Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/02/22 12:0 a.m.•82 views

Command Execution Vulnerability in Cacti

Cacti is a set of network traffic monitoring based on PHP, MySQL, SNMP and RRDTool development of graphical analysis tools . Cacti has a command execution vulnerability that can be exploited by an attacker to execute arbitrary commands...

9.8CVSS10AI score0.99826EPSS
Exploits48
CNVD
CNVD
•added 2022/07/29 12:0 a.m.•82 views

Synology DiskStation Manager Path Traversal Vulnerability (CNVD-2022-67856)

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. The operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in Synology DiskStation Manager DSM, whi...

8.1CVSS7.8AI score0.01332EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•82 views

Apache Xalan Input Validation Error Vulnerability

Apache Xalan is an open source software library from the Apache Foundation USA. Apache Xalan Java XSLT Stock in Input Validation Error vulnerability stems from an integer truncation issue when processing malicious XSLT stylesheets. The vulnerability can be exploited to corrupt Java class files...

7.5CVSS8.2AI score0.17673EPSS
Exploits2References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•82 views

Clinics Patient Management System SQL Injection Vulnerability

Clinics Patient Management System is a clinic patient management system. A SQL injection vulnerability exists in Clinics Patient Management System version 2.0, which originates from a parameter username that can be exploited to execute illegal SQL commands...

9.8CVSS9.8AI score0.00803EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/29 12:0 a.m.•82 views

Google Chrome V8 Improper Implementation Vulnerability (CNVD-2021-99260)

Chrome is a simple and efficient web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.69 are vulnerable to a V8 improper implementation. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...

8.8CVSS4AI score0.36238EPSS
Exploits2References1
CNVD
CNVD
•added 2020/04/30 12:0 a.m.•82 views

jQuery cross-site scripting vulnerability (CNVD-2021-26411)

jQuery is a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of jQuery prior to 3.5.0. The vulnerability...

6.9CVSS7.1AI score0.99019EPSS
Exploits7References1
CNVD
CNVD
•added 2022/04/19 12:0 a.m.•81 views

Out-of-bounds write vulnerability in multiple Adobe products (CNVD-2022-46968)

Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Reader is a set of PDF document reading software. Multiple Adobe products have out-of-bounds write vulnerabilities that can be exploited by an attacker to execute arbitrary code in the context of the current user...

9.3CVSS8AI score0.09827EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/16 12:0 a.m.•81 views

showdoc .shtml file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .shtml file extensions in the application's file upload feature. An attacker could use this vulnerability to...

6.3CVSS1.5AI score0.00538EPSS
Exploits1References1
CNVD
CNVD
•added 2023/10/11 12:0 a.m.•80 views

F5 BIG-IP Denial of Service Vulnerability (CNVD-2023-75597)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management and other functions. A denial of service vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial o...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•80 views

Apache Tomcat has an unspecified vulnerability

Apache Tomcat is a lightweight Web application server from the Apache Foundation. Apache Tomcat has a security vulnerability that could be exploited by an attacker to potentially compromise the confidentiality, availability, or integrity of the system. No details of the vulnerability are availabl...

3.4AI score0.00695EPSS
Exploits0
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•81 views

MongoDB buffer overflow vulnerability

MongoDB is a document-oriented database management system from MongoDB, Inc. MongoDB suffers from a buffer overflow vulnerability, which can be exploited by attackers to cause a denial of service...

7.5CVSS5.6AI score0.0197EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/11 12:0 a.m.•80 views

Google Android permission permission and access control issue vulnerability (CNVD-2022-47678)

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to permission and access control issues, which can be exploited by attackers to cause local privilege escalation...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/25 12:0 a.m.•80 views

Google Android iaxxx-codec.c elevation of privilege vulnerability

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android iaxxx-codec.c suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to cause a local elevation of privilege...

7.8CVSS6.5AI score0.00117EPSS
Exploits0References1
CNVD
CNVD
•added 2025/07/18 12:0 a.m.•79 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2025-16603)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server, which stems from a modproxyhttp2 assertion failure that can be...

