Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/11/23 12:0 a.m.29 views

WBCE CMS Section Header Field Cross-Site Scripting Vulnerability

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS v1.5.4 and its previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Section Header field of the Show...

4.8CVSS4.8AI score0.00493EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/21 12:0 a.m.29 views

Siemens syngo Dynamics has an unspecified vulnerability

Siemens syngo Dynamics is a cardiovascular imaging and information solution from Siemens, a German company designed to be a centralized digital hub for complete cardiovascular services. Designed to be a centralized digital hub for complete cardiovascular services, Siemens syngo Dynamics suffers...

7.5CVSS1.9AI score0.00548EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/16 12:0 a.m.29 views

Intel Advanced Link Analyzer Elevation of Privilege Vulnerability

Intel Advanced Link Analyzer is an advanced link analyzer from Intel Corporation USA. Intel Advanced Link Analyzer Pro versions prior to 22.2 and Standard edition prior to 22.1.1 are vulnerable to elevation of privilege, which can be exploited by attackers to perform local elevation of privilege...

7.3AI score0.00157EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2022/11/09 12:0 a.m.29 views

Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...

7.8CVSS4.6AI score0.00301EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/06 12:0 a.m.29 views

IBM MQ Input Validation Error Vulnerability (CNVD-2023-08771)

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM, Inc. The product provides a reliable, authenticated messaging backbone primarily for service-oriented architectures SOA.IBM MQ has an input validation error vulnerability that could be exploited by...

6.5CVSS3.3AI score0.0071EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/05 12:0 a.m.29 views

D-Link DIR-823G Command Injection Vulnerability (CNVD-2023-21667)

D-Link DIR-823G is a wireless router from D-Link China.D-Link DIR-823G v1.0.2 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via specially crafted packets...

9.8CVSS9.6AI score0.03735EPSS
Exploits1References1
CNVD
CNVD
added 2022/10/14 12:0 a.m.29 views

Google Pixel has unspecified vulnerabilities

Google Pixel is a smartphone from the U.S. company Google Google. Google Pixel has a security vulnerability that stems from a use-after-release flaw in the dllistremovenode in TBD caused by a competing condition, which can be exploited by local attackers to escalate privileges...

7CVSS4.1AI score0.00071EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/14 12:0 a.m.29 views

Adobe Dimension out-of-bounds read vulnerability

Adobe Dimension is a suite of 2D and 3D compositing design tools from Adobe, Inc. An out-of-bounds read vulnerability exists in versions prior to Adobe Dimension 3.4.6, which stems from an out-of-bounds read vulnerability when parsing constructed files, which could result in reading beyond the en...

7.8CVSS5.1AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/14 12:0 a.m.29 views

Google Chrome has an unspecified vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions of Google Chrome prior to 106.0.5249.119, which stems from an improper implementation in the customization tab and could be exploited by remote attackers to spoof the content of the Omnibox URL bar via a...

4AI score0.0054EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/14 12:0 a.m.29 views

Microsoft Windows NTLM Spoofing Vulnerability

Microsoft Windows is a set of operating systems for personal devices from the U.S. Microsoft Windows NTLM has a spoofing vulnerability that could be exploited by an attacker to compromise the confidentiality of the system...

4.8AI score0.01473EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/14 12:0 a.m.29 views

Adobe ColdFusion Path Traversal Vulnerability (CNVD-2023-08751)

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion contains a path traversal vulnerability, which...

9.8CVSS4.3AI score0.80023EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/13 12:0 a.m.29 views

Microsoft Windows WLAN Service privilege elevation vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows WLAN Service, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause an...

5AI score0.00456EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/13 12:0 a.m.29 views

SAP 3D Visual Enterprise Author .cur Denial of Service Vulnerability

SAP 3D Visual Enterprise Author is a desktop application for managing 2D, 3D, animation, video and audio assets from SAP. A denial of service vulnerability exists in SAP 3D Visual Enterprise Author version 9, which stems from a lack of proper memory management, and can be exploited by an attacker...

5.5CVSS5.3AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/13 12:0 a.m.29 views

Microsoft Windows DWM Core Library privilege elevation vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in the Microsoft Windows DWM Core Library, which stems from the presence of improper privilege assignments in applications and can be exploited by...

5.9AI score0.09694EPSS
Exploits0
CNVD
CNVD
added 2022/10/13 12:0 a.m.29 views

Microsoft Windows COM Event System Service privilege elevation vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in the Microsoft Windows COM Event System Service, which stems from improper privilege assignment in applications and can be exploited by attackers to...

