Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/08/29 12:0 a.m.•29 views

Ingredients Stock Management System SQL Injection Vulnerability

Ingredients Stock Management System is an ingredient stock management system by Carlo Montero. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /classes/Master .php?f=deletewaste location has an SQL injection issue with the id parameter. No...

9.8CVSS2.9AI score0.00906EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/29 12:0 a.m.•29 views

OpenSSL has a denial of service vulnerability

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. A denial of service vulnerability exists in OpenSSL due to an error in the BNmodsqrt function that calculates the square root of a...

7.5CVSS3.2AI score0.70561EPSS
Exploits2
CNVD
CNVD
•added 2022/08/23 12:0 a.m.•29 views

JIZHICMS Cross-site Request Forgery Vulnerability (CNVD-2022-59206)

JIZHICMS 極致网络科技 JIZHICMS is an open source content management system CMS from China JIZHICMS. version v2.3.1 of JIZHICMS has a security vulnerability that stems from the existence of a CSRF vulnerability that can add administrators. No detailed vulnerability details are available at this time...

8.8CVSS3AI score0.0035EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/18 12:0 a.m.•29 views

LibTIFF input validation error vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability in the LibTIFF tiffcrop utility stems from the existence of a faulty input validation flaw that could be...

5.5CVSS2AI score0.003EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/17 12:0 a.m.•29 views

Vim Resource Management Error Vulnerability (CNVD-2022-68092)

Vim is a cross-platform text editor. versions of Vim prior to 9.0.0213 are vulnerable to a resource management error that stems from post-release reuse. No detailed vulnerability details are currently available...

7.8CVSS3.6AI score0.00498EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/12 12:0 a.m.•29 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67842)

Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...

6.5CVSS4.3AI score0.01503EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/11 12:0 a.m.•29 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-84111)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to an elevation of privilege vulnerability that stems from a program's failure to properly invoke a high-level native procedure. An attacker...

6.5CVSS3.5AI score0.01625EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/09 12:0 a.m.•29 views

Siemens SCALANCE product has an unspecified vulnerability (CNVD-2022-56474)

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...

6.8CVSS3.4AI score0.00794EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/05 12:0 a.m.•29 views

Google Android Information Disclosure Vulnerability (CNVD-2022-71980)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a vulnerability in method PVRSRVBridgePMRPDumpSymbolicAddr. An attacker could use this vulnerability to obtain sensitive information...

7.5CVSS2.9AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/04 12:0 a.m.•29 views

IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2022-56974)

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an information disclosure vulnerability that stems from...

6.5CVSS1.7AI score0.00552EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/04 12:0 a.m.•29 views

IBM DataPower Gateway XML External Entity Injection Vulnerability (CNVD-2022-56970)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...

9.1CVSS2.3AI score0.0115EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/22 12:0 a.m.•29 views

Apple iOS and iPadOS Input Validation Error Vulnerability

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An input validation error vulnerability exists in Apple iOS before 15.6 and iPadOS before 15.6, which stems fr...

6.5CVSS6.8AI score0.06463EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•29 views

Oracle WebLogic Server Core Component Input Validation Error Vulnerability

Oracle WebLogic Server is a product of Oracle Corporation. Oracle WebLogic Server is an application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports the entire lifecycle management of applications from development to...

6.5CVSS6.3AI score0.00729EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•29 views

Oracle MySQL Server InnoDB Component Denial of Service Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and a denial-of-service vulnerability exists in Oracle MySQL 8.0.29 and earlier versions, which stems from the presence of The vulnerability is caus...

2AI score0.01418EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/07/21 12:0 a.m.•29 views

Oracle MySQL Server Federated Component Denial of Service Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and a denial-of-service vulnerability exists in Oracle MySQL Server. An attacker can use this vulnerability to cause MySQL Server to hang or crash...

2.2AI score0.01135EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/07/20 12:0 a.m.•29 views

Apache SkyWalking Denial of Service Vulnerability

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...

7.5CVSS7.3AI score0.01595EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/19 12:0 a.m.•29 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54743)

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. Pexip Infinity is vulnerable to an input validation error that could be exploited by attackers to trigger a software abort, resulting in a...

7.5CVSS4AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/19 12:0 a.m.•29 views

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-55646)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to cause a read to exceed the en...