7.5CVSS6.8AI score0.01149EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/05 12:0 a.m.•79 views

Linux Kernel Denial of Service Vulnerability (CNVD-2024-14766)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service attack vulnerability exists in the Linux Kernel. The vulnerability is due to a memory leak found in ctnetlinkcreateconntrack in...

5.5CVSS6.2AI score0.00301EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/19 12:0 a.m.•79 views

CasaOS Encryption Issues Vulnerabilities

CasaOS is a simple, easy-to-use and elegant open source home cloud system. A cryptographic issue vulnerability exists in versions of CasaOS prior to 0.4.4. The vulnerability stems from a poor choice of JWT algorithm and can be exploited by an attacker to craft arbitrary JWTs and access functions...

9.8CVSS7.4AI score0.05871EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/11 12:0 a.m.•79 views

ZTE MF286R Command Injection Vulnerability

The ZTE MF286R is a wireless router from China's ZTE Corporation ZTE. A command injection vulnerability exists in the ZTE Mobile MF286R NordicMF286RB06, which stems from insufficient validation of input parameters and can be exploited by an attacker to execute arbitrary commands...

9.8CVSS9.8AI score0.0334EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/21 12:0 a.m.•79 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-47673)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android suffers from a buffer overflow vulnerability, which stems from a lack of privilege checks in the ims service, and can be exploited by attackers to cause local privilege escalation...

7.8CVSS6.3AI score0.00113EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/18 12:0 a.m.•78 views

ZTE MC801A Command Injection Vulnerability

The ZTE MC801A is a 5g indoor WiFi router from China's ZTE ZTE. The ZTE MC801A suffers from an input validation vulnerability in the handling of multiple network parameters, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

8.8CVSS7.6AI score0.01772EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/22 12:0 a.m.•78 views

Arbitrary File Read Vulnerability in DPtech SSL VPN of Hangzhou Dipu Technology Co.

Ltd. is a high-tech enterprise integrating R&D, production and sales in the field of network, security and application delivery. Ltd. DPtech SSL VPN suffers from an arbitrary file read vulnerability, which can be exploited by attackers to obtain sensitive information...

7AI score
Exploits0
CNVD
CNVD
•added 2022/03/18 12:0 a.m.•78 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-21810)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.16.12 previously had a security vulnerability where the endpoint index was not validated and could be manipulated by the host for out-of-array access. No detailed vulnerability details are...

8.8CVSS1.1AI score0.021EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/24 12:0 a.m.•78 views

Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15477)

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...

5.3CVSS4.2AI score0.03486EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/10 12:0 a.m.•78 views

Apache Kylin Input Validation Error Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin has an input validation error vulnerability, which stems from...

9.8CVSS2.6AI score0.02902EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/04 12:0 a.m.•78 views

Unspecified Vulnerability in Apache HTTP Server (CNVD-2021-44765)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. There is a security vulnerability in Apache HTTP Server, no details of the vulnerability are provided at this time...

5.5CVSS6.6AI score0.11773EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/22 12:0 a.m.•77 views

GeoServer Arbitrary File Upload Vulnerability

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective authentication of uploaded files. An...

7.2CVSS7.7AI score0.01867EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/14 12:0 a.m.•77 views

ISC BIND input validation error vulnerability

ISC BIND is a set of open source software from ISC that implements the DNS protocol. ISC BIND is vulnerable to an input validation error, which could be exploited by an attacker to cause a query to the wrong server, returning an error message to the client...

6.8CVSS2.7AI score0.0325EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/17 12:0 a.m.•77 views

Atlassian Fisheye and Crucible Brute Force Exploits

Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. Atlassian Fisheye and Crucible are vulnerable to a brute force vulnerability due to a failure to check whether a user has exceeded their maximum failed login limit. An attacker...

9.8CVSS9.7AI score0.01408EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/11 12:0 a.m.•77 views

Google Android permission permission and access control issue vulnerability (CNVD-2022-47676)

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to permission and access control issues, which can be exploited by attackers to cause local privilege escalation...