5.5AI score0.01777EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/11 12:0 a.m.29 views

Apache Airflow code issue vulnerability

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...

8.1CVSS3.8AI score0.01197EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/08 12:0 a.m.29 views

Zyxel CloudCNM SecuManager axiros Default Account Vulnerability

Zyxel ZyXEL CloudCNM SecuManager is a suite of network management software from Zyxel Taiwan, China. Zyxel CloudCNM SecuManager suffers from axiros default account vulnerability, which can be exploited by remote attackers to submit a special request for unauthorized access to the system...

9.8CVSS9.5AI score0.01296EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/30 12:0 a.m.29 views

Sensio Labs Twig Path Traversal Vulnerability

Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A path traversal vulnerability exists in Sensio Labs Twig 1.0.0 and later, versions prior to 1.44.7, 2.0.0 and later, versions prior to 2.15.3, and 3.0.0 and later,...

7.5CVSS7.4AI score0.01488EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/29 12:0 a.m.29 views

Tenda TX3 has an unspecified vulnerability

Tenda TX3 is a wireless router from Tenda China.A security vulnerability exists in Tenda TX3 USTX3V1.0brV16.03.13.11 version, which stems from compareparentcontroltime being vulnerable to heap-based buffer overflow. No detailed vulnerability details are currently available...

9.8CVSS4.7AI score0.08149EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/29 12:0 a.m.29 views

Google Chrome Survey Memory Misreference Vulnerability (CNVD-2022-88285 )

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a confusion in the instructions responsible for freeing memory in Survey. An attacker could exploit the vulnerability t...

8.8CVSS8.2AI score0.00522EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/29 12:0 a.m.29 views

Genivia Dlt-daemon Buffer Overflow Vulnerability

Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A buffer overflow vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...

5.5CVSS5.7AI score0.00417EPSS
Exploits3References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.29 views

Veritas System Recovery Authorization Issues Vulnerability

Veritas System Recovery is a system recovery software from Veritas, USA. The software provides Windows systems with the ability to recover damaged systems without reinstalling the system. An authorization issue vulnerability exists in Veritas System Recovery VSR 18.0 and later, versions prior to...

6.5CVSS6.5AI score0.00556EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.29 views

Rocket.Chat SQL Injection Vulnerability

Rocket.Chat, an open source team chat software, is vulnerable to SQL injection, which stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerability to retrieve a reset password token via 2fa secret or 2fa secret...

8.8CVSS2.8AI score0.01088EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/24 12:0 a.m.29 views

ISC BIND Buffer Overflow Vulnerability

ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a buffer overflow vulnerability that originates when reusing an HTTP connection to request statistics from the stats channel, where the length of the contents of...

6.4CVSS7.2AI score0.01073EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2022/09/19 12:0 a.m.29 views

Adobe InCopy Buffer Overflow Vulnerability (CNVD-2023-05231)

Adobe InCopy is an application from Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and previous versions are vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS6.5AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/19 12:0 a.m.29 views

D-Link DIR-2150 Buffer Overflow Vulnerability

D-Link DIR-2150 is a wireless router device from D-Link. D-Link DIR-2150c is vulnerable to a buffer overflow, which can be exploited by attackers to execute code in the root context...

8.8CVSS8.8AI score0.00623EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/14 12:0 a.m.29 views

Siemens Simcenter Femap and Parasolid Out-of-Bounds Writing Vulnerability (CNVD-2022-62980)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...

7.8CVSS2.2AI score0.00241EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/05 12:0 a.m.29 views

Libraw has an unspecified vulnerability

Libraw is a C library for processing RAW CRW/CR2,NEF,RAF,DNG,andothers format images from Libraw, which supports various operating systems. libraw has a security vulnerability that stems from a memory corruption in the crxFreeSubbandData function when processing cr3 files. No detailed vulnerabili...

5.5CVSS2.8AI score0.00246EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/05 12:0 a.m.29 views

SQlite has an unspecified vulnerability (CNVD-2022-62229)

SQLite is a lightweight database that is an ACID-compliant relational database management system. a security vulnerability exists in SQlite version 3.31.1, which stems from a potential null pointer dereference discovered in INTERSEC query processing. No details of the vulnerability are currently...

7.5CVSS3.2AI score0.00928EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/05 12:0 a.m.29 views

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2022-62223)

DedeCMS 织梦内容管理系统 is a PHP-based open source content management system CMS from China's Zhuo Zhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval.A security vulnerability exists in DedeCMS version V5.7.97, which was discovered to...

