Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/08/17 12:0 a.m.•29 views

Google Chrome Input Validation Error Vulnerability (CNVD-2023-65155)

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient input validation in XML, and can be exploited by remote attackers to bypass file access restrictions via a...

8.8CVSS6.3AI score0.45912EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•29 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85901)

Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...

7.8CVSS8.2AI score0.00803EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/06 12:0 a.m.•29 views

Cisco AsyncOS Input Validation Error Vulnerability

Cisco AsyncOS is a product of Cisco, Inc.Cisco AsyncOS is an operating system for Cisco devices. An input validation error vulnerability exists in Cisco AsyncOS that stems from improper detection of malicious traffic when the traffic is encoded in a specific content format, which can be exploited...

5.8CVSS7AI score0.00476EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/20 12:0 a.m.•29 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65506)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL server hangs or frequent and repeated crashes full DOS...

4.4CVSS6.3AI score0.01005EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/12 12:0 a.m.•29 views

Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55710)

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A cross-site scripting vulnerability exists in Siemens RUGGEDCOM ROX, which can be exploited by attackers to execute malicious javascript code by...

8.8CVSS6.4AI score0.00386EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/30 12:0 a.m.•29 views

Authentication Bypass Vulnerability in DSL-224 Version 3.0.10 of AUO Electronic Devices (Shanghai) Co.

AUO Electronic Devices Shanghai Co. DSL-224 is a wireless router from China's AUO D-Link. An authentication bypass vulnerability exists in the AUO DSL-224 version 3.0.10, which stems from an improper restriction of too many authentication attempts. An attacker could exploit the vulnerability to...

9.8CVSS9.5AI score0.01399EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/13 12:0 a.m.•29 views

Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44304)

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

6.6CVSS7.8AI score0.00836EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/30 12:0 a.m.•29 views

Apache Fineract Server Request Forgery Vulnerability

Apache Fineract is an open source system for platformizing core banking systems. A reliable, robust and affordable financial services solution for entrepreneurs, financial institutions and service providers. A server-side request forgery vulnerability exists in Apache Fineract versions 1.4 throug...

8.1CVSS8AI score0.00982EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•29 views

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-21656)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

7.8CVSS7.5AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/11 12:0 a.m.•29 views

Apache Dubbo code issue vulnerability (CNVD-2023-23551)

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A security vulnerability exists i...

9.8CVSS9.3AI score0.04847EPSS
Exploits3References1
CNVD
CNVD
•added 2023/03/01 12:0 a.m.•29 views

Dell PowerPath Management Appliance Command Injection Vulnerability

The Dell PowerPath Management Appliance is a PowerPath host management application from Dell Inc. that offers two models: a virtual machine-based appliance and a Docker containerized appliance. A command injection vulnerability exists in Dell PowerPath Management Appliance versions 3.3, 3.2, 3.1,...

7.2CVSS7.2AI score0.01657EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/20 12:0 a.m.•29 views

Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-10617)

Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, integrated modeling and simulation tool. An out-of-bounds write vulnerability exists in Siemens Tecnomatix Plant Simulation due to an affected application containing an out-of-bounds write beyond the end of the allocated buffer...

7.8CVSS7.8AI score0.00217EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•29 views

LS ELECTRIC XBC-DN32U Access Control Error Vulnerability

LS ELECTRIC XBC-DN32U is a PLC programmable logic controller from LS ELECTRIC Korea. LS ELECTRIC XBC-DN32U version 01.80 is vulnerable to an access control error, which could be exploited to remotely set the function to lock out the user from reading data from the device...

6.5CVSS5.7AI score0.00724EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•29 views

Dell EMC Unity Encryption Issue Vulnerability

Dell EMC Unity is a unified storage array product from Dell, a U.S. company. versions prior to Dell EMC Unity 5.2.0.0.5.173 have an encryption issue vulnerability that stems from the use of corrupted encryption algorithms, which can be exploited by a remote, unauthenticated attacker to obtain...

5.9CVSS4.5AI score0.00451EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•29 views

Apache Sling JNDI Injection Vulnerability

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. Apache Sling JCR Base versions prior to 3.1.12 JNDI injection vulnerabilit...

7.5CVSS7.5AI score0.0116EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•29 views

Microsoft Office Information Disclosure Vulnerability (CNVD-2023-18285)

Microsoft Office is a suite of office software developed by Microsoft Corporation based on the Windows operating system.Microsoft Office suffers from an information disclosure vulnerability. An attacker can exploit the vulnerability to execute arbitrary code by combining it with other...

6.3AI score0.00597EPSS
Exploits0
CNVD
CNVD
•added 2023/02/10 12:0 a.m.•29 views

Google Android elevation of privilege vulnerability (CNVD-2023-12020)

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the enforceVisualVoicemailPackage of PhoneInterfaceManager.java in Google Android version 13.0, which stems from a privilege bypass issue. An attacker can exploit the...