7.8CVSS5.7AI score0.00118EPSS
Exploits0References1
CNVD
CNVD
•added 2020/05/20 12:0 a.m.•77 views

jQuery cross-site scripting vulnerability (CNVD-2021-28270)

jQuery is the United States John Resig programmer of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of...

6.1CVSS6.4AI score0.06273EPSS
Exploits4References1
CNVD
CNVD
•added 2016/09/14 12:0 a.m.•77 views

Google Chrome Skia Denial of Service Vulnerability (CNVD-2016-07581)

Google Skia is the United States Google Google company's an open source and C + + based graphics library , it can be used in Mozilla Firefox, Google Chrome and other browsers , but also available in the Android open mobile platform . A denial of service vulnerability exists in the SkPath.cpp file...

8.8CVSS8.7AI score0.01088EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•76 views

ABB MicroSCADA Pro SYS600 Code Execution Vulnerability

ABB MicroSCADA Pro SYS600 is a suite of monitoring and data acquisition software from ABB Switzerland. The software is used for substation automation, SCADA electrical, distribution management applications and industrial power management. ABB MicroSCADA Pro SYS600 suffers from a code execution...

8.8CVSS8AI score0.00277EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•76 views

Samsung SecTelephonyProvider Information Disclosure Vulnerability (CNVD-2022-70741)

Samsung SecTelephonyProvider is a Telephony service for Samsung mobile devices that provides support for the Telephony Application Programming Interface TAPI.An information disclosure vulnerability exists in Samsung SecTelephonyProvider, which stems from a lack of protection for EventType in...

3.3CVSS2AI score0.00095EPSS
Exploits0References1
CNVD
CNVD
•added 2020/10/11 12:0 a.m.•76 views

Apache Calcite Clickjacking Vulnerability

Apache Calcite is a dynamic data management framework that has many of the features of a typical database management system, such as SQL parsing, SQL validation, SQL query optimization, SQL generation, and data connection queries. clickjacking vulnerability exists in versions of Apache Calcite...

5.9CVSS2.8AI score0.02141EPSS
Exploits0References1
CNVD
CNVD
•added 2016/08/31 12:0 a.m.•76 views

vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability

VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...

9.8CVSS9.9AI score0.68493EPSS
Exploits7References1
CNVD
CNVD
•added 2022/12/20 12:0 a.m.•75 views

IBM AIX Elevation of Privilege Vulnerability (CNVD-2023-00805)

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX has an elevation of privilege vulnerability that can be exploited by attackers to gain root privileges...

8.4CVSS6.7AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/12 12:0 a.m.•75 views

Linux kernel resource management error vulnerability (CNVD-2022-69186)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a confusion in mm/rmap.c, the instruction responsible for freeing memory. An attacker could use this vulnerability to cause a crash, arbitrary code execution, etc...

3.5AI score0.00971EPSS
Exploits3Affected Software1
CNVD
CNVD
•added 2022/05/07 12:0 a.m.•75 views

F5 BIG-IP iControl REST Authentication Bypass Vulnerability

F5 BIG-IP is an application delivery platform that integrates traffic management, DNS, inbound and outbound rules, web application firewall, web gateway, load balancing and other functions. F5 BIG-IP iControl REST authentication bypass vulnerability, the vulnerability is due to the authentication...

9.8CVSS10AI score0.99956EPSS
Exploits63References1
CNVD
CNVD
•added 2022/05/07 12:0 a.m.•75 views

squirrel SQL Injection Vulnerability

squirrel is the stable version of the programming language SQUIRREL 3.2. A security vulnerability exists in squirrel version 3.2, which stems from the lack of a specific sqreservestack call to threadcall in sqbaselib.cpp. No detailed vulnerability details are currently available...

