Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2018/04/25 12:0 a.m.29 views

WordPress Web-Dorado Instagram Feed WD plugin cross-site scripting vulnerability (CNVD-2018-08291)

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Web-Dorado Instagram Feed WD plugin is a social media content sharing plugin used in ... A cross-site scripting...

6.1CVSS5.9AI score0.00957EPSS
Exploits2References1
CNVD
CNVD
added 2018/03/14 12:0 a.m.29 views

Microsoft SharePoint Remote Elevation of Privilege Vulnerability (CNVD-2018-07006)

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 are both products of Microsoft Corporation, U.S.A. Microsoft Project Server is a suite of Project Portfolio Management PPM and day to day Microsoft Project Server is a project management solution for project portfolio...

8.8CVSS7.3AI score0.04708EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/02 12:0 a.m.29 views

FTPShell client denial of service vulnerability

FTPShell client is a set of windows-based file transfer program. A security vulnerability exists in FTPShell Client version 6.7. A remote attacker can cause a denial of service crash and execute arbitrary code by sending 400 'F' characters and FTP 220 response code to exploit the vulnerability...

10CVSS7.7AI score0.69692EPSS
Exploits9References1
CNVD
CNVD
added 2018/01/30 12:0 a.m.29 views

Monstra CMS Arbitrary PHP Code Execution Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A security vulnerability exists in Monstra CMS 3.0.4 and earlier versions, which stems from the fact that .ph...

8.8CVSS7.7AI score0.13585EPSS
Exploits4References1
CNVD
CNVD
added 2018/01/29 12:0 a.m.29 views

Memory Misreference Vulnerability in libming 'decompileIF' Function

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A memory misreference vulnerability exists in the 'decompileIF' function in the util/decompile.c file in libming 0.4.8 and earlier versions. A...

8.8CVSS6.7AI score0.0242EPSS
Exploits1References1
CNVD
CNVD
added 2017/11/03 12:0 a.m.29 views

WordPress ultimate-form-builder-lite plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . ultimate-form-builder-lite plugin is one of the contact form builder plugin . A SQL injection vulnerability exists ...

9.8CVSS7.8AI score0.02482EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/30 12:0 a.m.29 views

Fortinet FortiOS Denial of Service Vulnerability (CNVD-2017-35607)

FortiOS is an intuitive operating system that lets you control all security and networking features of all FortiGates throughout your network. A denial of service vulnerability exists in Fortinet FortiOS. A remote authenticated user can cause the target web interface to be temporarily unavailable...

6.5CVSS6.7AI score0.01745EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/11 12:0 a.m.29 views

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2017-30355)

Microsoft Windows Server 2016 and others are operating systems released by Microsoft USA. kernel is one of the kernels. An information disclosure vulnerability exists in kernel in Microsoft Windows, which stems from a program's failure to properly initialize objects in memory. An attacker can...

4.7CVSS6.2AI score0.02091EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/13 12:0 a.m.29 views

Microsoft Office Memory Corruption Vulnerability (CNVD-2017-27433)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A memory corruption vulnerability exists in Microsoft Office where a remote program fails to properly hand...

9.3CVSS7.9AI score0.16358EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/09 12:0 a.m.29 views

Microsoft Edge Information Disclosure Vulnerability (CNVD-2017-23795)

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation USA. The former is an operating system for personal computers and the latter is a server operating system.Edge is one of the web browsers that comes with the system. Edge in Microsoft Windows suffers from an...

4.3CVSS5.9AI score0.15118EPSS
Exploits3References1
CNVD
CNVD
added 2017/07/28 12:0 a.m.29 views

LAME Denial of Service Vulnerability (CNVD-2017-20146)

LAME is LAME team developed a set of open source MP3 audio compression software . A security vulnerability exists in the 'fillbufferresample' function in the libmp3lame/util.c file in LAME version 3.99.5. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer...

6.9AI score
Exploits3References1
CNVD
CNVD
added 2017/07/25 12:0 a.m.29 views

Synology DiskStation Manager (DSM) Information Disclosure Vulnerability

Synology DiskStation Manager is an operating system for use on networked storage servers NAS. A security vulnerability in Synology DiskStation Manager forgetpasswd.cgi allows remote attackers to submit a special request to enumerate valid usernames...

