Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/05/17 12:0 a.m.•28 views

IBM Spectrum Virtualize Information Disclosure Vulnerability (CNVD-2023-40603)

IBM Spectrum Virtualize is a block storage virtualization system from International Business Machines IBM, Inc. that increases the data value, security and simplicity of new and existing storage infrastructures. An information disclosure vulnerability exists in IBM Spectrum Virtualize version 8.5...

7.5CVSS5.8AI score0.00651EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/15 12:0 a.m.•28 views

Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability (CNVD-2023-44291)

Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view and modify sensitive data or...

6.5CVSS6.1AI score0.0062EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/13 12:0 a.m.•28 views

Lost and Found Information System index.php File SQL Injection Vulnerability

Lost and Found Information System is a lost and found information system. A SQL injection vulnerability exists in Lost and Found Information System v1.0, which originates from the parameter cid in the file items/index.php that lacks validation of externally entered SQL statements. An attacker can...

9.8CVSS8.1AI score0.00726EPSS
Exploits1References1
CNVD
CNVD
•added 2023/05/08 12:0 a.m.•28 views

Apache CouchDB Information Disclosure Vulnerability

Apache CouchDB is the United States Apache Apache Foundation's use of Erlang development of a document-oriented database system. An information disclosure vulnerability exists in Apache CouchDB, which stems from the fact that design documents with matching document IDs from databases on the same...

5.3CVSS6.2AI score0.01429EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/21 12:0 a.m.•28 views

Schneider Electric StruxureWare Data Center Expert Access Control Error Vulnerability (CNVD-2023-37593)

Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An access control error vulnerability...

8.8CVSS7.6AI score0.00549EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/20 12:0 a.m.•28 views

Google Chrome Buffer Overflow Vulnerability (CNVD-2023-43887)

Google Chrome is a web browser from Google, and Skia is an open source 2D graphics library that provides common APIs that work on a variety of hardware and software platforms. A buffer overflow vulnerability exists in Skia in versions of Google Chrome prior to 112.0.5615.137. An attacker could...

9.6CVSS9.5AI score0.05786EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/20 12:0 a.m.•28 views

Arbitrary File Download Vulnerability in Human Resources Information Management System of Beijing Hongjing Century Software Co.

Beijing Hongjing Century Software Co., Ltd. is a company that focuses on the research and development and application promotion of human resources and talent management digital intelligence digitalization and intelligence products for state-owned enterprises and institutions, and is the leader of...

6.6AI score
Exploits0
CNVD
CNVD
•added 2023/04/07 12:0 a.m.•28 views

Google Chrome navigation security bypass vulnerability (CNVD-2023-67085)

Google Chrome is a web browser from Google, an American company. Google Chrome navigation security bypass vulnerability, which stems from an incorrect security UI in Navigation. An attacker can exploit this vulnerability to bypass security restrictions...

6.5CVSS6.7AI score0.0092EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/31 12:0 a.m.•28 views

D-Link DIR-3040 Buffer Overflow Vulnerability

D-Link DIR-3040 is a router from China Youxun D-Link Inc. The D-Link DIR-3040 is vulnerable to a buffer overflow vulnerability caused by a failure to properly boundary check the MiniDLNA service. An attacker could exploit this vulnerability to execute arbitrary code on the system...

8.8CVSS9.1AI score0.00923EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/31 12:0 a.m.•28 views

Apache Archiva Cross-Site Scripting Vulnerability (CNVD-2023-23556)

Apache Archiva is a suite of software from the Apache Foundation for managing one or more remote stores. A cross-site scripting vulnerability exists in versions of Apache Archiva prior to 2.0 to 2.2.10. The vulnerability creates directory names that lack effective filtering and escaping of...

6.5CVSS5.4AI score0.01162EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/29 12:0 a.m.•28 views

Delta Electronics InfraSuite Device Master Path Traversal Vulnerability (CNVD-2023-23884)

Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. A path traversal vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.5, which can be exploited by an attacker to read local...

8.8CVSS7.6AI score0.00659EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/28 12:0 a.m.•28 views

Google Pixel bta_av_co.cc file buffer overflow vulnerability

Google Pixel is a smartphone from Google, Inc. A buffer overflow vulnerability exists in Google Pixel, which stems from a boundary error in the processing of data in BtaAvCo::GetNextSourceDataPacket in btaavco.cc, and could be exploited by an attacker to cause information disclosure...

