Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-25106)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

7.8CVSS7.5AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Dimension out-of-bounds write vulnerability (CNVD-2023-21650)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.8AI score0.0032EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-45900)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-21654)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

7.8CVSS7.5AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Substance 3D Stager out-of-bounds write vulnerability (CNVD-2023-43893)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.6AI score0.00291EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/17 12:0 a.m.•28 views

Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-21653)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.9AI score0.00437EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•28 views

Siemens Tecnomatix Plant Simulation Memory Corruption Vulnerability

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A memory corruption vulnerability exists in versions...

7.8CVSS7.8AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•28 views

Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2023-17527)

Google Chrome is a web browser from Google, Inc. A type obfuscation vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a type obfuscation issue in V8. An attacker could use this vulnerability to cause heap corruption via specially crafted HTML pages...

8.8CVSS2.9AI score0.00668EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•28 views

Google Chrome DevTools Resource Management Error Vulnerability (CNVD-2023-17525)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a confusion in the DevTools component's instructions for freeing memory. A remote attacker could exploit the vulnerability to cause heap corruption v...

8.8CVSS2.4AI score0.00541EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/01 12:0 a.m.•28 views

Dell PowerPath Management Appliance Licensing Issue Vulnerability

Dell PowerPath Management Appliance is a PowerPath host management application from Dell USA that offers two models: a virtual machine-based appliance and a Docker containerized appliance. dell PowerPath Management Appliance Licensing Issues Vulnerability. An attacker could use this vulnerability...

8.8CVSS3.7AI score0.00794EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/21 12:0 a.m.•28 views

IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2023-11693)

IBM QRadar SIEM is a solution from IBM that leverages security intelligence to protect assets and information from advanced threats. IBM QRadar SIEM versions 7.4 and 7.5 contain an information disclosure vulnerability that originates when a non-tenant user assigned a domain-specific security...

7.5CVSS2.3AI score0.00388EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•28 views

Adobe Animate Memory Misreference Vulnerability

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a memory misreference vulnerability that originates from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to...

7.8CVSS7.8AI score0.00365EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/09 12:0 a.m.•28 views

IBM WebSphere Application Server encryption problem vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server versions 8.5 and 9.0 ha...

7.5CVSS2.2AI score0.00531EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/08 12:0 a.m.•28 views

Huawei HarmonyO SHwContacts module logic bypass vulnerability

Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyO SHwContacts module is vulnerable to a logical bypass vulnerability that could be exploited by attackers to compromise data integrity...

7.5CVSS3.3AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/07 12:0 a.m.•28 views

D-Link DIR-825 Buffer Overflow Vulnerability (CNVD-2023-21665)

D-Link DIR-825 is a router from D-Link, a Chinese company. D-Link DIR-825 v1.33.0.44ebdd4-embedded and previous versions are vulnerable to a buffer overflow vulnerability, which is caused by a boundary error when handling untrusted input, and can be exploited to execute arbitrary code against the...

9.8CVSS9.8AI score0.01174EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/06 12:0 a.m.•28 views

Schneider Electric SoMachine HVAC Buffer Overflow Vulnerability

Schneider Electric SoMachine HVAC is a suite of programming software dedicated to Schneider Electric logic controllers from the French company Schneider Electric Schneider Electric. A buffer overflow vulnerability exists in Schneider Electric SoMachine HVAC, which can be exploited by a remote...

7.5CVSS7.1AI score0.00422EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•28 views

Siretta QUARTZ-GOLD Directory Traversal Vulnerability

Siretta QUARTZ-GOLD is an industrial router with multiple features and services.A directory traversal vulnerability exists in Siretta QUARTZ-GOLD, which can be exploited by attackers to cause arbitrary file deletion by sending specially crafted network packets...

8.2CVSS4.5AI score0.01878EPSS
Exploits1References1
CNVD
CNVD
•added 2023/02/01 12:0 a.m.•28 views

F5 BIG-IP Edge Client for Windows Command Execution Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A command execution vulnerability exists in F5 BIG-IP Edge Client for Windows, which can be exploited by attackers to execute...

