Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/10/10 12:0 a.m.27 views

YetiForceCrm Cross-Site Scripting Vulnerability (CNVD-2022-69154)

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from a lack of effective filtering and escaping of user-supplied data and can be exploited by an attacker to cause a...

5.4CVSS5AI score0.00547EPSS
Exploits1References1
CNVD
CNVD
added 2022/10/10 12:0 a.m.27 views

Nedi Consulting Nedi User Enumeration Vulnerability

Nedi Consulting NeDi is a suite of open source software from Nedi Consulting, Switzerland that supports discovery and mapping of network devices. A user enumeration vulnerability exists in Nedi, which stems from the insecure design of the Nedi login and community login web UI, and can be exploite...

9.1CVSS9.2AI score0.01534EPSS
Exploits1References1
CNVD
CNVD
added 2022/10/10 12:0 a.m.27 views

HSQLDB Code Execution Vulnerability

HSQLDB is a relational database management system written in Java by The HSQL Development Group team. A code execution vulnerability exists in HSQLDB, which stems from the fact that its use of java.sql.Statement or java.sql.PreparedStatement to process untrusted input by default allows any static...

9.8CVSS9.5AI score0.03519EPSS
Exploits1References1
CNVD
CNVD
added 2022/10/10 12:0 a.m.27 views

Multiple MediaTek chip isp local privilege elevation vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them hitting the market around the world...

6.7CVSS2.8AI score0.00075EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/30 12:0 a.m.27 views

Cisco Catalyst 9200 Series Switch Data Forgery Issue Vulnerability

Cisco Catalyst 9200 Series Switches is a switch from Cisco, U.S. A data forgery vulnerability exists in the software image validation feature of Cisco Catalyst 9200 Series Switches, which could be exploited by an attacker to execute unsigned code at system startup...

2.4AI score0.00203EPSS
Exploits0
CNVD
CNVD
added 2022/09/29 12:0 a.m.27 views

Aruba Networks ArubaOS and InstantOS Denial of Service Vulnerabilities

ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. A denial of service vulnerability exists in Aruba Networks ArubaOS and InstantOS. The vulnerability stems from a progra...

6.5CVSS6.5AI score0.00417EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/29 12:0 a.m.27 views

File Download Vulnerability in EWEB Network Management System of Beijing StarNet Ruijie Network Technology Co.

Ruijie Networks is a specialized network vendor with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products and storage. A file download vulnerability exists in the EWEB network management system of Beijing StarN...

6.9AI score
Exploits0
CNVD
CNVD
added 2022/09/24 12:0 a.m.27 views

Apache Airflow Open Redirect Vulnerability

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. Apache Airflow versions 2.3.0 to 2.3.4 have an open redirection vulnerability, which originates from the /confirm port of the web server does not do a reasonable job on the target...

6.1CVSS4AI score0.01452EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.28 views

Linux kernel resource management error vulnerability (CNVD-2022-69192)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a resource management error vulnerability that originates from a confusion in the instruction responsible for freeing memory in iouring. An attacker...

7.8CVSS7AI score0.00287EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.27 views

Vim Resource Management Error Vulnerability (CNVD-2022-68078)

Vim is a cross-platform text editor. versions prior to Vim 9.0.0490 are vulnerable to a resource management error, which stems from the existence of a memory reuse after release issue. No detailed vulnerability details are currently available...

7.8CVSS3.3AI score0.00475EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.27 views

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-10603)

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has an input validation error vulnerability that stems from the fact that the BlockLSTMGradV2 implementation does not fully validate its input, which could be exploited by an attacker to...

7.5CVSS3.2AI score0.00409EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.27 views

Google TensorFlow DrawBoundingBoxes Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when DrawBoundingBoxes receives input boxes that do not belong to the float dtype, it gives the assertion...

7.5CVSS3.6AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/19 12:0 a.m.27 views

Apple macOS Safari Buffer Overflow Vulnerability

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple macOS Safari WebKit, which can be exploited by a remote attacker to submit a special web request that can be tricked into being parsed by the...

8.8CVSS7.5AI score0.01136EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/06 12:0 a.m.27 views

BlueZ input validation error vulnerability

BlueZ is a Bluetooth protocol stack written in C, which is primarily used to provide support for the core Bluetooth layer and protocol. versions prior to BlueZ 5.59 have an input validation error vulnerability that stems from the failure of the profiles/audio/avrcp.c component to validate...

8.8CVSS3.6AI score0.00657EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/02 12:0 a.m.27 views

Denial of Service vulnerability in the rotateImage function in LibTIFF tiffcrop.c:8621

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A denial of service vulnerability exists in LibTIFF version 4.4.0rc1, which stems from a failed sysmalloc assertion in rotateImage in...

