Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Pexip Infinity Resource Management Error Vulnerability (CNVD-2022-54730)

Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain a resource management error vulnerability that can be exploited by remote, unauthenticated attackers to cause a software crash and denial of service...

7.5CVSS4.6AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54737)

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity is vulnerable to an input validation error that could be exploited by attackers to trigger a software abort via the session...

7.5CVSS3.1AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54731)

Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...

7.5CVSS4.5AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

WordPress OAuth Single Sign On plugin authorization issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

5.3CVSS5.1AI score0.00988EPSS
Exploits2References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54733)

Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...

7.5CVSS4.5AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.28 views

HUAWEI HarmonyOS Denial of Service Vulnerability (CNVD-2022-53575)

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS AI business component, which stems from the fact that hiaiserver does not do...

7.5CVSS7.4AI score0.0063EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.28 views

Samsung TelephonyUI Access Control Error Vulnerability (CNVD-2022-70745)

An access control error vulnerability exists in Samsung TelephonyUI, a Telephony service for Samsung mobile devices in South Korea that provides support for the Telephony Application Programming Interface TAPI. The vulnerability stems from a lack of proper permission checking in TelephonyUI, whic...

6.2CVSS1.9AI score0.00094EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

FFmpeg HEVC video decoder denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in FFmpeg HEVC video decoder, which can be exploited by attackers to cause a denial of service attack...

5.5CVSS5.3AI score0.00645EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

BaiduWenkuSpider_flaskWeb path traversal vulnerability

BaiduWenkuSpiderflaskWeb is a python web project based on the FlaskFrame framework for crawling Baidu's library by ChangeWeDer personal developer. path traversal vulnerability exists in versions of BaiduWenkuSpiderflaskWeb prior to 2021-11-29, which The vulnerability stems from a failure of the...

9.3CVSS2.9AI score0.01398EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

Unspecified vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite (CNVD-2022-84613)

Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...

9.8CVSS0.9AI score0.01045EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

WordPress Pricing Deals for WooCommerce plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Pricing Deals for WooCommerce plugin 2.0.2.02 and earlier versions are vulnerable to SQL...

9.8CVSS2.4AI score0.07942EPSS
Exploits2References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56577)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

4.9CVSS3.7AI score0.0208EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56595)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

6.5CVSS3.7AI score0.01763EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56592)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

4.9CVSS3.7AI score0.0208EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/12 12:0 a.m.28 views

Vim Buffer Overflow Vulnerability (CNVD-2022-68100)

Vim is a cross-platform text editor. buffer overflow vulnerability exists in versions of Vim prior to 9.0.0045, which stems from a boundary error in the inscompladd function when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS6.4AI score0.01225EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/08 12:0 a.m.28 views

EQS Integrity Line Cross-Site Scripting Vulnerability

EQS Integrity Line is a secure and anonymous reporting software from EQS Germany. EQS Integrity Line suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code on the client side...

6.1CVSS6.1AI score0.01459EPSS
Exploits3References1
CNVD
CNVD
added 2022/07/08 12:0 a.m.28 views

Multiple MediaTek Chips Autoboot Access Control Error Vulnerability

MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...

7.8CVSS7.7AI score0.00099EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/07 12:0 a.m.28 views

OpenCTI Cross-Site Scripting Vulnerability

OpenCTI is OpenCTI's open cyber threat intelligence platform. A cross-site scripting vulnerability exists in OpenCTI version 5.2.4 and earlier versions, which can be exploited by an attacker to upload a malicious file and then execute the file when the victim opens the file location...

5.4CVSS5.2AI score0.00484EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.28 views

Hospital Management System SQL Injection Vulnerability (CNVD-2022-74093)

Hospital Management System is a computer system that helps manage health care-related information and helps health care providers do their jobs efficiently. hospital Management System v1.0 is vulnerable to a SQL injection vulnerability that originates in the orders.php page's An SQL injection iss...

7.5CVSS1.6AI score0.01532EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/07/05 12:0 a.m.28 views

TOTOLINK T6 FUN_00413be4 function stack overflow vulnerability

TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK.A stack overflow vulnerability exists in TOTOLINK T6 V4.1.9cu.5179B20201015 version, which stems from the desc parameter in the FUN00413be4 function not checking its length for input data. A remote attacker can exploi...

7.5CVSS5.2AI score0.01055EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.28 views

TOTOLINK T6 FUN_00412ef4 function stack overflow vulnerability

TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK.A stack overflow vulnerability exists in TOTOLINK T6 V4.1.9cu.5179B20201015 version, which stems from the desc parameter in the FUN00412ef4 function not checking its length for input data. A remote attacker can exploi...

