Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2018/02/24 12:0 a.m.•66 views

Joomla! PrayerCenter SQL Injection Vulnerability

Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. The system provides RSS feeds, site search, etc. PrayerCenter is used in one of the prayer sharing components. A SQL injection vulnerability exists in Joomla! PrayerCenter version 3.0.2. ...

9.8CVSS7.8AI score0.58373EPSS
Exploits6References1
CNVD
CNVD
•added 2015/04/30 12:0 a.m.•66 views

Sensio Labs Symfony Security Bypass Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security bypass vulnerability exists in Sensio Labs...

6.8CVSS7AI score0.01365EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/03 12:0 a.m.•65 views

OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)

OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, which is implemented based on the Full Strength Common Cryptographic Library for protecting communications on computer networks from eavesdropping and is widely used by Intern...

3.9AI score0.92488EPSS
Exploits2Affected Software1
CNVD
CNVD
•added 2022/03/22 12:0 a.m.•65 views

Linux Kernel owner_on_cpu function denial of service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel owneroncpu function, which can be exploited by an attacker to cause a denial of service...

5.5CVSS5.7AI score0.01339EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/13 12:0 a.m.•65 views

Lua has an unspecified vulnerability

Lua is a lightweight, extensible open source scripting language from the Lua LUA team. Lua 5.4.4 and 5.4.2 have a security vulnerability that stems from a type obfuscation vulnerability in the funcnamefromcode function in lldebug.c, which can be exploited by an attacker to cause a local denial of...

5.5CVSS2.1AI score0.00418EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•65 views

Aruba Networks ArubaOS Path Traversal Vulnerability (CNVD-2021-70117)

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. The vulnerability is caused by a lack of validation and filtering of parameters, which could be exploited by an authenticated attacke...

6.5CVSS4.9AI score0.0099EPSS
Exploits0References1
CNVD
CNVD
•added 2016/01/26 12:0 a.m.•65 views

Gajim Message Interception Vulnerability

Gajim is a suite of free instant messaging software based on the Jabber communication protocol developed by the Gajim project. A security vulnerability exists in versions of Gajim prior to 0.16.5, which can be exploited by remote attackers to modify the roster and intercept messages with the help...

5.8CVSS5.8AI score0.01723EPSS
Exploits1References1
CNVD
CNVD
•added 2023/12/06 12:0 a.m.•64 views

Google Android Denial of Service Vulnerability (CNVD-2024-07124)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability due to a flaw in PersistableBundle.java's saveToXml, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.6AI score0.00136EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/11 12:0 a.m.•64 views

SQL Injection Vulnerability in e-cology of Shanghai Panmicro Network Technology Co. Ltd (CNVD-2023-65262)

E-cology is an OA office system made for large and medium-sized enterprises, supporting PC, mobile and WeChat simultaneous office and so on. E-cology of Shanghai Panmicro Network Technology Co., Ltd. suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensiti...

7.6AI score
Exploits0
CNVD
CNVD
•added 2022/06/30 12:0 a.m.•64 views

LDAP Account Manager File Upload Vulnerability

LDAP Account Manager is a web front-end for managing entries stored in LDAP directories e.g., users, groups, DHCP settings. file upload vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from a faulty regular expression that allows PHP scripts to be uploaded to th...

8.8CVSS3.6AI score0.0215EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/14 12:0 a.m.•64 views

Huawei Emui and Magic UI atcmdserver module integer underflow vulnerability

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI atcmdserver modules are vulnerable to integer underflow, which can be exploited by attackers to compromise integrity...

7.8CVSS4.7AI score0.00611EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/14 12:0 a.m.•64 views

Command Execution Vulnerability in Sunflower Personal Edition for Windows at Shanghai Berry Information Technology Co.

Sunflower is a free, all-in-one remote control management tool software that integrates remote control of computer and cell phone, remote desktop connection, remote boot, remote management, and intranet penetration support. Ltd. Sunflower Personal Edition for Windows has a command execution...

