Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2021/11/10 12:0 a.m.98 views

Microsoft 3D Viewer remote code execution vulnerability

A code injection vulnerability exists in Microsoft 3D Viewer, a simplified and fast graphics editing application from Microsoft Corporation USA. The vulnerability stems from the process of constructing code segments from external input data that is not properly filtered by the network system or...

7.8CVSS3.5AI score0.03821EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.97 views

Apache HTTP Server server-side request forgery vulnerability (CNVD-2025-16613)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that stems from loading modproxy without implementing...

7.5CVSS7.2AI score0.00772EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/08 12:0 a.m.97 views

Product Show Room Site Cross-Site Scripting Vulnerability (CNVD-2022-48964)

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to cross-site scripting, which stems from using a special string input text box that leads to cross-site scripting. No details of the vulnerability are...

4.8CVSS3.2AI score0.006EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/09 12:0 a.m.97 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-47671)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to a buffer overflow vulnerability that originates in l2cbleprocesssigcmd in l2cble.cc, which could result in an out-of-bounds read due to a boundary check error The vulnerability can be...

6.5CVSS4.9AI score0.00256EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/09 12:0 a.m.97 views

Google Android Elevation of Privilege Vulnerability (CNVD-2022-47670)

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in checkSlicePermission in SliceManagerService.java, due to an input validation error, it is possible to access any slice URI, and an...

7.8CVSS4AI score0.00204EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.97 views

Out-of-bounds write vulnerability in multiple Adobe products (CNVD-2022-46974)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. An out-of-bounds write vulnerability exists in several Adobe products, which can be exploited by an attacker to execute arbitrary code ...

9.3CVSS7.9AI score0.10331EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/28 12:0 a.m.97 views

SPIP interfaces.php cross-site scripting vulnerability

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP, which stems from a lack of proper validation of client-side data in the interfaces.php component of the WEB application. An attacker could exploit this vulnerability to execute client-side code...

5.4CVSS2.2AI score0.00628EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.96 views

Jenkins Selection Tasks Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability...

5.4CVSS1.8AI score0.00715EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.96 views

Adobe Premiere Elements null pointer dereference vulnerability

Adobe Premiere Elements is a video editing software application from Adobe. Adobe Premiere Elements 2021 build 19.0 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit this vulnerability to cause a memory leak...

5.5CVSS4.3AI score0.01104EPSS
Exploits0References1
CNVD
CNVD
added 2022/12/10 12:0 a.m.95 views

ThinkPHP Command Execution Vulnerability (CNVD-2022-86535)

ThinkPHP is an open source lightweight PHP framework created to simplify enterprise-level application development and agile WEB application development. ThinkPHP there is a command execution vulnerability , the vulnerability is due to the opening of the multi-language function , the parameter lan...

7.7AI score
Exploits0References1
CNVD
CNVD
added 2022/05/24 12:0 a.m.95 views

GoCD Cross-Site Scripting Vulnerability

GoCD is a continuous delivery server. A cross-site scripting vulnerability exists in GoCD versions 19.11.0 through 21.4.0, which could be exploited by attackers to obtain a GoCD user's session cookie and execute malicious code...

5.4CVSS3.7AI score0.00782EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/12 12:0 a.m.95 views

Samsung Security Supporter Access Control Error Vulnerability

Samsung Security Supporter is a Samsung built-in security support from Samsung, Korea.An access control error vulnerability exists in versions prior to Samsung Security Supporter 1.2.40.0, which stems from the presence of faulty access authentication logic. An attacker could exploit this...

4.4CVSS2.2AI score0.00239EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/21 12:0 a.m.95 views

Adobe Prelude memory out-of-bounds access vulnerability

Adobe Prelude is a video recording and capture tool designed for media finishing and metadata entry to quickly tag and transcode video footage and quickly create rough cuts. Adobe Prelude 10.0 and earlier versions are vulnerable to a memory out-of-bounds access vulnerability. An attacker could...

9.3CVSS5.2AI score0.02425EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.94 views

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2025-16612)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to manipulate the...

7.5CVSS6.9AI score0.00679EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/09 12:0 a.m.94 views

Apache HTTP Server Response Splitting Vulnerability (CNVD-2024-36394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a response splitting vulnerability that can be exploited by an attacker to inject arbitrary HTTP...

6.3CVSS6.8AI score0.02874EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/08 12:0 a.m.94 views

Mattermost Playbooks Plugin Elevation of Privilege Vulnerability

Mattermost Plugins is a plugin from Mattermost USA that provides powerful feature extensions and tight integration with both server and web/desktop applications.An elevation of privilege vulnerability exists in Mattermost Playbooks Plugin version 1.25 and earlier, which stems from incorrectly...

8.8CVSS3.6AI score0.0056EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/06 12:0 a.m.94 views

IBM Sterling Partner Engagement Manager访问控制错误漏洞

IBM Sterling Partner Engagement Manager is an automation management tool from IBM, U.S.A. An access control error vulnerability exists in IBM Sterling Partner Engagement Manager version 6.2.0, which stems from the lack of a revocation mechanism for JWT tokens. An attacker could exploit the...

