Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/04/24 12:0 a.m.28 views

Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35536)

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from the lack of validation of external input SQL in the /admin.php?id=posts & action=display & value=1 &...

9.8CVSS3.2AI score0.01185EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/22 12:0 a.m.28 views

Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64253)

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR suffers from an input validation error vulnerability that can be exploited by attackers to initiate certain activities...

8.5CVSS7.8AI score0.00136EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/20 12:0 a.m.28 views

Tyler Technologies Tyler Odyssey信息泄露漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, Inc. An information disclosure vulnerability exists in versions of Tyler Technologies Tyler Odyssey prior to 17.1.20, which stems from an insecure direct object reference issue in the platform. An...

5CVSS2AI score0.01849EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/04/19 12:0 a.m.28 views

Asterisk SQL Injection Vulnerability

Asterisk is a PBX system software that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols.Asterisk suffers from a SQL injection vulnerability that can be exploited by attackers to cause user-supplied data to create corrupt SQL queries or possibly SQL injections...

9.8CVSS4.4AI score0.06976EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.28 views

MariaDB item_cmpfunc.h Denial of Service Vulnerability

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A denial of service vulnerability exists in MariaDB Server v10.9 and earlier versions, which stems from the sql/itemcmpfunc.h component containing ...

7.5CVSS7.2AI score0.01579EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.28 views

Microsoft Power BI Spoofing Vulnerability

Microsoft Power BI is an interactive data visualization software from Microsoft USA that focuses on business intelligence. It is part of the Microsoft Power Platform. A spoofing vulnerability exists in Microsoft Power BI. An attacker can exploit this vulnerability to conduct spoofing attacks...

3.7CVSS3.7AI score0.00797EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.28 views

Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CNVD-2022-74593)

A remote code execution vulnerability exists in Microsoft Windows Graphics Components, which originates when a network system or product fails to properly filter external input data during the construction of code segments. elements during the construction of code segments from external input dat...

9.3CVSS4.9AI score0.02516EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.28 views

Microsoft Windows Fax Compose Form Remote Code Execution Vulnerability

Microsoft Windows Fax services is a feature component service of Microsoft Corporation USA used to specify fax settings, including how to send, receive, view and print. A remote code execution vulnerability exists in Microsoft Windows Fax Compose Form, which is used to specify fax settings,...

7.8CVSS3.7AI score0.01943EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.28 views

Microsoft Windows Hyper-V Shared Virtual Hard Disks信息泄露漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Windows Hyper-V Shared Virtual Hard Disks has an information disclosure vulnerability that could be exploited by attackers to obtain...

9CVSS1.8AI score0.03665EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.28 views

Microsoft Windows Upgrade Assistant Remote Code Execution Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows Upgrade Assistant. The vulnerability stems from improper handling of input data and can be exploited by an attacker to...

7.8CVSS8.1AI score0.0236EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.28 views

Huawei EMUI Information Disclosure Vulnerability (CNVD-2022-64484)

Huawei EMUI is an Android-based mobile operating system developed by the Chinese company Huawei Huawei. Huawei EMUI suffers from an information disclosure vulnerability, which is caused by an unauthorized rewrite vulnerability in the memory access management module on the ACPU. An attacker can...

5.5CVSS5.2AI score0.00179EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/14 12:0 a.m.28 views

MariaDB Denial of Service Vulnerability (CNVD-2022-65004)

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.7 and lower, which stems from the inclusion of a global buffer overflow in the component...

7.5CVSS8AI score0.02458EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/14 12:0 a.m.28 views

MariaDB Denial of Service Vulnerability (CNVD-2022-65006)

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.7 and lower, which can be exploited by an attacker to cause a denial of service DoS via a...

7.5CVSS7.3AI score0.01644EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.28 views

Jenkins Jira Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that suffers from a cross-site scripting vulnerability that stems from the application not escaping the names and descriptions of the Jira Issue and Jira Release Version...

5.4CVSS2.3AI score0.00825EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.28 views

Jenkins Subversion Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Subversion Plugin is vulnerable to cross-site request forgery, which can be exploited by an attacker to connect to ...

4.3CVSS2.7AI score0.01802EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.28 views

Webmin Cross-Site Scripting Vulnerability (CNVD-2022-61348)

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.A cross-site scripting vulnerability exists in Webmin version 1.973, which stems from the lack of filtering and escaping of user-submitted parameters for the Add User feature. An...

6.1CVSS2.9AI score0.02001EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/12 12:0 a.m.28 views

tildearrow Furnace Denial of Service Vulnerability

tildearrow Furnace is a multi-system chip tuning tracker compatible with the DefleMask module. tildearrow Furnace has a security vulnerability that stems from an incomplete fix for CVE-2022-1211, which can be exploited by attackers to cause a denial of service vulnerability...

