Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2021/06/03 12:0 a.m.73 views

Synology DiskStation Manager Path Traversal Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in Synology DiskStation Manager version...

7.8CVSS7.3AI score0.00318EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/05 12:0 a.m.72 views

Apache HTTP Server Null Pointer Dereference Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause the server...

5.4CVSS6.5AI score0.01715EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/15 12:0 a.m.72 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2024-13569)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat has a denial of service vulnerability that can be exploited by an attacker to increase resource consumption and...

6.3CVSS6.5AI score0.02313EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.72 views

MinIO Licensing Issue Vulnerability (CNVD-2022-55156)

MinIO is an open source object storage server from MinIO, Inc. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO has an authorization issue vulnerability that could be exploited by an attacker to elevate privileges to those of a roo...

9CVSS3.8AI score0.02085EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/18 12:0 a.m.72 views

Atlassian Fisheye and Crucible Directory Traversal Vulnerabilities

Atlassian Fisheye is a suite of source code depth viewers.Crucible is a suite of code review tools. Atlassian Fisheye and Crucible contain a security vulnerability that can be exploited by an attacker to view arbitrary files on a system...

7.5CVSS7.5AI score0.01245EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/17 12:0 a.m.72 views

TinyFileManager path traversal vulnerability

TinyFileManager is a web-based file manager used to store, upload, edit and manage files and folders online via a web browser. A path traversal vulnerability exists in TinyFileManager 2.4.6 and all versions below, which stems from the software's lack of validation and escaping of the fullpath...

6.5CVSS3.2AI score0.08235EPSS
Exploits5References1
CNVD
CNVD
added 2021/06/02 12:0 a.m.72 views

Synology DiskStation Manager Path Traversal Vulnerability (CNVD-2021-39156)

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in the PDF Viewer component of Synology...

5CVSS6.2AI score0.01112EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/06 12:0 a.m.72 views

Mikrotik RouterOs Memory Corruption Vulnerability (CNVD-2021-49786)

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. MikroTik RouterOS has a memory corruption vulnerability in the /nova/bin/traceroute process. A remote attacker cou...

6.5CVSS6.9AI score0.01077EPSS
Exploits0References1
CNVD
CNVD
added 2019/01/25 12:0 a.m.72 views

Apache HTTP Server Denial of Service Vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in the HTTP/2 modhttp2 connection for httpd in Apache HTTP Server versions 2.4.17 through...

5.3CVSS8.4AI score0.19404EPSS
Exploits0References1
CNVD
CNVD
added 2022/12/20 12:0 a.m.71 views

IBM AIX Denial of Service Vulnerability (CNVD-2023-00807)

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...

6.2CVSS6.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/23 12:0 a.m.71 views

WordPress WPML Multilingual CMS premium plugin access control error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPML Multilingual CMS premium plugin 4.5.10 and earlier versions are vulnerable to an acces...

1.7AI score0.00503EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/31 12:0 a.m.71 views

Linux kernel contention condition vulnerability (CNVD-2022-74084)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 6.0.6 and earlier versions have a contention condition vulnerability that originates in drivers/char/pcmcia/scr24xcs.c when calling open if scr24x open and scr24xremove, an attacker can...

3.5AI score0.003EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/05/05 12:0 a.m.71 views

Shopware Cross-Site Request Forgery Vulnerability

A cross-site request forgery vulnerability exists in versions of Shopware prior to 5.7.9, which stems from vulnerability to cross-site request forgery CSRF token authentication failures. An attacker could exploit this vulnerability to be subject to a cross-site request forgery CSRF attack...

5CVSS4.4AI score0.00565EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/02/25 12:0 a.m.71 views

Google Android Elevation of Privilege Vulnerability (CNVD-2022-47680)

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a lack of privilege checks and could result in CPU behavior that could be considered faulty and could be exploited by attackers to...

7.2CVSS5.4AI score0.00125EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/26 12:0 a.m.71 views

Unauthorized Access Vulnerability in Portainer

Portainer is a graphical management tool for visualizing container images. With Portainer you can easily build, manage and maintain Docker environments. An unauthorized access vulnerability exists in Portainer. An attacker could exploit the vulnerability to obtain sensitive information...

6.7AI score
Exploits0
CNVD
CNVD
added 2023/01/12 12:0 a.m.70 views

Microsoft SharePoint Server Security Feature Bypass Vulnerability (CNVD-2023-04532)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information.A...

5.3CVSS1.2AI score0.01124EPSS
Exploits0References1
CNVD
CNVD
added 2022/12/08 12:0 a.m.70 views

pgAdmin 4 Remote Code Execution Vulnerability

pgAdmin 4 is a reliable and comprehensive database design and management software for PostgreSQL. A remote code execution vulnerability exists in pgAdmin 4. The vulnerability is required in Windows environments where, due to lax privilege checks by the developer, an attacker can exploit the...