6.1CVSS1.9AI score0.0051EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/02 12:0 a.m.29 views

LibTIFF Resource Management Error Vulnerability (CNVD-2022-72099)

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability exists in LibTIFF version 4.4.0rc1, which stems from a double-release or corruption found in rotateImage in...

6.5CVSS3.7AI score0.00985EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/29 12:0 a.m.29 views

Ingredients Stock Management System SQL Injection Vulnerability

Ingredients Stock Management System is an ingredient stock management system by Carlo Montero. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /classes/Master .php?f=deletewaste location has an SQL injection issue with the id parameter. No...

9.8CVSS2.9AI score0.00906EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/29 12:0 a.m.29 views

OpenSSL has a denial of service vulnerability

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. A denial of service vulnerability exists in OpenSSL due to an error in the BNmodsqrt function that calculates the square root of a...

7.5CVSS3.2AI score0.70561EPSS
Exploits2
CNVD
CNVD
added 2022/08/23 12:0 a.m.29 views

JIZHICMS Cross-site Request Forgery Vulnerability (CNVD-2022-59206)

JIZHICMS 極致网络科技 JIZHICMS is an open source content management system CMS from China JIZHICMS. version v2.3.1 of JIZHICMS has a security vulnerability that stems from the existence of a CSRF vulnerability that can add administrators. No detailed vulnerability details are available at this time...

8.8CVSS3AI score0.0035EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/18 12:0 a.m.29 views

LibTIFF input validation error vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability in the LibTIFF tiffcrop utility stems from the existence of a faulty input validation flaw that could be...

5.5CVSS2AI score0.003EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/17 12:0 a.m.29 views

Vim Resource Management Error Vulnerability (CNVD-2022-68092)

Vim is a cross-platform text editor. versions of Vim prior to 9.0.0213 are vulnerable to a resource management error that stems from post-release reuse. No detailed vulnerability details are currently available...

7.8CVSS3.6AI score0.00498EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/12 12:0 a.m.29 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67842)

Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...

6.5CVSS4.3AI score0.01503EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/11 12:0 a.m.29 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-84111)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to an elevation of privilege vulnerability that stems from a program's failure to properly invoke a high-level native procedure. An attacker...

6.5CVSS3.5AI score0.01625EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/09 12:0 a.m.29 views

Siemens SCALANCE product has an unspecified vulnerability (CNVD-2022-56474)

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...

6.8CVSS3.4AI score0.00794EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/05 12:0 a.m.29 views

Google Android Information Disclosure Vulnerability (CNVD-2022-71980)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a vulnerability in method PVRSRVBridgePMRPDumpSymbolicAddr. An attacker could use this vulnerability to obtain sensitive information...

7.5CVSS2.9AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/04 12:0 a.m.29 views

IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2022-56974)

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an information disclosure vulnerability that stems from...

6.5CVSS1.7AI score0.00552EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/04 12:0 a.m.29 views

IBM DataPower Gateway XML External Entity Injection Vulnerability (CNVD-2022-56970)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...

9.1CVSS2.3AI score0.0115EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.29 views

Apple iOS and iPadOS Input Validation Error Vulnerability

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An input validation error vulnerability exists in Apple iOS before 15.6 and iPadOS before 15.6, which stems fr...

6.5CVSS6.8AI score0.06463EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.29 views

Oracle WebLogic Server Core Component Input Validation Error Vulnerability

Oracle WebLogic Server is a product of Oracle Corporation. Oracle WebLogic Server is an application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports the entire lifecycle management of applications from development to...

6.5CVSS6.3AI score0.00729EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.29 views

Oracle MySQL Server InnoDB Component Denial of Service Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and a denial-of-service vulnerability exists in Oracle MySQL 8.0.29 and earlier versions, which stems from the presence of The vulnerability is caus...

2AI score0.01418EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/07/21 12:0 a.m.29 views

Oracle MySQL Server Federated Component Denial of Service Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and a denial-of-service vulnerability exists in Oracle MySQL Server. An attacker can use this vulnerability to cause MySQL Server to hang or crash...

2.2AI score0.01135EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/07/20 12:0 a.m.29 views

Apache SkyWalking Denial of Service Vulnerability

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...

7.5CVSS7.3AI score0.01595EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.29 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54743)

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. Pexip Infinity is vulnerable to an input validation error that could be exploited by attackers to trigger a software abort, resulting in a...

7.5CVSS4AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.29 views

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-55646)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to cause a read to exceed the en...

5.5CVSS6.3AI score0.00354EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.29 views

WordPress plugin WP User Manager Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS7.5AI score0.0083EPSS
Exploits1References1
Total number of security vulnerabilities5000