10CVSS3.4AI score0.03576EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/29 12:0 a.m.•75 views

Linux kernel memory corruption vulnerability (CNVD-2022-55071)

Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux. Linux kernel is vulnerable to a memory corruption vulnerability that originates in drivers/hid/hid-elo.c in the Linux kernel, which is a memory leak for a certain hidparse error condition and can be...

5.5CVSS3AI score0.00381EPSS
Exploits0References1
CNVD
CNVD
•added 2020/10/12 12:0 a.m.•75 views

MikroTik RouterOS Integer Underflow Vulnerability

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. An integer underflow vulnerability exists in the SMB server in versions of MikroTik RouterOS prior to 6.45.5, whic...

7.5CVSS6.8AI score0.02565EPSS
Exploits0References1
CNVD
CNVD
•added 2020/04/02 12:0 a.m.•75 views

Apache HTTP Server Uninitialized Memory Vulnerability

Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.41, which stems from modproxyft...

5.3CVSS8.4AI score0.51951EPSS
Exploits0References1
CNVD
CNVD
•added 2018/08/30 12:0 a.m.•75 views

OpenSSH user enumeration vulnerability (CNVD-2018-20962)

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers maintained by the OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...

5.3CVSS6.6AI score0.03557EPSS
Exploits1References1
CNVD
CNVD
•added 2018/08/21 12:0 a.m.•75 views

OpenSSH User Enumeration Vulnerability (CNVD-2018-20960)

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers maintained by the OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...

5.3CVSS6.9AI score0.98631EPSS
Exploits23References1
CNVD
CNVD
•added 2023/10/26 12:0 a.m.•74 views

Stable Diffusion WebUI Remote Command Execution Vulnerability

Stable Diffusion WebUI is an AI image processing tool developed by AUTOMATIC1111 based on the Stable Diffusion AI model, which supports file creation and image creation. A remote command execution vulnerability in Stable Diffusion WebUI, which is caused by not filtering user input when installing...

8.1AI score
Exploits0References1
CNVD
CNVD
•added 2023/02/22 12:0 a.m.•74 views

Apache Commons FileUpload Denial of Service Vulnerability (CNVD-2023-23552)

Apache Commons FileUpload is the United States Apache Apache Foundation of a file can be uploaded to the Servlet and Web applications package. A denial of service vulnerability exists in Apache Commons FileUpload versions prior to 1.5, which stems from a failure to limit the number of requests an...

7.5CVSS6.8AI score0.46836EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•74 views

Unauthorized Access Vulnerability in Joomla!

Joomla! is a globally recognized content management system. An unauthorized access vulnerability exists in Joomla! versions 4.0.0 through 4.2.7. The vulnerability is due to an incorrect access check in the affected versions, which can be exploited by an attacker to gain unauthorized access to the...

5.3CVSS5.7AI score0.99827EPSS
Exploits43References1
CNVD
CNVD
•added 2024/01/22 12:0 a.m.•73 views

Linux has a binary vulnerability

Linux is an open source Unix-like operating system. Linux has a binary vulnerability that can be exploited by attackers to elevate privileges...

7.8CVSS6.8AI score0.00458EPSS
Exploits1
CNVD
CNVD
•added 2022/06/17 12:0 a.m.•73 views

Apache Hadoop Elevation of Privilege Vulnerability (CNVD-2022-51055)

Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. an elevation of privilege vulnerability exists in Apache Hadoop, which ste...

9CVSS3.1AI score0.0325EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/11 12:0 a.m.•73 views

Google Android permission permission and access control issue vulnerability (CNVD-2022-47677)

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to permission and access control issues, which can be exploited by attackers to cause local privilege escalation...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/22 12:0 a.m.•73 views

Command Execution Vulnerability in Mingguo Security Gateway of Hangzhou ACE Information Technology Co. Ltd (CNVD-2022-25740)

MingGuard Security Gateway builds a next-generation security protection system with full-process defense and integrates traditional firewall, intrusion detection, intrusion prevention system, anti-virus gateway, Internet behavior control, VPN gateway, threat intelligence, and other security modul...

7.6AI score
Exploits0
Total number of security vulnerabilities5000