5.3CVSS5.6AI score0.75016EPSS
Exploits6References1
CNVD
CNVD
added 2017/07/10 12:0 a.m.29 views

Charamin OMP Untrustworthy Search Path Vulnerability

Charamin OMP is a media player that automatically generates dance animations by analyzing music files. An untrustworthy search path vulnerability exists in Charamin OMP versions 1.1.7.4 and earlier and 1.2.0.0 Beta and earlier. An attacker can exploit this vulnerability to gain privileges with th...

7.8CVSS7.1AI score0.00909EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/29 12:0 a.m.29 views

swagger-ui cross-site scripting vulnerability (CNVD-2017-16019)

swagger-ui is a set of API online documentation generation and testing tools . A cross-site scripting vulnerability exists in versions of swagger-ui prior to 2.2.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/29 12:0 a.m.29 views

Red Hat Enterprise Linux SerializableProvider Code Execution Vulnerability

Red Hat Enterprise Linux is a Linux operating system for business users. A security vulnerability exists in the Red Hat Enterprise Linux SerializableProvider component that allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary code...

9.8CVSS7.5AI score0.04847EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/21 12:0 a.m.29 views

Artifex Software Ghostscript Artifex jbig2dec 'jbig2_build_huffman_table' function integer overflow vulnerability

Artifex Software Ghostscript is a U.S. Artifex Software, Inc. of an open source PostScript parser , it can display Postscript files as well as non-Postscript printers to print Postscript files . Artifex jbig2dec is a Ghostscript and MuPDF for decoding PDF files in the JBIG2 stream implementation...

7.8CVSS8.1AI score0.01672EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/23 12:0 a.m.29 views

WavPack Local Denial of Service Vulnerability (CNVD-2017-02352)

WavPack is an open source, free audio lossless compression software. A local denial of service vulnerability exists in WavPack version 5.0.0. An attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information...

5.5CVSS5.5AI score0.02123EPSS
Exploits1References1
CNVD
CNVD
added 2017/02/10 12:0 a.m.29 views

libgd 'gdImageCreate()' function denial of service vulnerability

libGD also known as GD Graphics Library or libgd2 is an American software developer Thomas Boutell developed an open source for the dynamic creation of images library, which supports the creation of charts, graphs and thumbnails and so on. A denial of service vulnerability exists in the libgd...

7.1CVSS6.8AI score0.03581EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/14 12:0 a.m.29 views

Microsoft Office Security Feature Bypass Vulnerability (CNVD-2016-12460)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A security feature bypass vulnerability exists in Microsoft Office software that originates when the progr...

7.8CVSS7.3AI score0.58204EPSS
Exploits0References1
CNVD
CNVD
added 2016/10/13 12:0 a.m.29 views

Redis Out-of-Bounds Remote Code Execution Vulnerability

Redis is a set of open source written in ANSI C , network support , memory-based can also be persistent log-type , key-value store database , and provides a variety of languages API. A remote code execution vulnerability exists in Redis that can be exploited by an attacker to execute arbitrary co...

9.8CVSS9.7AI score0.14834EPSS
Exploits2References1
CNVD
CNVD
added 2016/08/26 12:0 a.m.29 views

Novell GroupWise Heap Buffer Overflow Vulnerability

Novell GroupWise is a cross-platform collaboration software. A heap buffer overflow vulnerability exists in Novell Focus GroupWise 2014 R2 and 2014 releases, which arises from a program that fails to perform proper boundary checks on user-submitted input. An attacker could use this vulnerability ...

9.8CVSS8AI score0.05726EPSS
Exploits1References1
CNVD
CNVD
added 2016/08/22 12:0 a.m.29 views

INSIDE Secure MatrixSSL Information Disclosure Vulnerability (CNVD-2016-06540)

INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. An information disclosure vulnerability exists in versions of INSIDE Secure MatrixSSL prior to 3.8.3. An attacker could exploit this vulnerability to conduct a...

5.9CVSS7.1AI score0.13906EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/21 12:0 a.m.29 views

GNU glibc Infinite Loop Denial of Service Vulnerability

GNU glibc is an implementation of the C library for the Linux operating system. An infinite loop denial of service vulnerability exists in GNU glibc version 2.22. An attacker can exploit the vulnerability to cause an infinite loop denial of service...