6.5CVSS6.6AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/18 12:0 a.m.•28 views

Oracle VM VirtualBox has an unspecified vulnerability (CNVD-2023-05477)

A security vulnerability exists in Oracle VM VirtualBox, a virtual machine management software from Oracle Corporation. A low privilege attacker can compromise Oracle VM VirtualBox by logging into the infrastructure where Oracle VM VirtualBox is executing...

3.8CVSS4.3AI score0.0033EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•28 views

Unspecified Vulnerability in Siemens S7-1500 CPU devices

SIMATIC drive controllers are designed for the automation of production machines, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.The SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global...

6.8CVSS6AI score0.00293EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•28 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85905)

Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...

7.8CVSS8.2AI score0.00723EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•28 views

Siemens Automation License Manager Path Traversal Vulnerability

The Automation License Manager ALM centrally manages license keys for various Siemens software products. Software products that require a license key automatically report this requirement to ALM. When ALM finds a valid license key for the software, the software can be used according to the end-us...

9.8CVSS9.4AI score0.01543EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•28 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04319)

Microsoft 3D Builder is a tool for creating models and 3D printing from Microsoft USA. a security vulnerability exists in Microsoft 3D Builder. No details of the vulnerability are currently available...

7.8CVSS2.7AI score0.00939EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•28 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04321)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00929EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•28 views

Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04329)

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00939EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/11 12:0 a.m.•28 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2023-05238)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

6.1CVSS5.9AI score0.00392EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/04 12:0 a.m.•28 views

Tenda A15 ssid parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 ssid parameter, which stems from a lack of length checking of input data in the ssid parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the system...

9.8CVSS6.1AI score0.00873EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/30 12:0 a.m.•28 views

Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...

6.5CVSS2.5AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/29 12:0 a.m.•28 views

FlatPress Cross-Site Scripting Vulnerability (CNVD-2023-06527)

FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...

6.1CVSS1.6AI score0.00518EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/26 12:0 a.m.•28 views

Ghost Information Disclosure Vulnerability

Ghost is the Singapore Ghost Foundation a set of open source headless content management system written in JavaScript . Ghost has a security vulnerability that can be exploited by remote attackers to submit special requests and obtain sensitive information...

5.3CVSS5.2AI score0.20196EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/26 12:0 a.m.•28 views

phpRedisAdmin Cross-Site Request Forgery Vulnerability

phpRedisAdmin is an individual developer's web administration page for managing Redis. A security vulnerability exists in phpRedisAdmin versions prior to 1.17.3 that originates from an unknown section and manipulates to cause cross-site request forgery. No details of the vulnerability are availab...

8.8CVSS8.6AI score0.00351EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/23 12:0 a.m.•28 views

OpenImageIO Code Execution Vulnerability (CNVD-2023-01793)

A code execution vulnerability exists in the IFFOutput::close function of OpenImageIO v2.4.4.2, an image read/write library that also provides tools and applications. An attacker could use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object when the "ymax...

8.1CVSS2.6AI score0.01922EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/23 12:0 a.m.•28 views

Google Pixel buffer overflow vulnerability (CNVD-2023-01493)

The Google Pixel is a smartphone from Google, Inc. The vulnerability can be exploited by attackers to execute unauthorized commands, which can gain system privileges and then perform various illegal operations...

6.7CVSS6.4AI score0.00097EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/21 12:0 a.m.•28 views

Google Android elevation of privilege vulnerability (CNVD-2023-07675)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

7CVSS6.8AI score0.00071EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/19 12:0 a.m.•28 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-91159)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.5AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/14 12:0 a.m.•28 views

ZTE ZXHN-H108NS Stack Buffer Overflow Vulnerability

The ZTE ZXHN-H108NS is a wireless router from China's ZTE Corporation ZTE. The ZTE ZXHN-H108NS suffers from a stack buffer overflow vulnerability that can be exploited by remote attackers to cause the device to crash...

7.5CVSS7.7AI score0.11483EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/12 12:0 a.m.•28 views

Tenda W6-S Stack Overflow Vulnerability

Tenda W6-S is a router from Tenda, a Chinese company. Tenda W6-S is vulnerable to a stack overflow vulnerability that can be exploited by attackers to cause a denial of service...

