Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2020/09/10 12:0 a.m.•30 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63319)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that can be exploited by an...

6.5CVSS1.9AI score0.04601EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•30 views

Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66068)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in Microsoft Windows/Windows Server, which...

6.5CVSS7AI score0.02838EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•30 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-67496)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows...

7.8CVSS3.2AI score0.00931EPSS
Exploits0References1
CNVD
CNVD
•added 2020/07/17 12:0 a.m.•30 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-67488)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in Microsoft Windows/Windo...

9.3CVSS3.3AI score0.10938EPSS
Exploits0References1
CNVD
CNVD
•added 2019/10/08 12:0 a.m.•30 views

Unspecified Vulnerability in ARM mbed TLS and ARM Mbed Crypto

ARM mbed TLS and ARM Mbed Crypto are both products of ARM UK. ARM mbed TLS is a product that provides secure communication and encryption for mbed products. ARM Mbed Crypto is an implementation of the cryptographic interface to the ARM Platform Security Architecture PSA. A security vulnerability...

5.3CVSS5.4AI score0.01773EPSS
Exploits0References1
CNVD
CNVD
•added 2018/07/30 12:0 a.m.•30 views

Unspecified vulnerability in ARM mbed TLS (CNVD-2021-59609)

ARM mbed TLS formerly PolarSSL is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A security vulnerability exists in ARM mbed TLS versions prior to 2.12.0, prior to 2.7.5, and prior to 2.1.14. An attacker could exploit this vulnerability to...

4.7CVSS5AI score0.00373EPSS
Exploits0References1
CNVD
CNVD
•added 2018/01/04 12:0 a.m.•30 views

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is an open source use in the Java EE system UI library . A remote code execution vulnerability exists in version 5.x of Primetek Primefaces. A remote attacker could exploit this vulnerability to execute code...

9.8CVSS8.3AI score0.94104EPSS
Exploits6References1
CNVD
CNVD
•added 2017/12/13 12:0 a.m.•30 views

Microsoft Internet Explorer Information Disclosure Vulnerability (CNVD-2018-00751)

Internet Explorer is a web browser from Microsoft. An information disclosure vulnerability exists in Microsoft Internet Explorer, which can be exploited by an unauthenticated, remote attacker to gain access to sensitive information on the target system...

5.3CVSS6.4AI score0.25116EPSS
Exploits4References1
CNVD
CNVD
•added 2017/11/15 12:0 a.m.•30 views

Foscam IP Video Camera Buffer Overflow Vulnerability (CNVD-2017-34271)

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A buffer overflow vulnerability exists in the UPnP implementation in the Foscam C1 Indoor HD Camera. An attacker can exploit this vulnerability to overwrite arbitrary data with a specially crafted UPnP discovery response...

7.5CVSS7.4AI score0.00818EPSS
Exploits3References1
CNVD
CNVD
•added 2017/04/20 12:0 a.m.•30 views

FFmpeg 'decode_zbuf' function stack buffer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A stack buffer overflow vulnerability exists in the 'decodezbuf' function in the libavcodec/pngdec.c file in FFmpe. An attacker can exploit this vulnerability to cause a denial of service...

9.8CVSS9.3AI score0.02508EPSS
Exploits0References1
CNVD
CNVD
•added 2017/02/28 12:0 a.m.•30 views

ytnef Buffer Overflow Denial of Service Vulnerability

ytnef is an application library for extracting data from winmail.dat files. A buffer overflow vulnerability exists in ytnef. A remote attacker could exploit this vulnerability to construct a malicious file that could be parsed by the user, which could crash the application...

7.8CVSS8AI score0.01345EPSS
Exploits0References1
CNVD
CNVD
•added 2016/12/06 12:0 a.m.•30 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2016-12036)

Apache HTTP Server is the United States Apache Apache Software Foundation of an open source web server. modhttp2 is one of the modules on the HTTP/2 protocol . A denial of service vulnerability exists in Apache HTTP Server. Exploitation of the vulnerability by a remote attacker could cause memory...

7.5CVSS9.2AI score0.7907EPSS
Exploits4References1
CNVD
CNVD
•added 2016/12/05 12:0 a.m.•30 views

BlueZ buffer overflow vulnerability (CNVD-2016-11954)

BlueZ is an official Bluetooth stack for Linux. A buffer overflow vulnerability exists in the 'commandsdump' function in the original 'tools/parser/csr.c' file in BlueZ version 5.42, which stems from the lack of a buffer boundary check for the The vulnerability stems from a lack of buffer bounds...