7.5CVSS8.2AI score0.03841EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/04 12:0 a.m.29 views

Adobe Flex Buffer Overflow Vulnerability

Adobe Flex is the United States of America Odobie Adobe company's set of free, open source framework for building and maintaining Web applications. A buffer overflow vulnerability exists in the yygetnextbuffer function in Adobe Flex. A remote attacker could exploit this vulnerability to cause a...

9.8CVSS9.3AI score0.08767EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/25 12:0 a.m.29 views

eCryptfs ecryptfs-setup-swap Information Disclosure Vulnerability

eCryptfs Enterprise Cryptographic Filesystem is a set of disk encryption software for encrypted Linux systems maintained by software developers Dustin Kirkland and Tyler Hicks. The software is compatible with POSIX file system level encryption and supports file granularity file or directory...

3.3CVSS6AI score0.00373EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.29 views

Huawei Honor 4C Driver Input Validation Vulnerability (CNVD-2016-05175)

The Huawei Honor 4C 华为荣耀4C is a smartphone product of the Chinese company Huawei. An input validation vulnerability exists in the Huawei Honor 4C driver, which can be exploited by an attacker to cause a system reboot or user privilege elevation by tricking the user into installing a malicious...

9.3CVSS6.8AI score0.00577EPSS
Exploits0References1
CNVD
CNVD
added 2016/06/01 12:0 a.m.29 views

ABB PCM600 Password Hash Vulnerability

The ABB PCM600 is a protection and control IED manager, primarily used in the energy industry. The master application password in the ABB PCM600 ACTConfig configuration file uses a weak hash function. A local attacker could exploit this vulnerability to access the affected device...

2.8CVSS6.7AI score0.00304EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/26 12:0 a.m.29 views

RoundCube Webmail Cross-Site Request Forgery Vulnerability

RoundCube Webmail is a browser-based IMAP client mail client. A cross-site request forgery vulnerability exists in RoundCube Webmail, which can be exploited by an attacker to download message attachments by sending a GET request with the download parameter set to 1...

8.8CVSS8.7AI score0.02713EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/24 12:0 a.m.29 views

Apple OS X Intel Graphics Driver Memory Corruption Vulnerability (CNVD-2016-01879)

Apple OS X is a specialized operating system developed by Apple for Mac computers.Intel Graphics Driver is one of the graphics card driver components. A security vulnerability exists in Intel Graphics Driver in Apple OS X versions prior to 10.11.4. The vulnerability can be exploited by an attacke...

9.3CVSS7.5AI score0.04157EPSS
Exploits4References1
CNVD
CNVD
added 2016/03/16 12:0 a.m.29 views

Android MediaTek Wi-Fi Kernel Driver Privilege Gain Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, and the MediaTek Wi-Fi kernel driver is one of the Wi-Fi kernel driver components. A security vulnerability exists in the MediaTek Wi-Fi kernel driver for Android versions 6.x prio...

9.3CVSS7.7AI score0.00522EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/04 12:0 a.m.29 views

Cyrus IMAP index_urlfetch Information Disclosure Vulnerability

Cyrus IMAP Server is an e-mail server developed at Carnegie Mellon University. A security vulnerability exists in the function indexurlfetch in Cyrus IMAP versions 2.3.x-2.3.19, 2.4.x-2.4.18, 2.5.x-2.5.4 index.c. A remote attacker can exploit this vulnerability to obtain sensitive information by...

7.5CVSS8.9AI score0.03261EPSS
Exploits1References1
CNVD
CNVD
added 2015/11/15 12:0 a.m.29 views

ZTE ZXHN H108N R1A Information Disclosure Vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. An information disclosure vulnerability exists in the ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE version and the ZXV10 W300 W300V1.0.0fER1PE, which allows remote attackers to exploit the vulnerability to obtain a...

7.5CVSS6.5AI score0.06897EPSS
Exploits4References1
CNVD
CNVD
added 2015/09/27 12:0 a.m.29 views

GNU Screen Denial of Service Vulnerability

GNU Screen is a set of free software for command line terminal switching. A stack overflow vulnerability exists in GNU Screen. An attacker can exploit the vulnerability to crash the application and cause a denial of service...

5CVSS7.8AI score0.04148EPSS
Exploits1References1
CNVD
CNVD
added 2015/09/27 12:0 a.m.29 views

SIS XGI VGA Display Manager Privilege Vulnerability

SIS XGI VGA Display Manager is a VGA display manager. A security vulnerability exists in SIS XGI VGA Display Manager that allows an attacker to write to arbitrary memory locations and gain elevated privileges...

