CNVD
•added 2025/03/25 12:0 a.m.•30 views

Vercel Next.js Privilege Bypass Vulnerability

Next.js is Vercel open source a React framework. Vercel Next.js suffers from a privilege bypass vulnerability that stems from the fact that if authorization checking occurs in middleware, an attacker can use the vulnerability to bypass authorization checking...

9.1CVSS7AI score0.99621EPSS
Exploits58References1
CNVD
CNVD
•added 2024/12/25 12:0 a.m.•30 views

Google Chrome Code Execution Vulnerability (CNVD-2025-00209)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by an out-of-bounds write in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...

8.8CVSS8.1AI score0.00383EPSS
Exploits1References1
CNVD
CNVD
•added 2024/04/17 12:0 a.m.•30 views

Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2024-20434)

Oracle Virtualization and Oracle VM VirtualBox are both products of Oracle Corporation.Oracle Virtualization is a suite of virtualization solutions. The product is used to unify the management of the entire hardware and software system from the application to the disk, can be achieved from the...

3.3CVSS9AI score0.00288EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/12 12:0 a.m.•30 views

Unspecified Vulnerability in Adobe Commerce (CNVD-2024-19007)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security vulnerability exists in Adobe Commerce that can be exploited by an attacker with elevated privileges to potentially abuse the vulnerability t...

8.1CVSS8AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/11 12:0 a.m.•30 views

Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application's failure to properly filter...

9.8CVSS9.5AI score0.01257EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/02 12:0 a.m.•30 views

IBM Cloud Pak for Business Automation Access Control Error Vulnerability (CNVD-2024-16917)

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. An access control error vulnerability exists in IBM Cloud Pak for Business...

6.5CVSS6.6AI score0.00547EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/29 12:0 a.m.•30 views

IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (CNVD-2024-15727)

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 23.0.0.3 through 24.0.0.3, which stems from the...

6.1CVSS6.3AI score0.0037EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/14 12:0 a.m.•30 views

Apache Airflow Trust Management Issues Vulnerability (CNVD-2024-13571)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from a trust management issue vulnerability that stems from...

9.1CVSS6.6AI score0.0062EPSS
Exploits0References1
Total number of security vulnerabilities5000