3.3CVSS4AI score0.00116EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•29 views

F5 F5OS command injection vulnerability

F5 F5OS-A and F5 F5OS-C are both products of F5 Inc. F5 F5OS-A is an operating system software. f5 F5OS-C is an operating system software on VELOS hardware. f5 F5OS has a command injection vulnerability that can be exploited by attackers to trick administrators into uploading a file with a specia...

7.8CVSS4AI score0.00443EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/30 12:0 a.m.•29 views

Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17093)

Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution by sending a crafted network reque...

9.8CVSS5AI score0.03499EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/30 12:0 a.m.•29 views

Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17084)

Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to OS command injection, which can be exploited by attackers to cause arbitrary commands to be executed by sending crafted HTTP requests...

8.8CVSS4.7AI score0.05808EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•29 views

Microsoft Office Visio Information Disclosure Vulnerability

Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. An information disclosure vulnerability exists in Microsoft Office Visio. An attacker can exploit this vulnerability to obtain sensitive...

7.1CVSS6AI score0.01793EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•29 views

SAP Host Agent Access Control Error Vulnerability

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...

6.7CVSS6.3AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•29 views

SAP BusinessObjects Analysis (Edition For Olap) Code Injection Vulnerability

SAP BusinessObjects Analysis Edition For Olap is a query and analysis tool from SAP, a German company used to analyze an organization's multidimensional data. A code injection vulnerability exists in SAP BusinessObjects Analysis Edition For Olap, which stems from the failure of a network system o...

9.9CVSS3.2AI score0.00743EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•29 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04327)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00929EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•29 views

Tenda A15 security_5g parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda A15 security5g parameter, which originates from a lack of length checking of input data in the security5g parameter of /goform/WifiBasicSet, which can be exploited by an attacker to...

9.8CVSS9.8AI score0.00873EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•29 views

Tenda A15 wrlPwd parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda China. A stack overflow vulnerability exists in the Tenda A15 wrlPwd parameter, which is caused by incorrect boundary checking performed by /goform/WifiBasicSet. By sending an excessively long string using the wrlPwd parameter, a remote attacker could explo...

9.8CVSS4.4AI score0.00873EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•29 views

Google Chrome Security Special Issue Vulnerability

Google Chrome is a web browser from Google, an American company. A vulnerability exists in Google Chrome prior to version 91.0.4472.77 due to a security specialization issue that stems from insufficient enforcement of content security policies. An attacker could exploit this vulnerability to bypa...

8.8CVSS8.1AI score0.11494EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/26 12:0 a.m.•29 views

Tenda i22 Buffer Overflow Vulnerability

The Tenda i22 is a wireless access point from Tenda China. A buffer overflow vulnerability exists in the Tenda i22 /goform/setcfm, which can be exploited by a remote attacker to submit a special request that can execute arbitrary code in the system context or crash the application...

7.5CVSS7.8AI score0.00815EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/23 12:0 a.m.•29 views

OpenImageIO Out-of-Bounds Write Vulnerability

OpenImageIO is an image read/write library, along with a number of tools and applications. OpenImageIO suffers from an out-of-bounds write vulnerability, which is caused by an out-of-bounds write flaw in the OpenImageIO::addexixitemtospec function. An attacker could use this vulnerability to...

9.8CVSS7.7AI score0.01581EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/19 12:0 a.m.•30 views

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07316)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigation measures such as ASLR and cause sensitive memory leaks...

5.5CVSS4.7AI score0.00456EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/19 12:0 a.m.•29 views

Microsoft Office Graphics remote code execution vulnerability (CNVD-2022-89427)

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA.A remote code execution vulnerability exists in Microsoft Office Graphics. An attacker could exploit this vulnerability to execute code on the target host...

7.8CVSS3AI score0.00705EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/16 12:0 a.m.•29 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-15825)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS2.4AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/07 12:0 a.m.•29 views

Google Android elevation of privilege vulnerability (CNVD-2023-04551)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the getBackgroundRestrictionExceptionReason code of AppRestrictionController.java, which can be exploited by an attacker to elevate...

7.8CVSS7.5AI score0.00101EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/07 12:0 a.m.•29 views

IBM WebSphere MQ Denial of Service Vulnerability (CNVD-2022-87643)

IBM WebSphere MQ is a system from International Business Machines IBM, Inc. A denial-of-service vulnerability exists in IBM WebSphere MQ version 7.1. A remote attacker could use this vulnerability to bypass security configuration settings and cause a denial of service...