7.5CVSS5.2AI score0.01055EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/04 12:0 a.m.28 views

Jenkins Deployment Dashboard Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. stored in the global configuration file of the Jenkins controller, and an...

4.3CVSS1.7AI score0.00557EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/04 12:0 a.m.28 views

Jenkins Rich Text Publisher Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from not escaping HTML messages set by its post-build...

3.5CVSS0.4AI score0.00567EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/07/01 12:0 a.m.28 views

Orwell-Dev-Cpp Hijacking Vulnerability

Orwell-Dev-Cpp is a free, portable, fast and simple C/C++ IDE. A hijacking vulnerability exists in Orwell-Dev-Cpp v5.11, which can be exploited by an attacker to execute arbitrary code via a specially crafted exe file...

7.8CVSS7.8AI score0.00391EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.28 views

WordPress Tiny Contact Form plugin跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress plugin is an application plugin. WordPress Tiny Contact Form plugin version 0.7 and earlier is vulnerable to cross-site request forgery, which stems from the plugin's failure to perform CSRF checks when...

4.3CVSS2.9AI score0.00412EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.28 views

Unspecified vulnerability in Secheron SEPCOS Control and Protection Relay

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A security vulnerability exists in the Secheron SEPCOS Control and...

7.8CVSS2AI score0.01159EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.28 views

Red Hat OpenShift Cross-Site Scripting Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat that supports building, testing, deploying, and running applications. JavaScript code on the client side...

3.5CVSS7.2AI score0.00909EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/24 12:0 a.m.28 views

Jenkins ThreadFix Plugin Authorization Issues Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. An authorization issue...

6.5CVSS6.5AI score0.00574EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/24 12:0 a.m.28 views

Jenkins Hidden Parameter Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to escape the name and description of t...

3.5CVSS1.4AI score0.00606EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/23 12:0 a.m.28 views

Contec SolarView Compact Cross-Site Scripting Vulnerability (CNVD-2022-61892)

Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a cross-site scripting vulnerability that originates in the component SolarAiConf.php, which lacks a data validation filter for user-supplied data and output. An attacker could exploit this...

6.1CVSS3.1AI score0.05119EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/23 12:0 a.m.28 views

Hindu Matrimonial Script Information Disclosure Vulnerability (CNVD-2022-61037)

A security vulnerability exists in Hindu Matrimonial Script, an online matrimonial service website of PHP Matrimonial Script India, which stems from improper privilege management in /admin/payment.php. No details of the vulnerability are currently available...

8.8CVSS2.1AI score0.00797EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/23 12:0 a.m.28 views

Autodesk AutoCAD Buffer Error Vulnerability (CNVD-2022-61611)

Autodesk AutoCAD is a professional 3D drawing software from Autodesk, Inc. A security vulnerability exists in Autodesk AutoCAD 2023 and prior versions, which stems from the fact that when parsing TIFF files, an attacker could be forced to read or write beyond the allocated boundaries and could us...

7.8CVSS5.5AI score0.00727EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/23 12:0 a.m.28 views

Autodesk AutoCAD Resource Management Error Vulnerability

Autodesk AutoCAD is a professional 3D drawing software from Autodesk, Inc. Autodesk AutoCAD versions 2022, 2021, 2020 and 2019 have a security vulnerability that could be exploited by attackers to execute arbitrary code...

7.8CVSS6.2AI score0.00764EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/22 12:0 a.m.28 views

WordPress Cross-Linker plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Cross-Linker plugin prior to 3.0.1.9 are vulnerable to cross-site reque...

6.5CVSS2.2AI score0.00513EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/22 12:0 a.m.28 views

WordPress Amazon single title links plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Einzeltitellinks plugin 1.3.3 and earlier versions are vulnerable to cross-site...

6.5CVSS1.9AI score0.00393EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/21 12:0 a.m.28 views

Online Ordering System SQL Injection Vulnerability (CNVD-2022-55711)

Online Ordering System is a multi-store ordering system that can be used by any small business.Online Ordering System version v2.3.2 is vulnerable to SQL injection, which originates from /ordering/index.php?q=category&search=Lack of validation of external input SQL statement validation, an attack...

9.8CVSS5AI score0.01026EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.28 views

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-76631)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator suffers from an out-of-bounds read vulnerability, which stems from a boundary error when handling untrusted input. An attacker could use this vulnerability to obtain sensitive information...