5.5CVSS6.3AI score0.00354EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/19 12:0 a.m.•29 views

WordPress plugin WP User Manager Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS7.5AI score0.0083EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/19 12:0 a.m.•29 views

Pexip Infinity Resource Management Error Vulnerability

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity is vulnerable to a resource management error that could be exploited by attackers to cause the system to consume excessive...

7.5CVSS3AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/18 12:0 a.m.•29 views

H3C SSL VPN Cross-Site Scripting Vulnerability

H3C SSL VPN is a secure session layer VPN from China's Xinhua San H3C. A cross-site scripting vulnerability exists in H3C SSL VPN 2022-07-10 and prior versions, which can be exploited by remote attackers to allow wnm/login/login.json svpnlang cross-site scripting attacks...

6.1CVSS6AI score0.02582EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•29 views

Projectworlds Online Hotel Booking System SQL Injection Vulnerability (CNVD-2022-58410)

Projectworlds Online Hotel Booking System is a hotel online booking system from Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Hotel Booking System version 1.0. The vulnerability stems from a lack of validation of the roomname parameter against an externally entered S...

7.2CVSS7.2AI score0.00666EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/15 12:0 a.m.•29 views

HUAWEI HarmonyOS Denial of Service Vulnerability (CNVD-2022-53576)

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS AI business component, which stems from hiaiserver not doing strict legitimacy...

7.5CVSS7.4AI score0.0063EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/13 12:0 a.m.•29 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56593)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

4.9CVSS3.7AI score0.01705EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/13 12:0 a.m.•29 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57200)

Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery has an elevation of privilege vulnerability that could be exploited by an attacker to gain elevated privileges on the system...

5.5CVSS3.6AI score0.01475EPSS
Exploits0
CNVD
CNVD
•added 2022/07/13 12:0 a.m.•29 views

WordPress plugin User Login Log cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS5.2AI score0.00794EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/11 12:0 a.m.•29 views

Google Android Information Disclosure Vulnerability (CNVD-2022-61748)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a lack of The vulnerability is caused by a lack of permission checking in the getSubscriptionProperty of SubscriptionController.java. An...

5.5CVSS1.5AI score0.00094EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•29 views

Huawei HarmonyOS null pointer vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. Huawei HarmonyOS contains a security vulnerability that could be exploited by attackers to compromise device availability...

7.8CVSS3.3AI score0.00607EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/08 12:0 a.m.•29 views

Multiple MediaTek Chip WLAN Driver Input Validation Error Vulnerability

MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...

6.7CVSS6.4AI score0.00106EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/06 12:0 a.m.•29 views

Cybozu Garoon Input Validation Error Vulnerability (CNVD-2022-69531)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, E-mail, bookmark, scheduler, bulletin board, document management, etc. An input validation error vulnerability exists in the Space component of Cybozu Garoon versions 4.0.0 to 5.5.1. An authenticated...

6.5CVSS3.3AI score0.00996EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/06 12:0 a.m.•29 views

Vim Resource Management Error Vulnerability (CNVD-2022-68093)

Vim is a cross-platform text editor. versions prior to Vim 9.0 are vulnerable to a resource management error that stems from the existence of post-release reuse. An attacker could exploit the vulnerability to potentially cause program crashes, arbitrary code execution, etc...

7.8CVSS6.1AI score0.01264EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/05 12:0 a.m.•29 views

TOTOLINK T6 FUN_00413f80 Function Stack Overflow Vulnerability

TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK. version V4.1.9cu.5179B20201015 of TOTOLINK T6 suffers from a buffer overflow vulnerability, which stems from the password parameter in the FUN00413f80 function not checking its length for input data. A remote attacke...

7.5CVSS5.6AI score0.01067EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/04 12:0 a.m.•29 views

Wordpress Plugin swfupload object injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Wordpress Plugin swfupload...

9.8CVSS9.7AI score0.00959EPSS
Exploits2References1
CNVD
CNVD
•added 2022/07/04 12:0 a.m.•29 views

Jenkins Plugin GitLab Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

3.5CVSS1AI score0.7236EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/07/01 12:0 a.m.•29 views

Huawei MindSpore Community numeric error vulnerability

Huawei MindSpore Community is an open source deep learning framework from Huawei China.A numerical error vulnerability exists in versions prior to Huawei MindSpore Community 1.3.0, which stems from the fact that when performing the initialization operation of the Split operator, if a dimension in...