6.5CVSS3.7AI score0.00939EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/30 12:0 a.m.27 views

Tenda AX180 Stack Overflow Vulnerability (CNVD-2022-78482)

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China.Tenda AX1803 is vulnerable to a stack overflow vulnerability, which is caused by improper boundary checking of the formSetQosBand function. An attacker could exploit the vulnerability to overflow the buffer and execute arbitrary co...

7.8CVSS5.1AI score0.00327EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/30 12:0 a.m.27 views

Ingredients Stock Management System SQL Injection Vulnerability (CNVD-2023-11178)

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. A SQL injection issue exists in the id parameter of the /stocks/manage stockin.php location. No detailed vulnerability details are available at this time...

8.8CVSS4AI score0.00811EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/19 12:0 a.m.27 views

Tenda AC9 Command Injection Vulnerability (CNVD-2022-75820)

Tenda AC9 is a wireless router from Tenda, China. Tenda AC9 V15.03.2.21cn version is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands on the system...

9.8CVSS5.7AI score0.02408EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/16 12:0 a.m.27 views

Google Android Code Execution Vulnerability (CNVD-2022-71984)

Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-bounds write in Bluetooth. An attacker could exploit this vulnerability to execute arbitrary code on the system...

8.8CVSS4AI score0.0024EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/12 12:0 a.m.27 views

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-58464)

Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that originates from out-of-bounds writes. An attacker could exploit this vulnerability to execute arbitrary code...

7.8CVSS4.7AI score0.02545EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/12 12:0 a.m.27 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67843)

Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...

4.3AI score0.01614EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/08/11 12:0 a.m.27 views

Adobe FrameMaker heap buffer overflow vulnerability

Adobe Framemaker is a set of page layout software for writing and editing large or complex documents including structured documents from Adobe. Adobe FrameMaker is vulnerable to a heap buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code...

7.8CVSS5.1AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/10 12:0 a.m.27 views

Remote Code Execution Vulnerability in Damon 7 Database Kirin Edition

Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. A remote code execution vulnerability exists in Damon 7 Database Kirin Edition, which ca...

8.3AI score
Exploits0
CNVD
CNVD
added 2022/08/04 12:0 a.m.27 views

vim diff_write_buffer function buffer overflow vulnerability

Vim is a cross-platform text editor. vim suffers from a buffer overflow vulnerability that results from undefined behavior in the diffwritebuffer function. An attacker could exploit this vulnerability to cause a buffer overflow...

6.5CVSS4.9AI score0.00854EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/03 12:0 a.m.27 views

F5 BIG-IP TMM Data Normalization Infinite Loop Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An infinite loop vulnerability in F5 BIG-IP TMM data normalization stems from the fact that when an LTM virtual server is...

7.5CVSS2.4AI score0.01053EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/29 12:0 a.m.27 views

McAfee Agent Code Issue Vulnerability (CNVD-2022-55631)

McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator antivirus management platform and managed products. A code issue vulnerability exists in McAfee Agent MA versions prior to 5.7.7, which stems from a vulnerability that...

8.2CVSS7.7AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.27 views

Apple macOS Monterey Spotlight Privilege Permission and Access Control Issues Vulnerability

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey prior to version 12.5 is vulnerable to a privilege-granting and access-control issue vulnerability that stems from Spotlight failing to properly impose security...

7.8CVSS7.3AI score0.00894EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.27 views

Samsung Mobile devices SemWifiApClient Access Control Vulnerability

Samsung Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. Samsung Mobile devices SemWifiApClient has an access control vulnerability that originates from improper access control in the sendDHCPACKBroadcast...

3.3CVSS4.2AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.27 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-54310)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Stored Procedure component of Oracle MySQL Server 8.0.29 and prior. An attacker can exploit this vulnerability to corrupt MySQL Server by accessing the network over multip...

4.9CVSS5.2AI score0.01407EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.27 views

Samsung Mobile devices SemWifiApClient access control vulnerability (CNVD-2022-65119)

Samsung Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. Samsung Mobile devices SemWifiApClient has an access control vulnerability that originates from improper access control in the sendDHCPACKBroadcast...

3.3CVSS4.2AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.27 views

Cisco Nexus Dashboard Access Control Error Vulnerability

Cisco Nexus Dashboard is a centralized data center control panel that makes it easier to manage hybrid cloud network operations and maintenance.A security vulnerability exists in Cisco Nexus Dashboard that could be exploited by attackers to spoof user identities and send malicious requests...

2.1AI score0.01156EPSS
Exploits0
CNVD
CNVD
added 2022/07/20 12:0 a.m.27 views

Oracle Virtualization Input Validation Error Vulnerability (CNVD-2023-08447)

Oracle Virtualization is a virtualization solution from Oracle Corporation. It is used to unify and manage the entire hardware and software architecture from the application to the disk. Oracle Virtualization has a security vulnerability that could be exploited by an attacker to cause Oracle VM...