7.8AI score
Exploits0
CNVD
CNVD
•added 2021/08/03 12:0 a.m.•64 views

Telegram Cross-Site Scripting Vulnerability

Telegram is an instant messaging mobile application. version 0.6.1 of Telegram Web K Alpha is vulnerable to a cross-site scripting vulnerability that stems from the fact that Telegram Web K Alpha allows XSS to pass through document names. An attacker could exploit the vulnerability to execute...

6.1CVSS4.8AI score0.00619EPSS
Exploits0References1
CNVD
CNVD
•added 2020/04/02 12:0 a.m.•64 views

Apache HTTP Server Input Validation Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.41. The vulnerability arises from ...

6.1CVSS8.1AI score0.56691EPSS
Exploits0References1
CNVD
CNVD
•added 2015/05/01 12:0 a.m.•64 views

Sensio Labs Symfony PHP Code Injection Execution Vulnerability

Sensio Labs Symfony is a free, MVC-based PHP development framework. The Sensio Labs Symfony 'eval' function fails to adequately filter user input, allowing remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary code with WEB privileges...

6.8CVSS8AI score0.01365EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/18 12:0 a.m.•63 views

Delinea PAM Secret Server Security Bypass Vulnerability

Delinea PAM Secret Server is a key service manager from Delinea. A security bypass vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to gain unauthorized access to a created remote session...

8.4CVSS7.2AI score0.0059EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/25 12:0 a.m.•63 views

Linux kernel denial of service vulnerability (CNVD-2024-1476840)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a denial of service vulnerability that originates from the presence of a null pointer dereference in the function ath10kwmitlvoppullmgmttxcomplev. An...

5.5CVSS6.5AI score0.00283EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•63 views

File upload vulnerability exists in DM8 of Wuhan Damon Database Co.(CNVD-2023-25024)

DM8 is a new generation of self-developed database launched by Damon on the basis of summarizing the R&D and application experience of DM series products and adhering to the concepts of open innovation, simplicity and practicality. DM8 of Wuhan Damon Database Co., Ltd. has a file upload...

7.4AI score
Exploits0
CNVD
CNVD
•added 2022/11/05 12:0 a.m.•63 views

IBM Robotic Process Automation Resources Exposed to False Scope Vulnerability

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It can help you automate more business and IT processes at scale with the ease and speed of traditional RPA.IBM Robotic Process Automation for Cloud Pak suffers from a resource...

3.3CVSS1.8AI score0.00179EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/18 12:0 a.m.•63 views

Containous Traefik Trust Management Issue Vulnerability (CNVD-2022-13371)

Containous Traefik is a reverse proxy and load balancer from Containous, U.S. Containous Traefik is vulnerable to a trust management issue that stems from the fact that when a request is sent using an FQDN processed by a router configured with a dedicated TLS configuration, the TLS configuration...

7.5CVSS1.7AI score0.01688EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/09 12:0 a.m.•63 views

WordPress PDF.js Viewer plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress PDF.js Viewer plugin has a cross-site scripting vulnerability in versions prior to 2.0.2, whi...

5.4CVSS1.8AI score0.00604EPSS
Exploits2References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•63 views

Apache OpenOffice Access Control Error Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An Access Control Error vulnerability exists in Apache OpenOffice version 4.1.8, which stems from th...

7.8CVSS7.5AI score0.00545EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/26 12:0 a.m.•62 views

Apache Commons Configuration Out-of-Bounds Write Vulnerability

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

7.3CVSS7.6AI score0.02054EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/12 12:0 a.m.•62 views

Microsoft 3D Builder Remote Code Execution Vulnerability

Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...

7.8CVSS2.6AI score0.00939EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/26 12:0 a.m.•62 views

Linux kernel has unspecified vulnerabilities (CNVD-2023-06532)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel USB core subsystem has a security vulnerability that stems from incorrect access control and can be exploited by local attackers to crash the system...

5.5CVSS3.4AI score0.00317EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/24 12:0 a.m.•62 views

ISC BIND Denial of Service Vulnerability (CNVD-2024-16843)

ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a denial-of-service vulnerability that stems from a flaw in the resolver code that could cause naming to take an inordinate amount of time to process large delegates,...

