Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/02/16 12:0 a.m.•28 views

Tenda Router AX12 Buffer Overflow Vulnerability

Tenda Ax12 is a dual-band Gigabit Wifi 6 wireless router from Tenda, China.A security vulnerability exists in the Tenda Router AX12, which stems from a buffer overflow vulnerability in the sub 422CE4 function of the page goform setIPv6Status, which can be exploited by an attacker to cause a denia...

7.8CVSS4AI score0.12294EPSS
Exploits1References1
CNVD
CNVD
•added 2022/02/15 12:0 a.m.•28 views

Google Android Access Control Error Vulnerability (CNVD-2022-13350)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from allowing the creation of specific named system directories without proper permissions. No details of the vulnerability are available at this time...

5.3CVSS5.2AI score0.00747EPSS
Exploits1References1
CNVD
CNVD
•added 2022/02/14 12:0 a.m.•28 views

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-15931)

A security vulnerability exists in Adobe Illustrator, a vector-based image creation software from Adobe, which stems from the product's failure to securely check memory boundaries. An attacker could exploit the vulnerability to cause a sensitive memory leak...

5.5CVSS3.1AI score0.01876EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/14 12:0 a.m.•28 views

D-Link DIR-X1860 Denial of Service Vulnerability (CNVD-2022-11517)

The D-Link Dir-X1860 is a dual-band router from D-Link, a Chinese company. A specially designed URL to an authenticated victim to reboot the router. The authenticated victim would need to access the URL in order for the router to reboot...

7.4CVSS3.7AI score0.02169EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/14 12:0 a.m.•28 views

vim information disclosure vulnerability (CNVD-2022-20697)

Vim is a UNIX-based editor. vim has a security vulnerability that stems from out-of-bounds during pointer usage in Conda vim. No details of the vulnerability are currently available...

8.4CVSS2AI score0.01607EPSS
Exploits1References1
CNVD
CNVD
•added 2022/02/13 12:0 a.m.•28 views

Huawei EMUI Security Bypass Vulnerability

Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. A security bypass vulnerability exists in HUAWEI EMUI/Magic UI, which stems from a security protection bypass vulnerability in the modem. An attacker could exploit the vulnerability to cause a memory...

7.8CVSS7.5AI score0.00174EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/13 12:0 a.m.•28 views

Xwiki Platform licensing issue vulnerability (CNVD-2022-13405)

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to an authorization issue, which stems from the fact that even if the wiki is closed to visitors, it is possible to guess whether a user has an account on the...

7.5CVSS2.2AI score0.01128EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/11 12:0 a.m.•28 views

Radareorg Radare2 Resource Management Error Vulnerability

radare2 is a set of libraries and tools for working with binary files. radareorg Radare2 is vulnerable to a resource management error that stems from the product's reuse of freed memory. No detailed vulnerability details are currently available...

8.8CVSS2AI score0.01097EPSS
Exploits1References1
CNVD
CNVD
•added 2022/02/10 12:0 a.m.•28 views

MariaDB Denial of Service Vulnerability (CNVD-2022-65011)

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. MariaDB suffers from a denial of service vulnerability that stems from the product sqlparse.cc file not effectively handling usedtables exceptions...

5.5CVSS6.4AI score0.004EPSS
Exploits1References1
CNVD
CNVD
•added 2022/02/10 12:0 a.m.•28 views

Tenda G1 and G3 Command Injection Vulnerability (CNVD-2022-10749)

Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 v15.11.0.179502CN is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters...

9.8CVSS5.9AI score0.02956EPSS
Exploits1References1
CNVD
CNVD
•added 2022/02/10 12:0 a.m.•28 views

Bentley Systems Bentley View Buffer Overflow Vulnerability

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley View that can be exploited by an attacker to disclose sensitive information about an affected Bentley View installation...

5.5CVSS5.4AI score0.01699EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/10 12:0 a.m.•28 views

Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-16157)

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to disclose sensitive information about an affected installation of...

5.5CVSS5.4AI score0.01522EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/10 12:0 a.m.•28 views

Sante DICOM Viewer Pro DCM Remote Code Execution Vulnerability

Sante DICOM Viewer Pro is a medical DICOM image viewer.A remote code execution vulnerability exists in Sante DICOM Viewer Pro DCM, which can be exploited by attackers to execute code in the context of the current process...

7.8CVSS6AI score0.01731EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/10 12:0 a.m.•28 views

SAP NetWeaver AS SQL Injection Vulnerability

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS has a SQL injection vulnerability that can be exploited by attackers to threaten vulnerable systems, including Business Objects, SAP...

7.5CVSS7.7AI score0.01185EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/09 12:0 a.m.•28 views

Huawei HarmonyOS Competitive Conditions Issue Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a conditional contention vulnerability in the binder driver subsystem of the Wearables...

4.7CVSS4.5AI score0.00128EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/08 12:0 a.m.•28 views

Siemens Simcenter Femap File Parsing Vulnerability

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap is vulnerable to file parsing, which can be exploited b...