6.5CVSS5.5AI score0.01137EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.28 views

WordPress Insights from Google PageSpeed plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress Insights from Google PageSpeed...

4.3CVSS1.1AI score0.00863EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/04/06 12:0 a.m.28 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60121)

Microsoft Edge is a web browser that comes with versions of Windows 10 and later, and an elevation of privilege vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to elevate privileges...

8.3CVSS5.5AI score0.01742EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/06 12:0 a.m.28 views

Code injection vulnerability in Joomla!

Joomla! is a set of forum components used in the Joomla! content management system. A code injection vulnerability exists in versions 4.0.0 to 4.1.0 of Joomla!, which stems from an HTTP request parameter input validation error. No detailed vulnerability details are available at this time...

9.8CVSS1.7AI score0.01172EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/05 12:0 a.m.28 views

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2022-36036)

Microsoft Edge is a web browser that comes with post-Windows 10 versions of Microsoft Corporation Microsoft. Microsoft Edge has an elevation of privilege vulnerability, and no details of the vulnerability are available...

8.3CVSS4.9AI score0.01742EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.28 views

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57825)

ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and previous versions have a cross-site scripting vulnerability, which stems from the program not being properly filtered, and can be exploited by remote attackers to execute HTML or JavaScript code with the help o...

6.1CVSS3.1AI score0.009EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.28 views

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57834)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and prior versions, which stems from the fact that the program does not validate input or filter output, and can b...

6.1CVSS3.6AI score0.009EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.28 views

Multiple Apple products have unspecified vulnerabilities (CNVD-2022-55136)

Apple macOS Big Sur is a mobile app from Apple. macOS Catalina is a dedicated operating system for Mac computers from Apple. macOS Monterey is Apple's 18th major version of macOS for Macintosh. macOS Monterey is the 18th major version of Apple's desktop operating system, macOS. Several Apple...

7.1CVSS4.3AI score0.01312EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.28 views

WordPress CleanTalk plugin cross-site scripting vulnerability (CNVD-2022-67605)

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. WordPress CleanTalk plugin 5.173 and earlier versions have a cross-sit...

6.1CVSS2AI score0.02303EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.28 views

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57828)

ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program does not filter user input and can be exploited by remote attackers to execute scripts in the user's browse...

6.1CVSS5.4AI score0.00873EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.28 views

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2022-61337)

OpenEMR is an open source healthcare management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing applications. cross-site scripting vulnerabilities exist in versions of OpenEMR prior to...

8CVSS2AI score0.51472EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.28 views

Sourcecodester Student Attendance Management System跨站脚本漏洞

Sourcecodester Student Attendance Management System is an attendance management system used to maintain daily attendance records. A cross-site scripting vulnerability exists in Sourcecodester Student Attendance Management System version 1.0. The vulnerability stems from a lack of data validation...

5.4CVSS4AI score0.00542EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/30 12:0 a.m.28 views

GitLab CE/EE Information Disclosure Vulnerability (CNVD-2022-55068)

GitLab is an open source end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, etc. GitLab CE/EE versions 11.3 and later are vulnerable to an information disclosure vulnerability...

4.3CVSS2.5AI score0.00801EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/30 12:0 a.m.28 views

WordPress Limit Login Attempts (Spam Protection) plugin SQL Injection Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A SQL injection vulnerability exists in the WordPress Lim...

9.8CVSS7.8AI score0.08852EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/28 12:0 a.m.28 views

Lua Resource Management Error Vulnerability

Lua is a lightweight, extended open source scripting language from the Lua LUA team. Lua interpreter versions 5.4.0 through 5.4.3 are vulnerable to a resource management error, which can be exploited by attackers to execute Sandbox Escape via a specially crafted script file...

4.3CVSS6.3AI score0.00985EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/03/21 12:0 a.m.28 views

Slims8 Akasia SQL Injection Vulnerability

Slims8 Akasia is a software of the Slims community in Indonesia. It is used for library resource management e.g. books, journals, digital documents and other library materials and administration.An SQL injection vulnerability exists in Slims8 Akasia version 8.3.1, which stems from missing SQL...

6.5CVSS3.5AI score0.00954EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/03/17 12:0 a.m.28 views

Jenkins Extended Choice Parameter Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both products of Jenkins. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the plugin's failure to escape the value and description ...

3.5CVSS5.4AI score0.00633EPSS
Exploits0
CNVD
CNVD
added 2022/03/16 12:0 a.m.28 views

WordPress Photo Gallery by 10Web plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Photo Gallery by 10Web plugin version 1.6.0...