7.5CVSS0.9AI score0.0083EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/01 12:0 a.m.•29 views

TrueConf Server Cross-Site Scripting Vulnerability (CNVD-2022-53539)

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server contains a cross-site scripting vulnerability that can be exploited by remote attackers to perform basic cross-site scripting DOM attacks...

5.4CVSS3.5AI score0.00577EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/01 12:0 a.m.•29 views

TrueConf Server Cross-Site Scripting Vulnerability

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary HTML and script code in the user's browser...

5.4CVSS3.9AI score0.00577EPSS
Exploits1References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•29 views

Library Management System File Upload Vulnerability

Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System is vulnerable to file uploads due to a lack of validation of uploaded files in the parameter image in the file /card/index.php. The...

6.5CVSS3.2AI score0.00934EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•29 views

Schneider Electric Geo SCADA Mobile Information Disclosure Vulnerability

Schneider Electric Geo SCADA Mobile is a mobile extension from Schneider Electric, a French company. It provides real-time remote access to critical SCADA data, allowing system users to monitor performance while "on the go," increasing employee productivity and improving overall system performanc...

7.8CVSS2AI score0.00408EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•29 views

GLPI SQL Injection Vulnerability (CNVD-2022-58234)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, telephones, and even toner...

9.8CVSS9.8AI score0.00942EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•29 views

WordPress Icegram plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. icegram is a subscription plugin used in it. WordPress plugin is an...

5.4CVSS2.3AI score0.00558EPSS
Exploits2References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•29 views

Vim Denial of Service Vulnerability (CNVD-2022-60677)

Vim is a cross-platform text editor. a denial-of-service vulnerability exists in versions of Vim prior to 8.2, which stems from the presence of a NULL pointer dereference in the program. An attacker could exploit this vulnerability to cause a denial of service attack...

7.8CVSS4.6AI score0.01226EPSS
Exploits1References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•29 views

Vim Buffer Overflow Vulnerability (CNVD-2022-68096)

Vim is a cross-platform text editor. buffer overflow vulnerability exists in versions of Vim prior to 8.2, which stems from a boundary error in the msgouttransattr function when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS6.4AI score0.013EPSS
Exploits1References1
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•29 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06510)

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a resource management error, which is caused by a confusion in the program's instructions for freeing memory. An attacker could exploit the vulnerability to cause the program to crash,...

9.8CVSS3.2AI score0.01064EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/28 12:0 a.m.•29 views

BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-62183)

BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A cross-site scripting vulnerability exists in BigBlueButton v2.4.7 and earlier versions, which stems from a lack of checksum filtering of user-supplied and output data in the chat feature. An attacker can...

5.4CVSS5.1AI score0.00418EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/28 12:0 a.m.•29 views

MELAG FTP Server authorization issue vulnerability

MELAG FTP Server, an FTP server from MELAG Germany, is vulnerable to an authorization issue in MELAG FTP Server version 2.2.0.4, which stems from improper file permission management and could be exploited to cause the "Everyone" group to read local FTP configuration file, which includes informati...

7.1CVSS2.5AI score0.00321EPSS
Exploits1References1
CNVD
CNVD
•added 2022/06/28 12:0 a.m.•29 views

IBM CICS TX Standard and Advanced Operating System Command Injection Vulnerability

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard and Advanced is vulnerable to operating system command injection, which can be exploited by...

10CVSS4.3AI score0.04659EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/27 12:0 a.m.•29 views

Jfinal CMS SQL Injection Vulnerability (CNVD-2022-58382)

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS version v5.1.0 has a SQL injection vulnerability that originates from...

7.2CVSS7.2AI score0.00911EPSS
Exploits1References1
CNVD
CNVD
•added 2022/06/24 12:0 a.m.•29 views

Google Android Information Disclosure Vulnerability* (CNVD-2022-53378)

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android Kernel is vulnerable to an information disclosure vulnerability that could be exploited by attackers to cause local information disclosure without additional execution privileges...

4.6CVSS4.9AI score0.00361EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/23 12:0 a.m.•29 views

NUUO Network Video Recorder Cross-Site Scripting Vulnerability

NUUO Network Video Recorder is a network video recorder from NUUO in Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo v03.06.02, which can be exploited by an attacker to execute JavaScript code on the client side...

6.1CVSS6AI score0.01495EPSS
Exploits1References1
Total number of security vulnerabilities5000