5.3CVSS8AI score0.01495EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/30 12:0 a.m.•62 views

Tenda AC1206 Buffer Overflow Vulnerability

Tenda AC1206 is a wireless pass-through gigabit router from Tenda, China. tenda AC1206 V15.03.06.23 is vulnerable to a buffer overflow vulnerability caused by improper boundary checking of the fromAddressNat function. An attacker could exploit this vulnerability to overflow the buffer and execute...

9.8CVSS4.3AI score0.01013EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/22 12:0 a.m.•62 views

Apple iOS and iPadOS GPU Driver Buffer Overflow Vulnerability

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A buffer overflow vulnerability exists in iOS and iPadOS, which originates from a boundary error in the GPU...

7.8CVSS8AI score0.00646EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/07 12:0 a.m.•62 views

QEMU Resource Management Error Vulnerability (CNVD-2022-84160)

QEMU Quick Emulator is a set of emulation processor software by Fabrice Bellard, a French personal developer. A denial of service vulnerability exists in versions prior to QEMU 7.0.0, which stems from EHCI's failure to verify that the buffer pointer overlaps with its MMIO region when transferring...

8.2CVSS4.9AI score0.0053EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/17 12:0 a.m.•62 views

Lychee Cross-Site Scripting Vulnerability

Lychee is a beautiful and easy to use photo management system open sourced by The Lychee Organisation. Lychee has a cross-site scripting vulnerability, and no details of the vulnerability are available...

6.1CVSS1.3AI score0.00851EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/30 12:0 a.m.•62 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-21492)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by local users to gain unauthorized access to certain data...

4.4CVSS3.7AI score0.00515EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/18 12:0 a.m.•62 views

Linux kernel buffer overflow vulnerability (CNVD-2021-92971)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.15.2 and earlier versions have a security vulnerability that can be exploited by an attacker who can introduce a specially crafted device to trigger an out-of-bounds write via a specially...

6.7CVSS4.5AI score0.00513EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•62 views

Adobe Premiere Elements Memory Out-of-Bounds Access Vulnerability (NVD-C-2021-277709)

Adobe Premiere Elements is a video editing software application. 2021 build 19.0 and earlier versions of Adobe Premiere Elements contain a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...

9.3CVSS6.8AI score0.01646EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/06/17 12:0 a.m.•62 views

Mozilla Thunderbird Permissions and Access Control Issues Vulnerability

Mozilla Thunderbird is an open source email client. Mozilla Thunderbird is vulnerable to permission permission and access control issues, which stem from the way Mozilla maintenance services are installed on the Windows operating system. No detailed vulnerability details are currently available...

6.5CVSS3AI score0.01852EPSS
Exploits0References1
CNVD
CNVD
•added 2021/04/14 12:0 a.m.•62 views

WordPress plugin SQL injection vulnerability (CNVD-2021-34528)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Quiz And Survey Master â€" Best Quiz, Exam and Survey...

8.8CVSS7.5AI score0.01893EPSS
Exploits2References1
CNVD
CNVD
•added 2020/06/02 12:0 a.m.•62 views

OpenSSH Input Validation Error Vulnerability

OpenSSH OpenBSD Secure Shell is a set of connection tools from the OpenBSD Project Group for secure access to remote computers. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection hijacking, an...

7.5CVSS8.1AI score0.02267EPSS
Exploits0References1
CNVD
CNVD
•added 2025/05/20 12:0 a.m.•61 views

Command Execution Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel, providing full-featured GIS service publishing, management and aggregation capabilities, and supporting multi-level extension development. A command execution vulnerability exists in SuperMap...

7.5AI score
Exploits0
CNVD
CNVD
•added 2024/02/01 12:0 a.m.•61 views

Arbitrary File Read Vulnerability in Yonghong One-Stop Big Data BI Platform of Beijing Yonghong Business Intelligence Technology Co.

Yonghong One-Stop Big Data BI Platform is a one-stop big data analysis platform. Beijing Yonghong Business Intelligence Technology Co., Ltd. Yonghong One-Stop Big Data BI Platform suffers from an arbitrary file read vulnerability, which can be exploited by attackers to obtain sensitive informatio...