8.8CVSS9AI score0.79933EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.70 views

Arbitrary File Read Vulnerability in e-office of Shanghai Panavision Network Technology Co.

e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

6.9AI score
Exploits0
CNVD
CNVD
added 2022/02/10 12:0 a.m.70 views

WordPress Perfect Survey插件SQL注入漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language.The WordPress Perfect Survey plugin has a SQL injection vulnerability in versions prior to 1.5.2, which stems from the lack of validation of externally entered SQL statements in database-based...

9.8CVSS3.9AI score0.86896EPSS
Exploits7References1
CNVD
CNVD
added 2022/01/26 12:0 a.m.70 views

Online Payment Hub SQL注入漏洞

Online Payment Hub is an online payment hub for Carlo Montero personal developers. The Online Payment Hub is vulnerable to SQL injection due to a lack of filtering and escaping of SQL data in Login.php, which could be exploited to execute arbitrary SQL commands via the username parameter...

9.8CVSS4AI score0.01289EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/14 12:0 a.m.70 views

Linux kernel buffer overflow vulnerability (CNVD-2022-69200)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to buffer overflow, which can be exploited by local attackers to cause a buffer overflow and execute arbitrary code, or cause a denial of service condition on the system...

7.8CVSS6.3AI score0.00505EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/10 12:0 a.m.70 views

Linux kernel denial of service vulnerability (CNVD-2021-60522)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by remote attackers to cause a denial of service situation...

7.5CVSS4.4AI score0.03354EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/04 12:0 a.m.70 views

Unspecified Vulnerability in Apache HTTP Server (CNVD-2021-44766)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a security vulnerability in modproxywstunnel, modproxyhttp, no details of the vulnerability are provided at...

5.3CVSS6.6AI score0.60266EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/18 12:0 a.m.69 views

ZTE MC801A and MC801A1 Web Interface Buffer Overflow Vulnerability

The ZTE MC801A/MC801A1 are both a 5g indoor WiFi router from China's ZTE ZTE. The ZTE MC801A and MC801A1 suffer from a buffer overflow vulnerability, which stems from insufficient validation of web interface parameters and can be exploited by attackers to conduct denial of service attacks...

7.5CVSS7.3AI score0.007EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/24 12:0 a.m.69 views

Linux kernel out-of-bounds read vulnerability (CNVD-2023-98205)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability that stems from an out-of-bounds read problem in the parseleasestate method of the KSMBD implementation of the...

8.1CVSS7.3AI score0.01077EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/21 12:0 a.m.69 views

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2022-73141)

Bootstrap is a web front-end framework developed using HTML, CSS, and JavaScript. Bootstrap versions v3.1.11 and v3.3.7 are vulnerable to a cross-site scripting vulnerability that originates in the Title parameter in /vendor/views/addproduct.php. An attacker could exploit this vulnerability to...

4.3CVSS2.2AI score0.00902EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/03/21 12:0 a.m.69 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-47675)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android suffers from a buffer overflow vulnerability, which can be exploited by attackers to cause local privilege escalation...

7.8CVSS6AI score0.00115EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/21 12:0 a.m.69 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-47674)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android suffers from a buffer overflow vulnerability, which can be exploited by attackers to cause local privilege escalation...

7.8CVSS6AI score0.00115EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/12 12:0 a.m.69 views

Samba competition condition issue vulnerability

Samba is a standard Windows interoperability suite for Linux and Unix. A post-link vulnerability exists in Samba file server that results from a symbolic link contention condition when creating directories. A remote authenticated user can create a directory on a Unix file system outside of the...

2.5CVSS1.7AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
added 2016/10/12 12:0 a.m.69 views

SPIP Remote Code Execution Vulnerability

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A remote code execution vulnerability exists in SPIP 3.1.2 and prior versions. An attacker could exploit this vulnerability to execute arbitrary code at an affected site...

8.8CVSS8.5AI score0.13649EPSS
Exploits7References1
CNVD
CNVD
added 2023/01/13 12:0 a.m.68 views

Zendo Project Management System Remote Command Execution Vulnerability

Zendo Project Management System is a homegrown open source project management software. A remote command execution vulnerability exists in Zendo Project Management System. The vulnerability is caused by not exiting the program properly during the authentication process, resulting in an...

2.7AI score
Exploits0References1
CNVD
CNVD
added 2022/11/24 12:0 a.m.68 views

File Upload Vulnerability in Yisetong Electronic Document Security Management System (CNVD-2022-91374)

Electronic Document Security Management System abbreviation: CDG is an electronic document security protection software, which uses drive layer transparent encryption technology to prevent internal staff from leaking secrets and external personnel from illegally stealing core important data asset...

3.2AI score
Exploits0
CNVD
CNVD
added 2022/07/08 12:0 a.m.68 views

Bluetooth buffer overflow vulnerability in multiple MediaTek chips (CNVD-2022-66252)

MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...

8.8CVSS8.8AI score0.00335EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/28 12:0 a.m.68 views

Command Execution Vulnerability in I Doc View Online Document Preview System

I Doc View Online Document Preview is an online document preview system. A command execution vulnerability exists in I Doc View Online Document Preview that can be exploited by an attacker to execute arbitrary commands...