7.5CVSS7.3AI score0.00859EPSS
Exploits1References1
CNVD
CNVD
•added 2022/12/12 12:0 a.m.•28 views

Tenda W6-S Denial of Service Vulnerability

Tenda W6-S is a router from Tenda, China.A denial of service vulnerability exists in Tenda W6-S, which can be exploited by attackers to reboot the device and cause a denial of service...

7.5CVSS7.2AI score0.00833EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•28 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-08261)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from inadequate validation of untrusted input in downloads. An attacker could exploit this vulnerability to bypass security restrictions...

4.3CVSS2.9AI score0.00437EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•28 views

VMware Tools for Windows Denial of Service Vulnerability

VMware Tools for Windows 10.0.0 and later, but prior to version 12.1.5, contain a denial of service vulnerability. A denial of service vulnerability exists in the VM3DMP driver, which is caused by improper input validation in the VM3DMP driver and can be exploited by an attacker with local user...

6.1CVSS5.5AI score0.00409EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/30 12:0 a.m.•28 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-08260)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which is caused by insufficient policy enforcement in DevTools. An attacker could exploit this vulnerability to bypass security restrictions...

6.5CVSS3AI score0.00623EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/29 12:0 a.m.•28 views

Unspecified Vulnerability in Epson TM-C3500 and TM-C7500

The Epson TM-C3500 and Epson TM-C7500 are both printers from the Japanese company Epson. A security vulnerability exists in Epson TM-C3500 and TM-C7500 firmware version WAM31500, which can be exploited by an attacker to bypass authentication...

9.1CVSS9.2AI score0.00681EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•28 views

Apartment Visitor Management System SQL Injection Vulnerability

Apartment Visitor Management System is an Apartment Visitor Management System by Carlo Montero Personal Developer. Apartment Visitor Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validity filtering of special characters in /avms/index.php,...

9.8CVSS9.5AI score0.00752EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•28 views

ARM Mali GPU Driver Competitive Conditions Vulnerability

ARM Mali GPU Driver is an email driver from ARM UK. A competitive condition vulnerability exists in ARM Mali GPU Driver version 2022-06-29 and earlier, which stems from TOCTOU having a competitive condition that allows an unprivileged user to perform an incorrect GPU processing operation to acces...

7.5CVSS7.4AI score0.00535EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•28 views

Digital Alert Systems DASDEC EAS Cross-Site Scripting Vulnerability

Digital Alert Systems DASDEC EAS is a digital alert system from Digital Alert Systems in the United States. A cross-site scripting vulnerability exists in all current versions of Digital Alert Systems DASDEC, which stems from a lack of effective filtering and escaping of user-supplied data on an...

5.4CVSS5.1AI score0.00341EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/25 12:0 a.m.•28 views

GE CIMPLICITY HMI/SCADA Software Buffer Overflow Vulnerability

GE CIMPLICITY HMI/SCADA Software is an automated industrial platform from General Electric GE. It provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. A buffer overflow...

7.8CVSS7.8AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•28 views

AeroCMS SQL Injection Vulnerability

AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the edit parameter of its admincategories.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed...

4.9CVSS3.2AI score0.00775EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•28 views

Fusiondirectory Cross-Site Scripting Vulnerability

FusionDIrectory is a FusionDIrectory open source application. Used to ensure that the user's identity management security. A cross-site scripting vulnerability exists in Fusiondirectory version 1.3. The vulnerability stems from a lack of effective filtering and escaping of user-supplied data, whi...

9.6CVSS8.7AI score0.01041EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•28 views

ZTE MF286R Buffer Overflow Vulnerability

The ZTE MF286R is a wireless router from ZTE Corporation China.A buffer overflow vulnerability previously existed in the ZTE MF286R mf286rb07 version, which stems from the lack of input validation of the wifi interface parameters and can be exploited by attackers to conduct denial of service...

6.5CVSS6.1AI score0.00605EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•28 views

Karmasis Infraskope Agent Access Control Error Vulnerability

Karmasis Infraskope Agent is an application logger from Karmasis. An Access Control Error vulnerability exists in Karmasis Infraskope Agent versions prior to 7.10.00, which stems from improper access control in the application and can be exploited by an attacker to corrupt the page listing the...

7.5CVSS6.4AI score0.00568EPSS
Exploits0References1
Total number of security vulnerabilities5000