5.5CVSS5.4AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•28 views

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2023-20082)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as customizable UI, report management and streamlined audit process building.IBM Security Guardium Key Lifecycle Manager is...

6.2CVSS5.7AI score0.00166EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/23 12:0 a.m.•28 views

NETGEAR RBR750 dev_name Parameter Command Injection Vulnerability

The NETGEAR RBR750 is a home WiFi system from NETGEAR. The NETGEAR RBR750 version 4.6.8.5 suffers from a command injection vulnerability that stems from the devname parameter failing to properly filter constructed command special characters, commands, and so on. An attacker could exploit this...

9.1CVSS7.6AI score0.02828EPSS
Exploits1References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-25106)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

7.8CVSS7.5AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Dimension out-of-bounds write vulnerability (CNVD-2023-21650)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.8AI score0.0032EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-45900)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-21654)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

7.8CVSS7.5AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Substance 3D Stager out-of-bounds write vulnerability (CNVD-2023-43893)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.6AI score0.00291EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-21653)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.9AI score0.00437EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•28 views

Siemens Tecnomatix Plant Simulation Memory Corruption Vulnerability

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A memory corruption vulnerability exists in versions...

7.8CVSS7.8AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•28 views

Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2023-17527)

Google Chrome is a web browser from Google, Inc. A type obfuscation vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a type obfuscation issue in V8. An attacker could use this vulnerability to cause heap corruption via specially crafted HTML pages...

8.8CVSS2.9AI score0.00668EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•28 views

Google Chrome DevTools Resource Management Error Vulnerability (CNVD-2023-17525)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a confusion in the DevTools component's instructions for freeing memory. A remote attacker could exploit the vulnerability to cause heap corruption v...

8.8CVSS2.4AI score0.00541EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/01 12:0 a.m.•28 views

Dell PowerPath Management Appliance Licensing Issue Vulnerability

Dell PowerPath Management Appliance is a PowerPath host management application from Dell USA that offers two models: a virtual machine-based appliance and a Docker containerized appliance. dell PowerPath Management Appliance Licensing Issues Vulnerability. An attacker could use this vulnerability...

8.8CVSS3.7AI score0.00794EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/21 12:0 a.m.•28 views

IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2023-11693)

IBM QRadar SIEM is a solution from IBM that leverages security intelligence to protect assets and information from advanced threats. IBM QRadar SIEM versions 7.4 and 7.5 contain an information disclosure vulnerability that originates when a non-tenant user assigned a domain-specific security...

7.5CVSS2.3AI score0.00388EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•28 views

Adobe Animate Memory Misreference Vulnerability

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a memory misreference vulnerability that originates from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to...

7.8CVSS7.8AI score0.00365EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•28 views

IBM WebSphere Application Server encryption problem vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server versions 8.5 and 9.0 ha...

7.5CVSS2.2AI score0.00531EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•28 views

Huawei HarmonyO SHwContacts module logic bypass vulnerability

Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyO SHwContacts module is vulnerable to a logical bypass vulnerability that could be exploited by attackers to compromise data integrity...

7.5CVSS3.3AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•28 views

D-Link DIR-825 Buffer Overflow Vulnerability (CNVD-2023-21665)

D-Link DIR-825 is a router from D-Link, a Chinese company. D-Link DIR-825 v1.33.0.44ebdd4-embedded and previous versions are vulnerable to a buffer overflow vulnerability, which is caused by a boundary error when handling untrusted input, and can be exploited to execute arbitrary code against the...

9.8CVSS9.8AI score0.01174EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/06 12:0 a.m.•28 views

Schneider Electric SoMachine HVAC Buffer Overflow Vulnerability

Schneider Electric SoMachine HVAC is a suite of programming software dedicated to Schneider Electric logic controllers from the French company Schneider Electric Schneider Electric. A buffer overflow vulnerability exists in Schneider Electric SoMachine HVAC, which can be exploited by a remote...

7.5CVSS7.1AI score0.00422EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•28 views

Siretta QUARTZ-GOLD Directory Traversal Vulnerability

Siretta QUARTZ-GOLD is an industrial router with multiple features and services.A directory traversal vulnerability exists in Siretta QUARTZ-GOLD, which can be exploited by attackers to cause arbitrary file deletion by sending specially crafted network packets...