7.8CVSS5AI score0.01567EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/26 12:0 a.m.•28 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-13063)

Oracle MySQL Server is a relational database from Oracle Corporation USA. Oracle MySQL Server is vulnerable to an input validation error due to incorrect input validation in the Server: Optimizer component of MySQL Server. An attacker could exploit the vulnerability to corrupt or delete data...

7.1CVSS3.3AI score0.01197EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/26 12:0 a.m.•28 views

Google Chrome Buffer Overflow Vulnerability (CNVD-2022-15133)

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which can be exploited by attackers to convince users to engage in specific user interactions to exploit heap corruption via carefully crafted HTML pages...

8.8CVSS3.8AI score0.00877EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/25 12:0 a.m.•28 views

Adobe Acrobat/Reader Resource Management Error Vulnerability

Adobe Reader also known as Acrobat Reader is a PDF file reader software developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader has a resource management error vulnerability, which can be exploited by remote attackers to Creating specially crafted PDF...

9.3CVSS3.2AI score0.16497EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/24 12:0 a.m.•28 views

Google Chrome Resource Management Error Vulnerability (CNVD-2022-15162)

Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to resource management errors, which can be exploited by attackers to perform sandbox escapes through carefully crafted HTML pages...

9.6CVSS2.3AI score0.02038EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/24 12:0 a.m.•28 views

Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15476)

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...

5.3CVSS4.2AI score0.03486EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/19 12:0 a.m.•28 views

Grafana Information Disclosure Vulnerability (CNVD-2022-06890)

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. Grafana suffers from an information disclosure vulnerability that stems from the fact that in the...

4.3CVSS2AI score0.02013EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/18 12:0 a.m.•28 views

TP-Link TL-WA1201 Buffer Overflow Vulnerability

Tp-Link Tl-Wa1201 is a dual-band wireless access point from Tp-Link China. A buffer overflow vulnerability exists in the TP-Link TL-Wa1201 that stems from the product's failure to properly determine memory boundaries when processing DNS messages. An unauthenticated attacker could exploit this...

10CVSS9.7AI score0.07743EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•28 views

Weak password vulnerability in Kingdee Cloudstar

Kingdee Cloudstar is a new generation of strategic enterprise management software developed based on cutting-edge technologies such as cloud computing, big data, socialization, artificial intelligence and Internet of Things. There is a weak password vulnerability in Kingdee Cloudstar, which can b...

7.1AI score
Exploits0
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•28 views

Vim Resource Management Error Vulnerability (CNVD-2022-03944)

Vim, a UNIX-based editor, is vulnerable to a resource management error in version 8.2.3883, which stems from an incorrect dereference of the pointer by the vimregexecmulti function in the product's regexp.c file. An attacker could cause a denial of service through this vulnerability...

4.8AI score
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•28 views

WordPress 10Web Social Photo Feed Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress 10Web Social Photo Feed Plugin has a cross-site scripting vulnerability in versions prior to 1.4.29, which stems...

6.1CVSS2.6AI score0.008EPSS
Exploits2References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•28 views

Expat lookup function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in xmlparse.c in lookup when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on t...

8.8CVSS5.8AI score0.02614EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•28 views

IBM Security Verify Access Cross-Site Scripting Vulnerability

IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...

3.5CVSS2.9AI score0.00445EPSS
Exploits0Affected Software2
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•28 views

Pillow out-of-bounds read vulnerability (CNVD-2022-05433)

Pillow is a Python-based image processing library. An out-of-bounds read vulnerability exists in versions of Pillow prior to 9.0.0, which stems from a buffer over-read in pathgetbbox in path.c during initialization of ImagePath. An attacker could exploit this vulnerability to read memory-sensitiv...

6.5CVSS4.7AI score0.01957EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/12 12:0 a.m.•28 views

Apache Guacamole Information Disclosure Vulnerability (CNVD-2022-04988)

Apache Guacamole is a clientless remote desktop gateway from the Apache Foundation in the United States. The product supports protocols such as VNC, RDP, and SSH. A security vulnerability exists in Apache Guacamole 1.3.0, which stems from the fact that Apache Guacamole 1.3.0 and earlier versions...

6.5CVSS3.1AI score0.01933EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/10 12:0 a.m.•28 views

Google Chrome Security Feature Issue Vulnerability (CNVD-2022-65582)

Google Chrome is a Web browser from the U.S. company Google Google. Google Chrome is vulnerable to a security feature issue that exists due to an incorrect implementation of a vulnerability in automatically populating Google Chrome. A remote attacker could exploit the vulnerability to be able to...

6.5CVSS2AI score0.01334EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•28 views

Bludit Cross-Site Scripting Vulnerability (CNVD-2022-02492)

A cross-site scripting vulnerability exists in Bludit, an open source lightweight blog content management system CMS, which stems from a tag section in the product's login panel that does not validate input data. An attacker could execute client-side code through this vulnerability...

