Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/05/18 12:0 a.m.27 views

WordPress Pricing Table plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A SQL injection vulnerability exists in versions prior to WordPress Pricing Table s plugin 3.6.1, which stem...

9.8CVSS1.6AI score0.12455EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/17 12:0 a.m.27 views

WordPress Donations Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

5.4CVSS0.5AI score0.00538EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/17 12:0 a.m.27 views

Air Cargo Management System SQL Injection Vulnerability (CNVD-2022-58095)

Air Cargo Management System is an air cargo management system. version 1.0 of Air Cargo Management System is vulnerable to SQL injection, which originates from /acms/classes/Master.php?f=deletecargo missing filtering and An attacker can use this vulnerability to execute illegal SQL commands to...

7.2CVSS5.4AI score0.00929EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.27 views

Simple Client Management System SQL注入漏洞(CNVD-2022-57774)

Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Master. php?f=deletedesignation, the id parameter of t...

9.8CVSS4.4AI score0.01603EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.27 views

InHand Networks InRouter302信息泄露漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of effective protection of data by the router's configuration export feature. An attacker could exploit...

6.5CVSS3AI score0.00651EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.27 views

Online Sports Complex Booking System SQL注入漏洞(CNVD-2022-58670)

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. page=user/manageuser&id= lacks validation of external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data...

9.8CVSS5.2AI score0.01091EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.27 views

Simple Client Management System SQL注入漏洞(CNVD-2022-57773)

Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Master. php?f=deleteclient in the post request id...

9.8CVSS4.3AI score0.01603EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.27 views

Totolink N200RE and N100RE Cross-Site Scripting Vulnerability

Totolink N200RE and Totolink N100RE are routers from Totolink.Totolink N200RE and N100RE are vulnerable to cross-site scripting, which can be exploited by attackers to execute arbitrary web scripts or HTML...

6.1CVSS2.6AI score0.0053EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.27 views

InHand Networks InRouter302 Information Disclosure Vulnerability (CNVD-2022-59185)

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of the HttpOnly flag in the session cookie, which could be exploited by an attacker to The vulnerabilit...

7.5CVSS1.5AI score0.0099EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.27 views

Wedding Management System SQL注入漏洞

Wedding Management System is a wedding planning management system by John Paul Lim Gabule, a personal developer. version 1.0 of Wedding Management System is vulnerable to a SQL injection vulnerability in /Wedding-Management/package detail.php. The vulnerability is caused by a lack of validation o...

9.8CVSS4.6AI score0.00874EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/13 12:0 a.m.27 views

AMD System Management Unit Denial of Service Vulnerability

A denial of service vulnerability exists in AMD System Management Unit SMU, a system management unit of AMD, Inc. The vulnerability stems from an inadequate inspection of PCIE-related bindings in the System Management Unit SMU, which could be exploited by an attacker to exploit this vulnerability...

5.5CVSS3.6AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.27 views

D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64489)

The D-Link DIR-816 is a wireless router from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in the D-Link DIR-816 A2v1.10CNB04 firmware version, which originates from a boundary error in the proto parameter in /goform/form2IPQoSTcAdd when handling untrusted input. An attacker...

10CVSS9.8AI score0.03802EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.27 views

WordPress Ultimate Member plugin arbitrary redirection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The Ultimate Member plugin is a plugin used to create membership sites or online communities. The vulnerability redirects users to malicious websites for phishing and other attacks...

5.4CVSS2.5AI score0.00707EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/12 12:0 a.m.27 views

Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-60134)

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A remote code execution vulnerability exists in Microsoft Visual Studio that originates when a...

7.8CVSS8AI score0.0266EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/11 12:0 a.m.27 views

WordPress Ubigeo de Peru plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A SQL injection vulnerability exists in versions of the WordPress Ubigeo de Peru plugin prior to...

9.8CVSS2.2AI score0.09495EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/09 12:0 a.m.27 views

Jfinal CMS Command Injection Vulnerability

Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.0.1 has a command injection vulnerability, which originates from...

7.5CVSS4.5AI score0.01977EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/08 12:0 a.m.27 views

PartKeepr Cross-Site Scripting Vulnerability

PartKeepr is an inventory management software. Designed primarily for electronic components, PartKeepr version 1.4.0 suffers from a cross-site scripting vulnerability that stems from a lack of name parameters in multiple api ports of the edit module to filter user-supplied data and output data...

