Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2015/02/26 12:0 a.m.•31 views

Persistent Systems Radia Client Automation Code Injection Vulnerability

Persistent Systems Radia Client Automation RCA is a solution based on enterprise client design. The solution allows users to automate the management of physical or virtual clients. A security vulnerability exists in the radexecd.exe file of Persistent Systems RCA. A remote attacker can exploit th...

10CVSS7.4AI score0.75116EPSS
Exploits16References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•30 views

Apache Spark Deserialization Vulnerability

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...

8.8CVSS6.3AI score0.05341EPSS
Exploits1References1
CNVD
CNVD
•added 2025/03/25 12:0 a.m.•30 views

Vercel Next.js Privilege Bypass Vulnerability

Next.js is Vercel open source a React framework. Vercel Next.js suffers from a privilege bypass vulnerability that stems from the fact that if authorization checking occurs in middleware, an attacker can use the vulnerability to bypass authorization checking...

9.1CVSS7AI score0.99621EPSS
Exploits58References1
CNVD
CNVD
•added 2024/12/25 12:0 a.m.•30 views

Google Chrome Code Execution Vulnerability (CNVD-2025-00209)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by an out-of-bounds write in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...

8.8CVSS8.1AI score0.00383EPSS
Exploits1References1
CNVD
CNVD
•added 2024/04/17 12:0 a.m.•30 views

Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2024-20434)

Oracle Virtualization and Oracle VM VirtualBox are both products of Oracle Corporation.Oracle Virtualization is a suite of virtualization solutions. The product is used to unify the management of the entire hardware and software system from the application to the disk, can be achieved from the...

3.3CVSS9AI score0.00288EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/12 12:0 a.m.•30 views

Unspecified Vulnerability in Adobe Commerce (CNVD-2024-19007)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security vulnerability exists in Adobe Commerce that can be exploited by an attacker with elevated privileges to potentially abuse the vulnerability t...

8.1CVSS8AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/11 12:0 a.m.•30 views

Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application's failure to properly filter...

9.8CVSS9.5AI score0.01257EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/02 12:0 a.m.•30 views

IBM Cloud Pak for Business Automation Access Control Error Vulnerability (CNVD-2024-16917)

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. An access control error vulnerability exists in IBM Cloud Pak for Business...

6.5CVSS6.6AI score0.00547EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/29 12:0 a.m.•30 views

IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (CNVD-2024-15727)

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 23.0.0.3 through 24.0.0.3, which stems from the...

6.1CVSS6.3AI score0.0037EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/14 12:0 a.m.•30 views

Apache Airflow Trust Management Issues Vulnerability (CNVD-2024-13571)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from a trust management issue vulnerability that stems from...

9.1CVSS6.6AI score0.0062EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/13 12:0 a.m.•30 views

Siemens SINEMA Remote Connect Server Access Control Error Vulnerability (CNVD-2024-13805)

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An Access Control Error vulnerability exists in Siemens SINEMA Remote Connect Server versions prior t...

9.8CVSS7.3AI score0.00833EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/08 12:0 a.m.•30 views

Customer Support System SQL Injection Vulnerability (CNVD-2024-14031)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...

8.8CVSS8.1AI score0.00761EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•30 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2024-07816)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to gain elevated privileges on the system...

9.6CVSS6.8AI score0.01234EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•30 views

Google Chrome Security Bypass Vulnerability (CNVD-2024-10262)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome version 121.0.6167.85 and earlier versions, which stems from an insufficient policy enforcement issue in the DevTools module. An attacker can exploit this vulnerability to bypa...

4.3CVSS6.8AI score0.0035EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•30 views

Denial of Service Vulnerability in Multiple Mozilla Products

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A denia...

6.5CVSS6.8AI score0.02155EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/24 12:0 a.m.•30 views

Tenda A15 deviceList Parameter Buffer Overflow Vulnerability

Tenda A15 is a WiFi extender from Tenda China. A buffer overflow vulnerability exists in Tenda A15 version 15.13.07.13, which originates from the deviceList parameter of the /goform/setBlackRule file failing to correctly validate the length of the input data, and can be exploited by a remote...

8.3CVSS8.6AI score0.01679EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•30 views

Microsoft Message Queuing Denial of Service Vulnerability (CNVD-2024-04948)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A denial of service vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to cause a denial of service on a system...