5.4CVSS1.8AI score0.01438EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/06 12:0 a.m.•28 views

Fluxbb Cross-Site Scripting Vulnerability (CNVD-2022-03216)

Fluxbb is a Php-based forum system from the Fluxbb organization. fluxbb has a cross-site scripting vulnerability in v1.4.12, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client...

6.1CVSS1.9AI score0.00633EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/27 12:0 a.m.•28 views

Adobe Dimension out-of-bounds read vulnerability

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. An out-of-bounds read vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause sensitive memory leaks...

4.3CVSS4.4AI score0.01527EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/24 12:0 a.m.•28 views

Adobe Audition Buffer Overflow Vulnerability (CNVD-2021-102794)

Adobe Audition is a set of multi-track editing tools from Adobe. Adobe Audition suffers from a buffer overflow vulnerability that originates when a networked system or product does not properly validate data boundaries when performing operations in memory, resulting in incorrect read and write...

4.3CVSS2.9AI score0.01802EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/24 12:0 a.m.•28 views

Quest KACE Desktop Authority XXE Vulnerability

Quest KACE Desktop Authority is a desktop management software from Quest, Inc. Quest KACE Desktop Authority is vulnerable to XXE and no detailed vulnerability details are available at this time...

5.5CVSS2.7AI score0.03001EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/23 12:0 a.m.•28 views

Fresenius Kabi Agilia Connect Infusion System Cross-Site Scripting Vulnerability

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.A cross-site scripting vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which can be exploited by attackers to inject JavaScript into the GET parameter of HTTP request'...

6.1CVSS1.6AI score0.00611EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•28 views

Dolibarr Cross-Site Scripting Vulnerability (CNVD-2022-05018)

Dolibarr is a modern software package that helps manage your organization's active applications. a cross-site scripting vulnerability exists in Dolibarr prior to 14.0.3, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

5.4CVSS2AI score0.00949EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/18 12:0 a.m.•28 views

WordPress NEX-Forms plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...

4.8CVSS1AI score0.00305EPSS
Exploits2References1
CNVD
CNVD
•added 2021/12/17 12:0 a.m.•28 views

Adobe Experience Manager Input Validation Error Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An inp...

6.5CVSS7.7AI score0.01631EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/17 12:0 a.m.•28 views

Adobe Photoshop Buffer Overflow Vulnerability (CNVD-2022-20504)

Adobe Photoshop is a set of image processing software from the American company Odobi Adobe. Adobe Photoshop suffers from a buffer overflow vulnerability, which stems from the presence of cross-border write data in the software. An attacker could use this vulnerability to trigger arbitrary code...

7.8CVSS6.5AI score0.00339EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/16 12:0 a.m.•28 views

Bentley View Buffer Overflow Vulnerability (CNVD-2021-102037)

Bentley View is a free viewer from Bentley Systems, Inc. Bentley View contains a security vulnerability that could be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system...

7.8CVSS5.1AI score0.02123EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/16 12:0 a.m.•28 views

Adobe Premiere Rush Code Execution Vulnerability (CNVD-2021-101123)

Adobe Premiere Rush is a cross-platform video editing software from Adobe. Adobe Premiere Rush has a security vulnerability that could be exploited by attackers to execute arbitrary code on the system...

9.3CVSS6.3AI score0.02273EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/13 12:0 a.m.•28 views

Fortinet FortiNAC Elevation of Privilege Vulnerability

Fortinet FortiNAC is a network access control solution from Fortinet, a US-based company. Fortinet FortiNAC has an elevation of privilege vulnerability that can be exploited to elevate privileges to root via the sudo command...

7.8CVSS4.2AI score0.00251EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

DouPHP Cross-Site Scripting Vulnerability (CNVD-2022-03909)

DouPHP is a lightweight enterprise content management system CMS from China DouShell Network Technology, Inc. A cross-site scripting vulnerability exists in DouPHP, which stems from a lack of data validation filtering of user-supplied and output data in /admin/cloud.php. An attacker could exploit...

4.3CVSS1.6AI score0.00562EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

Google Chrome Type Obfuscation Vulnerability (CNVD-2022-02735)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a type confusion error in Chrome. An attacker could exploit this vulnerability to execute arbitrary code in the context of a sandboxed rendering process...

8.8CVSS8.9AI score0.00961EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

IBM Db2 Access Control Error Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...

8.7CVSS8.2AI score0.01091EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

Bentley View J2K File Parsing Memory Misreference Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...

7.8CVSS5.2AI score0.02005EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-99619)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a resource management error that can be exploited by attackers to cause a potentially exploitable crash...

8.8CVSS4.8AI score0.0162EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

Mozilla Firefox ESR code issue vulnerability (CNVD-2021-99620)

Mozilla Firefox ESR is an extended support version of the Mozilla Foundation's Firefox Web browser in the U.S. Mozilla Firefox ESR has a code issue vulnerability that could be exploited by an attacker to cause an application to crash...

8.8CVSS4.2AI score0.0202EPSS
Exploits0References1
Total number of security vulnerabilities5000