5.3CVSS9AI score0.02523EPSS
Exploits1References1
CNVD
CNVD
•added 2016/09/14 12:0 a.m.•30 views

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2016-07613)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. An elevation of privilege vulnerability exists in the Microsoft Windows kernel. When the kernel API executes privileges, an attacker can exploit the vulnerabili...

6.6CVSS6.9AI score0.02226EPSS
Exploits0References1
CNVD
CNVD
•added 2015/11/10 12:0 a.m.•30 views

Huawei Mate7 HIFI Driver Memory Heap Overflow Vulnerability

The Huawei Mate7 is a smartphone product from the Chinese company Huawei Huawei. A memory heap overflow vulnerability exists in the HIFI driver of the Huawei Mate7. An attacker can exploit this vulnerability by tricking the user into installing a malicious application to read and modify memory...

9.3CVSS7AI score0.03811EPSS
Exploits2References1
CNVD
CNVD
•added 2025/05/14 12:0 a.m.•29 views

NETGEAR RAX5 reset_wifi function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability, which stems from the devname parameter in the resetwifi function failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be exploited t...

9.8CVSS7.3AI score0.01198EPSS
Exploits1References1
CNVD
CNVD
•added 2025/04/14 12:0 a.m.•29 views

Command Execution Vulnerability in e-cology of Shanghai Panmicro Network Technology Co. Ltd (CNVD-2025-07886)

e-cology is an enterprise-level collaborative office automation system that provides comprehensive informatization solutions mainly for medium and large enterprises. It is characterized by intelligence, platform and full digitalization, aiming to improve the efficiency and management level of the...

8.4AI score
Exploits0
CNVD
CNVD
•added 2024/04/11 12:0 a.m.•29 views

Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application's failure to properly filter...

9.8CVSS9.5AI score0.01257EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/11 12:0 a.m.•29 views

Microsoft Defender for IoT Remote Code Execution Vulnerability (CNVD-2024-19328)

Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments. Microsoft Defender for IoT suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary code on a system...

8.8CVSS8.2AI score0.03199EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/21 12:0 a.m.•29 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14661)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00427EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/14 12:0 a.m.•29 views

Google Android Code Execution Vulnerability (CNVD-2024-16883)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code execution vulnerability caused by an out-of-bounds write in attpbuildvaluecmd in attprocol.cc. An attacker can exploit this vulnerability to run arbitrary code on the system...

9.8CVSS7.8AI score0.01512EPSS
Exploits1References1
CNVD
CNVD
•added 2024/03/06 12:0 a.m.•29 views

IBM Security Guardium XML External Entity Injection Vulnerability (CNVD-2024-12704)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium Key Lifecycle Manager suffers from an...

8.2CVSS7AI score0.01379EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/01 12:0 a.m.•29 views

Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-12548)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security bypass vulnerability that originates from the use of a combination of exit fullscreen mode and requestPointerLock to cause the user's mouse to be accidentally...

6.1CVSS6.7AI score0.00575EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/29 12:0 a.m.•29 views

Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11664)

Adobe Acrobat Reader is the United States of America Audobee Adobe, a PDF viewer. Adobe Acrobat and Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information caused by an out-of-bounds read...

5.5CVSS6AI score0.02385EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•29 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11156)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...

4.9CVSS6.5AI score0.01038EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/21 12:0 a.m.•29 views

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-14992)

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A command execution vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Lt...

7.6AI score
Exploits0
CNVD
CNVD
•added 2024/01/30 12:0 a.m.•29 views

Cups Easy cross-site scripting vulnerability (CNVD-2024-11129)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the countryid parameter on the /cupseasylive/countrymodify.php page. An attacker could...

8.2CVSS6.2AI score0.00436EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/30 12:0 a.m.•29 views

Cups Easy cross-site scripting vulnerability (CNVD-2024-11143)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/itempopup.php page. An attacker could us...

8.2CVSS6.5AI score0.00398EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•29 views

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-10434)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

6.5CVSS6.9AI score0.006EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/24 12:0 a.m.•29 views

Tenda A15 wpapsk_crypto2_4g parameter buffer overflow vulnerability

Tenda A15 is a WiFi extender from Tenda China. A buffer overflow vulnerability exists in Tenda A15 version 15.13.07.13, which originates from the wpapskcrypto24g parameter of the /goform/WifiExtraSet file that fails to correctly validate the length of the input data, and can be exploited by a...

8.6CVSS8.6AI score0.01761EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/16 12:0 a.m.•29 views

Command Injection Vulnerability in DIR-822+ V1.0.2 of AUO Electronic Equipment (Shanghai) Co.