7.5CVSS6.4AI score0.02759EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•30 views

Microsoft Win32k Elevation of Privilege Vulnerability (CNVD-2024-11165)

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32k. An attacker could exploit this vulnerability to gain elevated privileges on the system...

7.8CVSS7.2AI score0.00671EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/11 12:0 a.m.•30 views

GetSimple CMS Cross-Site Scripting Vulnerability

GetSimple CMS is a content management system CMS written in PHP. A cross-site scripting vulnerability exists in GetSimple CMS version 3.3.16, which stems from the lack of effective filtering and escaping of user-supplied data when adding articles to the /admin/edit.php page, and can be exploited ...

5.4CVSS6.4AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/18 12:0 a.m.•30 views

IBM i License Issues Vulnerabilities

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. An authorization issue vulnerability exists in IBM i Access Client Solutions that stems from improper privilege checking and can be exploited by an attacker to execute...

8.8CVSS7AI score0.0099EPSS
Exploits1References1
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•30 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10148200)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS7.2AI score0.00597EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/13 12:0 a.m.•30 views

LibreOffice License Issues Vulnerabilities

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. LibreOffice suffers from an authorization issue vulnerability that stems from insufficient validation...

8.8CVSS6.8AI score0.00772EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/30 12:0 a.m.•30 views

Foxit Reader Memory Misreference Vulnerability (CNVD-2023-96092)

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A memory misreference vulnerability exists in Foxit Reader before version 12.1.2.15356, which can be exploited by an attacker to execute arbitrary code on the system...

8.8CVSS8.7AI score0.01907EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/30 12:0 a.m.•30 views

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-9665948)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. ...

5.4CVSS6AI score0.01004EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•30 views

Unchecked Return Value Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

5.9CVSS6.7AI score0.00879EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•30 views

Google Android elevation of privilege vulnerability (CNVD-2023-96074)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

7.8CVSS7.1AI score0.001EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/17 12:0 a.m.•30 views

IBM Security Verify Access Resource Management Error Vulnerability

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

7.5CVSS6.7AI score0.00772EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/17 12:0 a.m.•30 views

Cisco IOS XE Software web UI elevation of privilege vulnerability

Cisco IOS XE is an operating system developed by Cisco for its network devices.Web UI is a feature of IOS XE software designed to simplify the deployment, management process, and enhance the user experience. The Cisco IOS XE Software web UI elevation of privilege vulnerability can be exploited by...

10CVSS7.4AI score0.99571EPSS
Exploits27References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•30 views

Microsoft Message Queuing Remote Code Execution Vulnerability (CNVD-2023-84130)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A remote code execution vulnerability exists in Microsoft Message Queuing, which could be exploited by an attacker to execute arbitrary code on a system...

7.3CVSS8.1AI score0.00967EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/11 12:0 a.m.•30 views

Huawei HarmonyOS and EMUI Security Bypass Vulnerability (CNVD-2023-84322)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security bypass vulnerability exists in Huawei...

9.1CVSS6.8AI score0.00399EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/07 12:0 a.m.•30 views

DedeBIZ Code Execution Vulnerability

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A code execution vulnerability exists in DedeBIZ version v6.2.11, which stems from the $activepath and $filename parameters in /admin/filemanagecontrol.php failing to correctly filter the special...

9.8CVSS7.8AI score0.01031EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/15 12:0 a.m.•30 views

Microsoft Office Spoofing Vulnerability (CNVD-2024-02719)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. Microsoft Office has a spoofing vulnerability that can be exploited by attackers to conduct spoofing...

5.5CVSS6.5AI score0.0119EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/12 12:0 a.m.•30 views

Linux kernel conditional contention vulnerability (CNVD-2023-71721)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a conditional contention vulnerability, which arises from a KVM in the Linux kernel with Secure Encrypted Virtualization SEV AMD processor...

5.6CVSS6.4AI score0.00159EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/17 12:0 a.m.•30 views

Google Chrome Type Obfuscation Vulnerability (CNVD-2023-65154)

Google Chrome is a web browser from Google, an American company. A type obfuscation vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from the presence of type obfuscation in V8, and can be exploited by remote attackers to cause the browser to shut down via a...

8.8CVSS8.1AI score0.01776EPSS
Exploits2References1
CNVD
CNVD
•added 2023/08/14 12:0 a.m.•30 views

Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2023-64450)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS suffers from a...