6.9AI score
Exploits0
CNVD
CNVD
•added 2023/07/20 12:0 a.m.•61 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65501)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server version 8.0.33 and prior versions, which can be exploited by attackers to cause MySQL Server to hang or crash frequently and repeatedly...

4.4CVSS6.3AI score0.01485EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/20 12:0 a.m.•61 views

Adobe Photoshop out-of-bounds read vulnerability (CNVD-2023-13727)

Adobe Photoshop is a set of image processing software from Adobe. Adobe Photoshop has an out-of-bounds read vulnerability that can be exploited by attackers to cause sensitive memory leaks...

5.5CVSS3.9AI score0.00325EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/09 12:0 a.m.•61 views

LibreNMS Command Injection Vulnerability (CNVD-2022-91160)

LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. LibreNMS v22.3.0 contains a command injection vulnerability that stems from the failure of the serviceip, hostname and serviceparam parameters to properly filter the construct command special...

9.8CVSS4.7AI score0.01664EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/12 12:0 a.m.•61 views

Microsoft Windows Push Notifications Elevation of Privilege Vulnerability

Microsoft Windows Push Notifications is a push notification service from Microsoft Corporation USA. It provides a reliable way to deliver new updates.Microsoft Windows Push Notifications suffers from an elevation of privilege vulnerability. The vulnerability stems from improper handling of...

7CVSS3.4AI score0.00686EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/14 12:0 a.m.•61 views

Tp-link Tapo C200 Command Injection Vulnerability

A command injection vulnerability exists in Tp-link Tapo C200 1.1.15 and previous firmware versions, which is caused by the presence of a uhttpd binary file that runs as root by default and lacks filtering and escaping. An unauthenticated attacker could use this vulnerability to execute system...

10CVSS4.3AI score0.72185EPSS
Exploits10References1
CNVD
CNVD
•added 2022/02/09 12:0 a.m.•61 views

Google Tensorflow code issue vulnerability (CNVD-2022-09866)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...

7.5CVSS7.4AI score0.0087EPSS
Exploits1References1
CNVD
CNVD
•added 2017/11/27 12:0 a.m.•61 views

CS-Cart administration section file upload vulnerability

CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions, customized promotional strategies, product filtering definitions, etc. The administration section is one of the management components. A file upload...

9CVSS7.4AI score0.01938EPSS
Exploits3References1
CNVD
CNVD
•added 2016/10/20 12:0 a.m.•61 views

Potrace de-zero error vulnerability

potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A divide-by-zero error vulnerability exists in potrace bitmap.h. A remote attacker can exploit this vulnerabili...

5.5CVSS7.8AI score0.01389EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/23 12:0 a.m.•60 views

IBM Navigator for i Unauthorized Access Vulnerability

IBM Navigator for i is a console interface from International Business Machines IBM used in IBMi to perform and manage critical tasks in IBMi. IBM Navigator for i in versions 7.3, 7.4, and 7.5 is vulnerable to unauthorized access, where authenticated users using this interface access their entitl...

4.3CVSS5.1AI score0.00989EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/20 12:0 a.m.•60 views

IBM AIX Denial of Service Vulnerability (CNVD-2023-00810)

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...

6.2CVSS6.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/05 12:0 a.m.•60 views

Apache UIMA path traversal vulnerability

Apache UIMA is a component-based software architecture from the Apache Foundation. A path traversal vulnerability exists in Apache UIMA 3.3.0 and earlier, which stems from relative path traversal and can be exploited to create files outside of a specified destination directory using carefully...

7.5CVSS3.5AI score0.01556EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/03 12:0 a.m.•60 views

OpenSSL Remote Code Execution Vulnerability (CNVD-2022-73348)

OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, a protocol implementation based on the Full Strength Common Cryptographic Library used to protect communications on computer networks from eavesdropping and widely used by...

2.9AI score0.9077EPSS
Exploits6Affected Software1
Total number of security vulnerabilities5000