7.5CVSS4.5AI score0.00731EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.94 views

Google Android Resource Management Error Vulnerability in Android (CNVD-2022-47681)

Google Android is a Linux-based open source operating system from Google, Inc. A resource management error vulnerability exists in Google Android, which stems from an out-of-bounds read in bpfskbchangehead in filter.c due to post-release reuse, which could be exploited by an attacker to The...

7.2CVSS3.4AI score0.00163EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/05 12:0 a.m.94 views

Adobe Prelude memory corruption vulnerability

Adobe Prelude is a set of video clip editing tools from Adobe. Adobe Prelude has a memory corruption vulnerability that could be exploited to execute arbitrary code in the context of the current user...

9.3CVSS3.3AI score0.01995EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/11 12:0 a.m.94 views

Apache HTTP Server Code Issue Vulnerability (CNVD-2022-13199)

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API.A code issue vulnerability exists in Apache HTTP Server, which stems from a NULL pointer dereference error in mod sessions. A remote attacker could use this...

7.5CVSS1.9AI score0.65067EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.93 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2025-16608)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a denial of service vulnerability that can be exploited by an attacker to cause a denial of service...

7.5CVSS6.8AI score0.04409EPSS
Exploits1References1
CNVD
CNVD
added 2024/07/05 12:0 a.m.93 views

Apache HTTP Server Server-Side Request Forgery Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTML...

7.5CVSS7.4AI score0.6795EPSS
Exploits1References1
CNVD
CNVD
added 2024/07/05 12:0 a.m.93 views

Apache HTTP Server code issue vulnerability (CNVD-2024-36389)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a code issue vulnerability that can be exploited by an attacker to crash the server via a malicious request...

7.5CVSS7.6AI score0.03153EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/05 12:0 a.m.93 views

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36390)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause insecure...

7.5CVSS7.9AI score0.35447EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/05 12:0 a.m.93 views

Carrier LenelS2 HID Mercury access panels have an unspecified vulnerability

Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, Inc. A security vulnerability exists in Carrier LenelS2 HID Mercury access panels, which stems from a vulnerable application that does not adequately authorize all restricted URLs, scripts or files. A remote attacker...

7.5CVSS1.8AI score0.00895EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/19 12:0 a.m.93 views

Multiple Adobe Products Resource Management Error Vulnerability (CNVD-2022-46971)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. A resource management error vulnerability exists in several Adobe products, which can be exploited by an attacker to execute arbitrary...

9.3CVSS7.8AI score0.03361EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.93 views

Multiple Adobe Products Resource Management Error Vulnerability (CNVD-2022-46975)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. A resource management error vulnerability exists in several Adobe products, which can be exploited by an attacker to execute arbitrary...

9.3CVSS7.8AI score0.1212EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/08 12:0 a.m.93 views

IBM AIX Denial of Service Vulnerability (CNVD-2022-48942)

IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture. IBM AIX denial-of-service vulnerability, which stems from the product AIX pmsvcs kernel extensions do not do the correct processing of incoming error messages, an attacker can use the vulnerability ...

6.2CVSS4.2AI score0.00217EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/04 12:0 a.m.93 views

vsftpd OS Command Injection Vulnerability

vsftpd is an FTP File Transfer Protocol server for Unix-like systems. An operating system command injection vulnerability exists in vsftpd version 2.3.4 downloaded between June 30, 2011 and July 3, 2011, which originates from a backdoor in the software that can be used to open a shell, which can ...

10CVSS7.8AI score0.96184EPSS
Exploits30References1
CNVD
CNVD
added 2022/11/17 12:0 a.m.92 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2023-28093)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from the United States Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which can be exploited by remote authenticated attackers to conduct stored...

4.5AI score0.00446EPSS
Exploits0
CNVD
CNVD
added 2022/08/09 12:0 a.m.92 views

Foxit PDF Reader has an unspecified vulnerability (CNVD-2022-56256)

Foxit PDF Reader is a PDF reader from Foxit China. versions before Foxit PDF Reader 12.0.1 and PDF Editor 12.0.1 have a security vulnerability that stems from the presence of null pointer references in its exportXFAData. No detailed vulnerability details are available at this time...

7.5CVSS3.2AI score0.00927EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/01 12:0 a.m.92 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-54887)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel version 5.18.14 and earlier versions have a security vulnerability that stems from xfrmexpandpolicies in net/xfrm/xfrmpolicy.c that causes refcount to be deleted twice. No detailed...

5.5CVSS2.8AI score0.00309EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/10 12:0 a.m.92 views

Apache HTTP Server HTTP请求走私漏洞

Apache HTTP Server is an open source web server from the American Apache Apache Foundation. The server is fast, reliable, and extensible via a simple API. HTTP request smuggling vulnerability exists in Apache HTTP Server modproxyajp. An attacker could exploit this vulnerability to smuggle request...