6.7CVSS8AI score0.00254EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•30 views

Microsoft Azure Arc Elevation of Privilege Vulnerability

Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. A privilege full vulnerability exists in Microsoft Azure Arc. An attacker can exploit this vulnerability to gain elevated privileges on the system...

7CVSS7AI score0.004EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•30 views

Microsoft Exchange Server Spoofing Vulnerability (CNVD-2023-64866)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers...

8.8CVSS6.7AI score0.16813EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•30 views

Adobe Acrobat Reader post-release reuse vulnerability (CNVD-2023-71754)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has a post-release reuse vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current...

7.8CVSS7.1AI score0.02703EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/11 12:0 a.m.•30 views

Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-65166)

Adobe Dimension is a 3D design tool that is very easy for designers to use while providing high quality visuals. To create realistic objects, Adobe Dimension uses materials defined in the NVidia Material Design Language. A heap buffer overflow vulnerability exists in Adobe Dimension. The...

7.8CVSS7.7AI score0.003EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/30 12:0 a.m.•30 views

Apache Jackrabbit Code Execution Vulnerability

Apache Jackrabbit is a content repository from Apache USA. A code execution vulnerability exists in Apache Jackrabbit Webapp/Standalone, which stems from the component commons-beanutils failing to properly filter special elements of constructed snippets. An attacker could exploit the vulnerabilit...

9.8CVSS7.8AI score0.02657EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/30 12:0 a.m.•30 views

Authentication Bypass Vulnerability in DSL-224 Version 3.0.10 of AUO Electronic Devices (Shanghai) Co.

AUO Electronic Devices Shanghai Co. DSL-224 is a wireless router from China's AUO D-Link. An authentication bypass vulnerability exists in the AUO DSL-224 version 3.0.10, which stems from an improper restriction of too many authentication attempts. An attacker could exploit the vulnerability to...

9.8CVSS9.5AI score0.01399EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/18 12:0 a.m.•30 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-100304)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0046EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/14 12:0 a.m.•30 views

Siemens SIMATIC WinCC using obsolete function vulnerability

SIMATIC NET PC software is a separately sold software product that implements the SIMATIC NET communication products.SIMATIC PCS 7 is a centralized control system DCS that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7 and other components.SIMATIC WinCC is a Supervisory...

8.8CVSS7.1AI score0.00291EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/07 12:0 a.m.•30 views

Tenda AC8 deviceId parameter buffer overflow vulnerability

Tenda AC8 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AC8 deviceId parameter, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause a denial of service...

9.8CVSS8.1AI score0.00857EPSS
Exploits1References1
CNVD
CNVD
•added 2023/05/28 12:0 a.m.•30 views

Apache RocketMQ Command Execution Vulnerability

Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. A command execution vulnerability exists in Apache RocketMQ 5.1.0 and prior versions, which stems from an application failing to properly filter special elements of...

9.8CVSS7.4AI score0.96604EPSS
Exploits11References1
CNVD
CNVD
•added 2023/05/20 12:0 a.m.•30 views

Cisco DNA Center Command Execution Vulnerability

Cisco DNA Center is a network management and command center service from Cisco USA. A command execution vulnerability exists in Cisco DNA Center Software. The vulnerability stems from the application's inadequate validation of user-supplied input in API request parameters and can be exploited by ...

8.8CVSS7.5AI score0.00624EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/18 12:0 a.m.•30 views

Google Android elevation of privilege vulnerability (CNVD-2023-41879)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code in efirtasmwrapper of the efi-rt wrapper.S, which can be exploited by an attacker to elevate privileges...

7.8CVSS7AI score0.00189EPSS
Exploits1References1
CNVD
CNVD
•added 2023/05/18 12:0 a.m.•30 views

Google Chrome Autofill UI Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 113.0.5672.126, which stems from a confusion in the Autofill UI instruction responsible for freeing memory. An attacker could use this vulnerability to...

8.8CVSS6.8AI score0.0085EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/18 12:0 a.m.•30 views

Google Chrome Guest View Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 113.0.5672.126, which stems from a mix-up in the instruction responsible for freeing memory in Guest View. An attacker could use this vulnerability to...

8.8CVSS8.5AI score0.24663EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/17 12:0 a.m.•30 views

Google Chrome on ChromeOS Code Execution Vulnerability

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome on ChromeOS. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system...

8.8CVSS7.9AI score0.00382EPSS
Exploits0References1
Total number of security vulnerabilities5000