7.8CVSS7.2AI score0.01129EPSS
Exploits4References1
CNVD
CNVD
added 2015/06/26 12:0 a.m.29 views

GarrettCom Magnum 6K and 10K Switches Remote Denial of Service Vulnerability

GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. A security vulnerability exists in the GarrettCom Magnum 6K and 10K Switches that allows remote attackers to exploit the vulnerability by submitting a special request to reload the device, resulting in a denial of...

3.5CVSS6.8AI score0.0126EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/30 12:0 a.m.29 views

ZOHO ManageEngine Applications Manager FailOverHelperServlet servlet Information Disclosure Vulnerability

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. An information disclosure...

7.5CVSS6.2AI score0.83399EPSS
Exploits11References1
CNVD
CNVD
added 2015/03/25 12:0 a.m.29 views

cups-filters remove_bad_chars function arbitrary command execution vulnerability

CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...

7.5CVSS7.2AI score0.02958EPSS
Exploits1References1
CNVD
CNVD
added 2015/03/11 12:0 a.m.29 views

Seagate Business Storage 2-Bay NAS Remote Code Execution Vulnerability

The Seagate Business Storage 2-Bay NAS is an enterprise-class network storage server from Seagate USA. A remote code execution vulnerability exists in the Seagate Business Storage 2-Bay NAS. An attacker can exploit this vulnerability to execute arbitrary code with root privileges, which may also...

10CVSS8.5AI score0.43813EPSS
Exploits7References1
CNVD
CNVD
added 2015/01/22 12:0 a.m.29 views

Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2015-00596)

Oracle VM VirtualBox is an open source virtual machine software. A security vulnerability in the VMSVGA device child of Oracle VM VirtualBox versions prior to 4.3.20 allows remote attackers to exploit the vulnerability to affect the availability, integrity of the system...

3.2CVSS6.7AI score0.0036EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/02 12:0 a.m.28 views

Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14279)

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is a set of operating systems developed for mobile devices.Apple macOS is a set of specialized operating systems developed specifically for Mac computers.Apple Safari is a we...

5.5CVSS5.8AI score0.00229EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.28 views

Memory Error Vulnerability in Multiple Mozilla Products

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory error vulnerability exists in several Mozilla products, which c...

9.8CVSS6.9AI score0.03057EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/26 12:0 a.m.28 views

Linux Kernel Memory Corruption Vulnerability (CNVD-2025-04157)

The Linux Kernel is a core component of many operating systems and is responsible for managing system resources. A security vulnerability exists in the Linux Kernel. The vulnerability stems from improper handling of the adev-dm.dc variable. An attacker could use this vulnerability to cause a deni...

5.5CVSS7.5AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
added 2025/01/24 12:0 a.m.28 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02320)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...

4.9CVSS6AI score0.01025EPSS
Exploits0References1
CNVD
CNVD
added 2024/10/17 12:0 a.m.28 views

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41008)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

6.1CVSS6.4AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/12 12:0 a.m.28 views

Adobe Commerce Input Validation Error Vulnerability (CNVD-2024-19008)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from vulnerability to incorrect input validation vulnerability, which could lead t...

9CVSS9.2AI score0.01418EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/11 12:0 a.m.28 views

Microsoft Defender for IoT elevation of privilege vulnerability (CNVD-2024-19330)

Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments. An elevation of privilege vulnerability exists in Microsoft Defender for IoT, which can be exploited by an attacker to escalate privileges...

7.2CVSS7.3AI score0.02291EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/21 12:0 a.m.28 views

Multiple Mozilla product security bypass vulnerabilities (CNVD-2024-14980)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in several Mozilla products, whic...

6.1CVSS6.4AI score0.00704EPSS
Exploits1References1
CNVD
CNVD
added 2024/03/21 12:0 a.m.28 views

Code execution vulnerability in multiple Mozilla products (CNVD-2024-14978)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products that...

8.1CVSS7.6AI score0.01107EPSS
Exploits1References1
CNVD
CNVD
added 2024/03/21 12:0 a.m.28 views

Code execution vulnerability in multiple Mozilla products (CNVD-2024-14975)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products and is...

8.8CVSS7.7AI score0.00879EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/21 12:0 a.m.28 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14658)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00427EPSS
Exploits0References1
Total number of security vulnerabilities5000