DIR-822 is a wireless router from D-Link, a Chinese company. A command injection vulnerability exists in the AUO Electronic Devices Shanghai Co. DIR-822+ version V1.0.2, which stems from the SetStaticRouteSettings function failing to correctly filter constructor command special characters,...

9.8CVSS7.7AI score0.02024EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/13 12:0 a.m.•29 views

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-09027)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

7.3AI score
Exploits0
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•29 views

Microsoft Win32k Elevation of Privilege Vulnerability (CNVD-2024-11165)

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32k. An attacker could exploit this vulnerability to gain elevated privileges on the system...

7.8CVSS7.2AI score0.00671EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•29 views

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2024-11168)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to gain elevated privileges on a system...

7.8CVSS7.2AI score0.08647EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/11 12:0 a.m.•29 views

GetSimple CMS Cross-Site Scripting Vulnerability

GetSimple CMS is a content management system CMS written in PHP. A cross-site scripting vulnerability exists in GetSimple CMS version 3.3.16, which stems from the lack of effective filtering and escaping of user-supplied data when adding articles to the /admin/edit.php page, and can be exploited ...

5.4CVSS6.4AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/21 12:0 a.m.•29 views

Apache Superset SQL Injection Vulnerability (CNVD-2024-0102192)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an authenticated, remote attacker to send specially crafted SQL statements to the wherein JINJA macro...

8.8CVSS8.1AI score0.01178EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•29 views

Adobe After Effects Buffer Overflow Vulnerability (CNVD-2023-99989)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects, which can be...

7.8CVSS7.7AI score0.00338EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/13 12:0 a.m.•29 views

Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerability

SIMATIC STEP 7 TIA Portal is an engineering software for configuring and programming SIMATIC controllers. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 TIA Portal, which can be exploited by an attacker to gain access...

5.5CVSS4.7AI score0.00142EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/07 12:0 a.m.•29 views

Huawei HarmonyOS DFR Module Authorization Issue Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an authorization issue vulnerability that stems from an interface without privilege checks in the DFR module. An attacker could...

7.5CVSS6.8AI score0.0042EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/30 12:0 a.m.•29 views

Foxit Reader Type Obfuscation Vulnerability (CNVD-2023-96088)

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A type confusion vulnerability exists in Foxit Reader before version 12.1.2.15356, which can be exploited by an attacker to execute arbitrary code on the system...

8.8CVSS8.7AI score0.01627EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•29 views

Multiple Siemens Products Input Validation Error Vulnerability (CNVD-2023-86591)

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

9.4CVSS6.9AI score0.01352EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•29 views

Google Android Information Disclosure Vulnerability (CNVD-2023-84090)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

7.8CVSS6.2AI score0.00116EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/26 12:0 a.m.•29 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85609)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...

4.3CVSS6.1AI score0.01416EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/17 12:0 a.m.•29 views

Apache Airflow Authorization Problem Vulnerability (CNVD-2023-80561)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an authorization issue vulnerability that stems from...

6.5CVSS6.5AI score0.01433EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•29 views

Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81878)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...

8.1CVSS7.8AI score0.01256EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•29 views

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A remote code execution vulnerability exists in Microsoft Message Queuing, which could be exploited by an attacker to execute arbitrary code on a system...

7.3CVSS8.1AI score0.00921EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/09 12:0 a.m.•29 views

Arbitrary File Download Vulnerability in Yonyou UAP/NC of UFIDA Network Technology Co.

Founded in 1988, UFIDA is a global provider of advanced cloud services, software, and financial services for enterprises and public organizations. An arbitrary file download vulnerability exists in Yonyou UAP/NC, which can be exploited by attackers to obtain sensitive information...

7AI score
Exploits0
CNVD
CNVD
•added 2023/09/09 12:0 a.m.•29 views

Arbitrary Code Execution Vulnerability in Various Apple Products (CNVD-2023-68416)

iOS is a mobile operating system developed by Apple. iPadOS is a family of mobile operating systems developed by Apple based on iOS. watchOS is the operating system for Apple Watch. Arbitrary code execution vulnerability exists in several Apple products, which can be exploited by an attacker to...

7.8CVSS7.8AI score0.03151EPSS
Exploits0
CNVD
CNVD
•added 2023/08/29 12:0 a.m.•29 views

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76760)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

8.3CVSS6.9AI score0.01841EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/17 12:0 a.m.•29 views

Google Chrome Input Validation Error Vulnerability (CNVD-2023-64445)

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from insufficient DevTools data validation. A remote attacker can exploit this vulnerability by sending a malicious HTTP...

6.5CVSS7.5AI score0.00491EPSS
Exploits1References1
Total number of security vulnerabilities5000