5.5CVSS3.6AI score0.01987EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/20 12:0 a.m.28 views

Adobe Illustrator Code Execution Vulnerability

Adobe Illustrator is a vector-based image creation software from Adobe, Inc. A code execution vulnerability exists in Adobe Illustrator, which stems from improper input validation and could be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

7.8CVSS4AI score0.00402EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.28 views

WordPress plugin Elementor Website cross-site scripting vulnerability

WordPress is a set of blogging platform developed using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin Elementor Website 3.5.5 and previous versions have a cross-site scripting vulnerability, which can be exploited by attackers to...

6.1CVSS2.3AI score0.2318EPSS
Exploits7References1
CNVD
CNVD
added 2022/06/14 12:0 a.m.28 views

IBM Spectrum Copy Data Management反向钓鱼攻击漏洞

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, is vulnerable to a phishing attack in IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0. The vulnerability stems from allowing pages linked to from...

3.5CVSS3AI score0.00541EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/14 12:0 a.m.28 views

IBM Spectrum Copy Data Management跨站请求伪造漏洞

IBM Spectrum Copy Data Management, an IBM company that modernizes, simplifies and automates data center copy management processes, is vulnerable to cross-site request forgery in IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0. An attacker could exploit the vulnerability to...

6.8CVSS4.1AI score0.00319EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/14 12:0 a.m.28 views

Google Android out-of-bounds write vulnerability (CNVD-2022-53385)

Google Android is a Linux-based open source operating system from Google, Inc. An out-of-bounds write vulnerability exists in Google Android, which originates in transportDecOutOfBandConfig in tpdeclib.cpp, due to a heap buffer overflow. An attacker can exploit this vulnerability to remotely...

10CVSS3.9AI score0.0839EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/14 12:0 a.m.28 views

Fastjson code execution vulnerability

Fastjson is a Java-based fast JSON parser/generator. versions prior to Fastjson 1.2.83 have a security vulnerability that stems from the ease of bypassing the default autoType off restriction to deserialize untrusted data, which is exploited by attackers to cause code execution...

9.8CVSS6.2AI score0.17767EPSS
Exploits5References1
CNVD
CNVD
added 2022/06/12 12:0 a.m.28 views

Microsoft Windows 10 suffers from an elevation of privilege vulnerability (CNVD-2022-51747)

Microsoft Windows 10 is a suite of operating systems for use on personal computers from the American company Microsoft. Microsoft Windows 10 suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain server privileges...

7.8CVSS8.2AI score0.00668EPSS
Exploits0
CNVD
CNVD
added 2022/06/09 12:0 a.m.28 views

Wedding Management System SQL Injection Vulnerability (CNVD-2022-54285)

Wedding Management System v1.0 is a wedding planning management system by John Paul Lim Gabule, a personal developer, and a SQL injection vulnerability in /Wedding-Management/admin/. clientmanageaccountdetails.php?bookingid=31&userid page lacks validation for external input SQL statements, which...

7.2CVSS4.3AI score0.00958EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.28 views

Elitecms arbitrary file deletion vulnerability

Elitecms is a web content management from elitecms India. elitecms version 1.01 has an arbitrary file deletion vulnerability that can be exploited by attackers to delete any file...

6.5CVSS5AI score0.01047EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.28 views

ChatBot App with Suggestion Arbitrary File Deletion Vulnerability

ChatBot App with Suggestion is a ChatBot application with suggestion by Carlo Montero's personal developer. v1.0 of ChatBot App with Suggestion is vulnerable to an arbitrary file deletion vulnerability that originates in /simplechatbot/ classes/Master.php lacks valid validation for filenames, whi...

6.5CVSS3.2AI score0.00928EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.28 views

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. service.php?id=The page lacks validation for external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

9.8CVSS4.9AI score0.01081EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/07 12:0 a.m.28 views

Pillow Buffer Overflow Vulnerability (CNVD-2022-66671)

Pillow, a Python-based image processing library, is vulnerable to a buffer overflow vulnerability in Pillow version 9.1.0, which stems from a boundary error when processing TGA files. A remote attacker could exploit this vulnerability to pass specially designed data to the application, trigger a...

7.5CVSS6.9AI score0.01923EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/06/05 12:0 a.m.28 views

Illumina Local Run Manager Access Control Error Vulnerability

Illumina Local Run Manager is an integrated solution from Illumina, Inc. Designed to create sequencing runs, monitor run status, analyze sequencing data, and view results, Illumina Local Run Manager is vulnerable to an access control error that could be exploited by remote attackers to gain...

9.1CVSS3.7AI score0.01024EPSS
Exploits0References1
Total number of security vulnerabilities5000