7.8AI score
Exploits0
CNVD
CNVD
added 2021/07/02 12:0 a.m.68 views

Command execution vulnerability in TamronOS IPTV/VOD system (CNVD-2021-49564)

TamronOS IPTV/VOD system is a set of Linux kernel-based development of broadband operators, hotels, schools, live on-demand all-in-one solution, the system provides a variety of clients Android set-top box, TV, PC on-demand, cell phone on-demand to facilitate user access through different devices...

7.9AI score
In wildExploits0
CNVD
CNVD
added 2023/10/12 12:0 a.m.67 views

Binary vulnerability in Linux kernel (CNVD-2023-87918)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a binary vulnerability that can be exploited by attackers to cause a system crash or local elevation of privilege...

7CVSS6.3AI score0.00536EPSS
Exploits0
CNVD
CNVD
added 2022/05/17 12:0 a.m.67 views

Apache Tomcat Request Obfuscation Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a request obfuscation vulnerability that stems from the fact that if a Web application sends a...

8.6CVSS8.2AI score0.07538EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/28 12:0 a.m.67 views

TOTOLink T10 Command Injection Vulnerability

TOTOLink T10 is a wireless network system router from TotoLink, China.TOTOLink T10 V5.9c.5061B20200511 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS6.9AI score0.03158EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/19 12:0 a.m.67 views

UpdateStar HD-Network Real-time Monitoring System Path Traversal Vulnerability

UpdateStar HD-Network Real-time Monitoring System is a high-definition network real-time monitoring system from UpdateStar, a German company. updateStar HD-Network Real-time Monitoring System in version 2.0 is vulnerable to path traversal vulnerability, which stems from the failure of a network...

7.5CVSS3.6AI score0.33133EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/07 12:0 a.m.67 views

nginx ngx_http_mp4_module component memory leak vulnerability

nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server. A memory leak vulnerability exists in the ngxhttpmp4module component in Nginx versions 1.15.5 and earlier and 1.14.1, which stems from the program failing to properly handle MP4 files. A remote attacker could...

8.2CVSS7AI score0.09801EPSS
Exploits1References1
CNVD
CNVD
added 2022/11/02 12:0 a.m.66 views

HTMLMinifier Denial of Service Vulnerability

HTMLMinifier is a Javascript-based HTML compressor/minifier . A denial of service vulnerability exists in HTMLMinifier version 4.0.0, which stems from the program's improper use of regular expressions, and can be exploited by an attacker to cause a denial of service by sending specially crafted...

7.5CVSS7.2AI score0.01092EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/26 12:0 a.m.66 views

H3C Magic R200 Buffer Overflow Vulnerability (CNVD-2022-54321)

H3C Magic R200 is a router from China New Huasan H3C.A security vulnerability exists in the H3C Magic R200 R200V200R004L02 version, which stems from the HOST parameter of doping.asp that was found to contain a stack overflow. No details of the vulnerability are currently available...

9.8CVSS4AI score0.12275EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.66 views

Simple Bus Ticket Booking System SQL Injection Vulnerability

Simple Bus Ticket Booking System, a bus ticket booking system, is vulnerable to a SQL injection vulnerability in version 1.0 of Simple Bus Ticket Booking System, which originates in the username and password parameters in /assets/partials/handleLogin.php. and password parameters in...

7.5CVSS4.3AI score0.00874EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/10/10 12:0 a.m.66 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-09237)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server version 2.4.49, which arises from the detection of new null pointer...

7.5CVSS7.3AI score0.24982EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/11 12:0 a.m.66 views

Apache HTTP Server Data Forgery Issue Vulnerability

Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A data forgery vulnerability exists in Apache HTTP Server. The vulnerability arises from a network system or...

5.3CVSS9.4AI score0.05884EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/03 12:0 a.m.65 views

OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)

OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, which is implemented based on the Full Strength Common Cryptographic Library for protecting communications on computer networks from eavesdropping and is widely used by Intern...

3.9AI score0.92488EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/03/22 12:0 a.m.65 views

Linux Kernel owner_on_cpu function denial of service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel owneroncpu function, which can be exploited by an attacker to cause a denial of service...

5.5CVSS5.7AI score0.01339EPSS
Exploits1References1
CNVD
CNVD
added 2021/09/07 12:0 a.m.65 views

Aruba Networks ArubaOS Path Traversal Vulnerability (CNVD-2021-70117)

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. The vulnerability is caused by a lack of validation and filtering of parameters, which could be exploited by an authenticated attacke...

6.5CVSS4.9AI score0.0099EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.65 views

KDE KArchive Security Bypass Vulnerability

KDE is a free and open source X desktop management program for Linux and Unix workstations, KDE provides support for various network protocols through the KIO subsystem.KDE KArchive is one of the document managers. A security bypass vulnerability exists in KDE KArchive 5.23.0 and earlier versions...

7.5CVSS7.5AI score0.04429EPSS
Exploits1References1
CNVD
CNVD
added 2023/12/06 12:0 a.m.64 views

Google Android Denial of Service Vulnerability (CNVD-2024-07124)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability due to a flaw in PersistableBundle.java's saveToXml, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.6AI score0.00136EPSS
Exploits0References1
Total number of security vulnerabilities5000