9.8CVSS2.7AI score0.74615EPSS
Exploits4References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.28 views

WordPress MOLIE plugin SQL injection vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress MOLIE plugin 0.5 and earlier versions have a SQL injection vulnerability, which stems from the failure of MOLIE to validate and escape SQL...

9.8CVSS2.6AI score0.01583EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/15 12:0 a.m.28 views

Huawei Emui and Magic UI video framework heap buffer overflow vulnerability

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. heap buffer overflow vulnerability exists in Huawei Emui and Magic UI video framework, which can be exploited by attackers to impact usability...

7.8CVSS3.9AI score0.00736EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.28 views

Nextcloud Information Disclosure Vulnerability (CNVD-2022-20155)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Nextcloud Germany.A security vulnerability exists in Nextcloud Server, which is due to an issue with the Nextcloud Text application which is provided with Nextcloud Server by...

6.5CVSS1.4AI score0.00758EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.28 views

Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22095)

Adobe After Effects is a set of visual effects and motion graphics creation software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects processing files, which can be exploited by attackers to execute arbitrary code in the context of the current user...

9.3CVSS6.7AI score0.03803EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.28 views

Tenda AX12 Buffer Overflow Vulnerability

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China. A security vulnerability exists in Tenda AX12 v22.03.01.21, which originates from a stack buffer overflow contained in the function sub422CE4. An attacker can exploit this vulnerability to cause a denial of service DoS via...

7.8CVSS7.6AI score0.01219EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.28 views

TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-21167)

The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/checkresetpwdverifycode, which can be exploited by a remote attacker to submit a special request that can crash the application or can execute arbitrar...

10CVSS9.7AI score0.01755EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.28 views

Yzmcms Cross-site Request Forgery Vulnerability (CNVD-2022-20584)

Yzmcms is an open source CMS Content Management System for Yzmcms personal developers. YzmCMS v6.3 is vulnerable to cross-site request forgery, which can be exploited by attackers to trigger cross-site request forgery CSRF via the component /yzmcms/comment/index/init.html...

8.8CVSS4.1AI score0.0082EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.28 views

Apache Spark Encryption Problem Vulnerability (CNVD-2022-21823)

Apache Spark is a multilingual engine for performing data engineering, data science, and machine learning on a single-node machine or cluster. Apache Spark is vulnerable to an encryption issue that stems from the program's use of a custom mutual authentication protocol that allows fully encrypted...

7.5CVSS2.2AI score0.01817EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.28 views

Shopware Access Control Error Vulnerability

Shopware is a suite of open source e-commerce software from the German company Shopware. Shopware is vulnerable to an access control error that stems from not properly setting sensitive HTTP headers to non-cacheable, which could be exploited by an attacker to enable HTTP caching and then have...

6.5CVSS1.2AI score0.00511EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.28 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59683)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...

7.8CVSS6.3AI score0.02158EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.28 views

Microsoft Exchange Server Spoofing Vulnerability (CNVD-2022-77978)

Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. It provides mail access, storage, forwarding, voice mail, mail filtering, etc. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers to conduct spoofing attacks...

6.5CVSS3AI score0.31799EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.28 views

Mozilla Firefox Permission License and Access Control Issues Vulnerability (CNVD-2023-59958)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a permissions licensing and access control issue vulnerability that stems from a logic error when handling iframes. The vulnerability can be exploited by an attacker to...

9.6CVSS6.8AI score0.00931EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.28 views

Microsoft Azure Site Recovery Permissions Licensing and Access Control Issues Vulnerability

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to privilege permission and access control issues. No details of the vulnerability are available at this time...

7.2CVSS2.1AI score0.02569EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.28 views

Vim buffer overflow vulnerability (CNVD-2022-20099)

Vim is an editor for the UNIX platform. vim suffers from a buffer overflow vulnerability that is caused by a read operation before the start of a line and results in a heap buffer overflow. An attacker could use the vulnerability to input a specially crafted file, resulting in a crash or code...

7.8CVSS7.9AI score0.01161EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.28 views

Microsoft Defender code injection vulnerability

Microsoft Defender for IoT is vulnerable to code injection. No details of the vulnerability are currently available...

8.8CVSS2.1AI score0.02737EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.28 views

Microsoft Azure Site Recovery Code Injection Vulnerability (CNVD-2022-17998)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to code injection. No details of the vulnerability are currently available...

7.2CVSS1.6AI score0.02281EPSS
Exploits0References1
Total number of security vulnerabilities5000