2.1AI score0.00347EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/07/19 12:0 a.m.27 views

ZTE ZXMP M721 Information Disclosure Vulnerability

The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE, China. An information leakage vulnerability exists in the ZTE ZXMP M721 commond21bootv100004ls1045 version. The vulnerability stems from the fact that although the serial authentication of the ZBOOT interface is...

7.5CVSS7.4AI score0.00663EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.27 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54733)

Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...

7.5CVSS4.5AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/18 12:0 a.m.27 views

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2022-55503)

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

5.4CVSS5.2AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/18 12:0 a.m.27 views

Multiple Adobe Products Uninitialized Pointer Access Vulnerabilities (CNVD-2022-87167)

Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. A number of Adobe products exist uninitialized pointer access vulnerability, the vulnerability arises from the existence of a post-release reuse error when processing PDF files...

7.8CVSS4.2AI score0.03377EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/18 12:0 a.m.27 views

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-77045)

Product Show Room Site is a kind of product show room website by Carlo Montero's personal developer. product show room site v1.0 version exists SQL injection vulnerability, the vulnerability originates from the existence of the id parameter in /psrs/?p=products/viewproduct&id SQL injection, an...

8.8CVSS5.2AI score0.0081EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Samsung TelephonyUI Access Control Error Vulnerability (CNVD-2022-70745)

An access control error vulnerability exists in Samsung TelephonyUI, a Telephony service for Samsung mobile devices in South Korea that provides support for the Telephony Application Programming Interface TAPI. The vulnerability stems from a lack of proper permission checking in TelephonyUI, whic...

6.2CVSS1.9AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

SAP Business One Denial of Service Vulnerability

SAP Business One is a set of enterprise management software from SAP. The software includes functions such as financial management, operations management and human resource management. A denial-of-service vulnerability exists in SAP Business One version 10.0, which stems from improper input clean...

7.5CVSS7.5AI score0.00745EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Samsung Wearable Manager Information Disclosure Vulnerability

Samsung Wearable Manager is an application for Samsung Samsung mobile devices that connects wearable devices to mobile devices. Samsung Wearable Manager is vulnerable to an information disclosure vulnerability that stems from the installation of an unprotected dynamic receiver, which could be...

5.5CVSS3AI score0.00101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Adobe Character Animator Buffer Overflow Vulnerability (CNVD-2022-54912)

Adobe Character Animator is a motion capture and animation tool from the American company Audobee Adobe. Adobe Character Animator suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a buff...

7.8CVSS7.9AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Samsung AppLinker Implicit Intent Hijacking Vulnerability

Samsung AppLinker is an application for Samsung mobile devices. Samsung AppLinker is vulnerable to an implicit intent hijacking vulnerability, which stems from the fact that when an implicit intent call is used, no restrictions are placed on the intent message recipient, and an attacker could use...

8.5CVSS3.5AI score0.00129EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Adobe RoboHelp Cross-Site Scripting Vulnerability (CNVD-2022-60077)

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe RoboHelp version 2020.0.7 and earlier, which stems from the program's lack of checksum filtering of user-supplied data and output...

6.1CVSS6AI score0.00592EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

SAP S/4HANA Input Validation Error Vulnerability

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from the German company SAP. SAP S/4HANA is vulnerable to an input validation error that stems from a lack of input validation in the management checkbook component, which could be exploited ...

5.3CVSS1.9AI score0.00568EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

WordPress Pricing Deals for WooCommerce plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Pricing Deals for WooCommerce plugin 2.0.2.02 and earlier versions are vulnerable to SQL...

9.8CVSS2.4AI score0.0666EPSS
Exploits2References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56595)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

6.5CVSS3.7AI score0.01475EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Anakin path traversal vulnerability

Anakin is a cross-platform, high-performance inference engine open-sourced by PaddlePaddle.Anakin 0.1.1 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be...

9.3CVSS3.6AI score0.01118EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57198)

Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery has an elevation of privilege vulnerability that could be exploited by an attacker to gain elevated privileges on the system...

5.5CVSS3.6AI score0.01475EPSS
Exploits0
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

flask-file-server path traversal vulnerability

flask-file-server is a file server with a front-end for browsing, uploading, and streaming files from Wildog Personal Developer. flask-file-server 2020-02-20 and earlier versions are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly...

9.3CVSS3.6AI score0.01118EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57194)

Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery elevation of privilege vulnerability can be exploited by attackers to gain elevated privileges on the system...

4CVSS5AI score0.01705EPSS
Exploits0
Total number of security vulnerabilities5000