7.5CVSS5.3AI score0.01693EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•29 views

GNU Emacs Command Injection Vulnerability

GNU Emacs is a family of text editors from the GNU community in the U.S. A command injection vulnerability exists in GNU Emacs version 28.2 and earlier, which stems from lib-src/etags.c's use of system C library functions when implementing the ctags program. An attacker could exploit the...

7.8CVSS5.7AI score0.00635EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•29 views

Discourse Information Disclosure Vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.An information disclosure vulnerability exists in versions of Discourse prior to 2.8.13, prior to 2.9.0.beta14, and prior to 2.9.0.tests-passed beta14. The vulnerability stems...

4.3CVSS2.5AI score0.00524EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•29 views

Discourse Information Disclosure Vulnerability (CNVD-2022-85501)

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An information disclosure vulnerability exists in Discourse versions 2.8.1 and earlier, and 2.9.0.beta.13 and earlier. An attacker can exploit this vulnerability to...

4.3CVSS4.2AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•29 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-08409)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from insufficient policy enforcement in the pop-up blocker. An attacker could exploit this vulnerability to bypass security restrictions...

4.3CVSS3AI score0.0054EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•29 views

D-Link DIR-878 Access Control Error Vulnerability

D-Link DIR-878 is a wireless router from D-Link China.The D-Link DIR-878 firmware version 1.02B05 contains an access control error vulnerability, which stems from the existence of incorrect access control. An attacker could use this vulnerability to log in with a blank password...

9.8CVSS4.7AI score0.01136EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•29 views

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15781)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow is vulnerable to an input validation error that could be exploited by attackers to crash the program...

7.5CVSS4AI score0.0044EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•29 views

ChurchInfo Arbitrary File Upload Vulnerability

ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. An arbitrary file upload vulnerability exists in ChurchInfo versions 1.2.13 and later, 1.3.0 and earlier. The vulnerability stems from the application'...

8.8CVSS8.9AI score0.10523EPSS
Exploits5References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•29 views

Google TensorFlow has an unspecified vulnerability (CNVD-2022-81226)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from an error that can be raised if a numpy array is created with the shape of one element being zero and the sum of the other elements...

7.5CVSS2.2AI score0.0033EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•29 views

WBCE CMS Section Header Field Cross-Site Scripting Vulnerability

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS v1.5.4 and its previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Section Header field of the Show...

4.8CVSS4.8AI score0.00493EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/21 12:0 a.m.•29 views

Siemens syngo Dynamics has an unspecified vulnerability

Siemens syngo Dynamics is a cardiovascular imaging and information solution from Siemens, a German company designed to be a centralized digital hub for complete cardiovascular services. Designed to be a centralized digital hub for complete cardiovascular services, Siemens syngo Dynamics suffers...

7.5CVSS1.9AI score0.00548EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/16 12:0 a.m.•29 views

Intel Advanced Link Analyzer Elevation of Privilege Vulnerability

Intel Advanced Link Analyzer is an advanced link analyzer from Intel Corporation USA. Intel Advanced Link Analyzer Pro versions prior to 22.2 and Standard edition prior to 22.1.1 are vulnerable to elevation of privilege, which can be exploited by attackers to perform local elevation of privilege...

7.3AI score0.00157EPSS
Exploits0Affected Software2
CNVD
CNVD
•added 2022/11/09 12:0 a.m.•29 views

Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...

7.8CVSS4.6AI score0.00301EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/06 12:0 a.m.•29 views

IBM MQ Input Validation Error Vulnerability (CNVD-2023-08771)

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM, Inc. The product provides a reliable, authenticated messaging backbone primarily for service-oriented architectures SOA.IBM MQ has an input validation error vulnerability that could be exploited by...

6.5CVSS3.3AI score0.0071EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/05 12:0 a.m.•29 views

D-Link DIR-823G Command Injection Vulnerability (CNVD-2023-21667)

D-Link DIR-823G is a wireless router from D-Link China.D-Link DIR-823G v1.0.2 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via specially crafted packets...

9.8CVSS9.6AI score0.03735EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/20 12:0 a.m.•29 views

Apache Dubbo Hession Deserialization Vulnerability

Apache Dubbo is a microservice development framework that provides two key capabilities for RPC communication and microservice governance.Apache Dubbo Hession is vulnerable to deserialization, which can be exploited by attackers to execute arbitrary code on the target server...

9.8CVSS5.7AI score0.02351EPSS
Exploits0
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•29 views

Google Pixel has unspecified vulnerabilities

Google Pixel is a smartphone from the U.S. company Google Google. Google Pixel has a security vulnerability that stems from a use-after-release flaw in the dllistremovenode in TBD caused by a competing condition, which can be exploited by local attackers to escalate privileges...

7CVSS4.1AI score0.00071EPSS
Exploits0References1
Total number of security vulnerabilities5000