8.2CVSS4.5AI score0.01878EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•28 views

F5 BIG-IP Edge Client for Windows Command Execution Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A command execution vulnerability exists in F5 BIG-IP Edge Client for Windows, which can be exploited by attackers to execute...

6.5CVSS6.6AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/18 12:0 a.m.•28 views

Oracle VM VirtualBox has an unspecified vulnerability (CNVD-2023-05477)

A security vulnerability exists in Oracle VM VirtualBox, a virtual machine management software from Oracle Corporation. A low privilege attacker can compromise Oracle VM VirtualBox by logging into the infrastructure where Oracle VM VirtualBox is executing...

3.8CVSS4.3AI score0.0033EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•28 views

Unspecified Vulnerability in Siemens S7-1500 CPU devices

SIMATIC drive controllers are designed for the automation of production machines, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.The SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global...

6.8CVSS6AI score0.00293EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•28 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85905)

Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...

7.8CVSS8.2AI score0.00723EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•28 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04319)

Microsoft 3D Builder is a tool for creating models and 3D printing from Microsoft USA. a security vulnerability exists in Microsoft 3D Builder. No details of the vulnerability are currently available...

7.8CVSS2.7AI score0.00939EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•28 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04321)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00929EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•28 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04329)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00939EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/11 12:0 a.m.•28 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2023-05238)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

6.1CVSS5.9AI score0.00392EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•28 views

Tenda A15 ssid parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 ssid parameter, which stems from a lack of length checking of input data in the ssid parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the system...

9.8CVSS6.1AI score0.00873EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/30 12:0 a.m.•28 views

Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...

6.5CVSS2.5AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/29 12:0 a.m.•28 views

FlatPress Cross-Site Scripting Vulnerability (CNVD-2023-06527)

FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...

6.1CVSS1.6AI score0.00518EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/26 12:0 a.m.•28 views

Ghost Information Disclosure Vulnerability

Ghost is the Singapore Ghost Foundation a set of open source headless content management system written in JavaScript . Ghost has a security vulnerability that can be exploited by remote attackers to submit special requests and obtain sensitive information...

5.3CVSS5.2AI score0.20196EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/26 12:0 a.m.•28 views

phpRedisAdmin Cross-Site Request Forgery Vulnerability

phpRedisAdmin is an individual developer's web administration page for managing Redis. A security vulnerability exists in phpRedisAdmin versions prior to 1.17.3 that originates from an unknown section and manipulates to cause cross-site request forgery. No details of the vulnerability are availab...

8.8CVSS8.6AI score0.00351EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/23 12:0 a.m.•28 views

OpenImageIO Code Execution Vulnerability (CNVD-2023-01793)

A code execution vulnerability exists in the IFFOutput::close function of OpenImageIO v2.4.4.2, an image read/write library that also provides tools and applications. An attacker could use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object when the "ymax...

8.1CVSS2.6AI score0.01922EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/23 12:0 a.m.•28 views

Google Pixel buffer overflow vulnerability (CNVD-2023-01493)

The Google Pixel is a smartphone from Google, Inc. The vulnerability can be exploited by attackers to execute unauthorized commands, which can gain system privileges and then perform various illegal operations...

6.7CVSS6.4AI score0.00097EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/21 12:0 a.m.•28 views

Google Android elevation of privilege vulnerability (CNVD-2023-07675)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

7CVSS6.8AI score0.00071EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/19 12:0 a.m.•28 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-91159)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.5AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•28 views

ZTE ZXHN-H108NS Stack Buffer Overflow Vulnerability

The ZTE ZXHN-H108NS is a wireless router from China's ZTE Corporation ZTE. The ZTE ZXHN-H108NS suffers from a stack buffer overflow vulnerability that can be exploited by remote attackers to cause the device to crash...

7.5CVSS7.7AI score0.11483EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/12 12:0 a.m.•28 views

Tenda W6-S Stack Overflow Vulnerability

Tenda W6-S is a router from Tenda, a Chinese company. Tenda W6-S is vulnerable to a stack overflow vulnerability that can be exploited by attackers to cause a denial of service...

7.5CVSS7.3AI score0.00859EPSS
Exploits1References1
Total number of security vulnerabilities5000