7.5CVSS1.2AI score0.19008EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.92 views

ZTE ZXCDN Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in ZTE ZXCDN, a unified network management platform from ZTE Corporation China. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker can exploit the vulnerability to execute JavaScrip...

6.1CVSS1.6AI score0.00525EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/08 12:0 a.m.92 views

IBM AIX Denial of Service Vulnerability (CNVD-2022-48944)

IBM AIX is an open standards-based UNIX operating system developed by IBM for the IBM Power architecture. IBM AIX denial of service vulnerability, which stems from inadequate validation of user-supplied input in the product's nimsh daemon, can be exploited by remote attackers to cause a denial of...

8.6CVSS5.7AI score0.01174EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/09 12:0 a.m.92 views

Linux kernel information disclosure vulnerability (CNVD-2022-68595)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to obtain internal kernel memory information...

4.4CVSS2.4AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/27 12:0 a.m.92 views

Linux kernel resource management error vulnerability (CNVD-2022-68575)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to resource management errors, which can be exploited by attackers to force the reuse of freed memory areas in the Linux kernel via nci request to trigger a denial of service a...

7CVSS4.2AI score0.00357EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/29 12:0 a.m.92 views

Linux kernel post-release reuse vulnerability (CNVD-2021-94903)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A post-release reuse vulnerability exists in selinuxptracetraceme in Linux kernel versions prior to 5.14.8. A local...

7.8CVSS7.2AI score0.00475EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.92 views

Adobe Prelude Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92812)

Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to an out-of-bounds memory buffer access...

9.3CVSS4AI score0.01947EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/11 12:0 a.m.92 views

Apache HTTP Server Buffer Overflow Vulnerability

Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A buffer overflow vulnerability exists in moduwsgi in Apache HTTP Server versions 2.4.32 through 2.4.44. An...

9.8CVSS8.9AI score0.90039EPSS
Exploits2References1
CNVD
CNVD
added 2022/12/20 12:0 a.m.91 views

IBM AIX Denial of Service Vulnerability (CNVD-2023-00806)

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...

6.2CVSS6.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.90 views

Apache HTTP Server Server-Side Request Forgery Vulnerability (CNVD-2025-16609)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

7.5CVSS6.9AI score0.01094EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/06 12:0 a.m.90 views

IBM App Connect Enterprise Certified Container拒绝服务漏洞

IBM App Connect Enterprise is an operating system from IBM Corporation. IBM App Connect Enterprise combines the existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technology to provide a platform that meets the full integration needs of...

6.5CVSS1.4AI score0.00941EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/10 12:0 a.m.89 views

Apache HTTP Server mod_sed denial of service vulnerability

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server modsed suffers from a denial-of-service vulnerability that stems from the fact that modsed may allocate too much memory and trigger an abort when modsed input is too large. An attacker could exploit thi...

5CVSS2.5AI score0.90407EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/09/18 12:0 a.m.89 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server versions 2.4.30 to 2.4.48 contain a denial-of-service vulnerability that stems from a network system or product that does not properly validate incoming data. An attacker could exploit this vulnerabilit...

7.5CVSS1.3AI score0.62887EPSS
Exploits0References1
CNVD
CNVD
added 2016/09/14 12:0 a.m.89 views

Google Chrome Skia Denial of Service Vulnerability (CNVD-2016-07581)

Google Skia is the United States Google Google company's an open source and C + + based graphics library , it can be used in Mozilla Firefox, Google Chrome and other browsers , but also available in the Android open mobile platform . A denial of service vulnerability exists in the SkPath.cpp file...

8.8CVSS8.7AI score0.01088EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/08 12:0 a.m.87 views

phpMyAdmin SQL Injection Vulnerability (CNVD-2023-09611)

phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin, which stems...

9.8CVSS9.6AI score0.01744EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/10 12:0 a.m.87 views

Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2022-89608)

Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. It provides mail access, storage, forwarding, voice mail, mail filtering and other functions. An attacker could exploit this vulnerability to elevate privileges...

9.8CVSS3.2AI score0.77326EPSS
Exploits4References1
CNVD
CNVD
added 2022/08/17 12:0 a.m.86 views

Secheron SEPCOS Control and Protection Relay Information Disclosure Vulnerability

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.The Secheron SEPCOS Control and Protection Relay is vulnerable to an...

6.5CVSS0.6AI score0.00723EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.85 views

KDE KArchive Security Bypass Vulnerability

KDE is a free and open source X desktop management program for Linux and Unix workstations, KDE provides support for various network protocols through the KIO subsystem.KDE KArchive is one of the document managers. A security bypass vulnerability exists in KDE KArchive 5.23.0 and earlier versions...

7.5CVSS7.5AI score0.04429EPSS
Exploits1References1
Total number of security vulnerabilities5000