3.5CVSS3.3AI score0.0064EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

Rancher Labs Rancher Information Disclosure Vulnerability

Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, U.S. Rancher Labs Rancher is vulnerable to an information disclosure vulnerability that stems from exposing repository credentials to an external third-party source, which could be exploited ...

7.5CVSS1.7AI score0.00706EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

WordPress All In One WP Security

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress All In One WP Security...

4.7CVSS1.2AI score0.00726EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

NanoHTTPD Information Disclosure Vulnerability

NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...

5.5CVSS6.1AI score0.00289EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

F5 BIG-IP code issue vulnerability (CNVD-2022-77525)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP is vulnerable to a code issue that could be exploited by an attacker to cause a denial of service on the BIG-IP...

7.5CVSS4.4AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

Clam AntiVirus Memory Leak Vulnerability

Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats.Clam AntiVirus suffers from a memory leak vulnerability that can be exploited by unauthenticated remote attackers to cause a denial of service...

7.8CVSS5.1AI score0.0663EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

F5 BIG-IP has an unspecified vulnerability (CNVD-2022-77523)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial of service on the BIG-IP...

7.5CVSS5.6AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/07 12:0 a.m.27 views

WordPress Multiple Shipping Address Woocommerce plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The vulnerability stems from a failure to validate, clean up, and escape various user inputs before using...

9.8CVSS1.7AI score0.07866EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/06 12:0 a.m.27 views

JetBrains IntelliJ IDEA Access Control Error Vulnerability

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from Jetbrains Czech Republic.JetBrains IntelliJ IDEA versions prior to 2022.1 are vulnerable to an access control error vulnerability that stems from a flaw in source checking in the internal web server...

7.1CVSS3.2AI score0.00144EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/06 12:0 a.m.27 views

IBM UrbanCode Deploy Encryption Issue Vulnerability (CNVD-2022-63372)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in...

7.5CVSS2.1AI score0.00621EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.27 views

Delta Electronics DIAEnergie ReadRegIND SQL Injection Vulnerability (CNVD-2022-36021)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

10CVSS9.9AI score0.01138EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/29 12:0 a.m.27 views

Nextcloud Android app access control error vulnerability

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud Android app versions prior to 3.19.1 contain an access control error vulnerability that stems from improper access control, which is exploited by An authenticated attacke...

2.1CVSS3.8AI score0.00467EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/04/25 12:0 a.m.27 views

CGAL libcgal Code Execution Vulnerability (CNVD-2022-61368)

Laurent Rineau CGAL is an open source application by Laurent Rineau. It provides easy access to efficient and reliable geometric algorithms in the form of C libraries. CGAL libcgal suffers from a code execution vulnerability that stems from a specially formatted file that could lead to...

10CVSS4.1AI score0.02269EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/22 12:0 a.m.27 views

Samsung SMR code issue vulnerability (CNVD-2022-64247)

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR has a code issue vulnerability that can be exploited by an attacker to write out-of-bounds...

9.8CVSS9.6AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/22 12:0 a.m.27 views

Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64251)

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR suffers from an input validation error vulnerability that can be exploited by attackers to initiate certain activities...

8.5CVSS7.8AI score0.00134EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/21 12:0 a.m.27 views

Desire2Learn Learning Management System Access Control Error Vulnerability

An access control error vulnerability exists in Desire2Learn Learning Management System, a learning management system from Desire2Learn Canada, due to improper access controls. A remote attacker could disable the "Disable Right Click Control"...

5.8CVSS2.9AI score0.01692EPSS
Exploits1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows Installer Elevation of Privilege Vulnerability

Microsoft Windows Installer is a component of the Windows operating system from Microsoft. It provides a standard basis for installing and uninstalling software. An elevation of privilege vulnerability exists in Microsoft Windows Installer. The vulnerability stems from an incorrect programmatic...

7.8CVSS8.2AI score0.00963EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60117)

Microsoft Edge is a web browser that comes with versions of Windows 10 and later, and an elevation of privilege vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to elevate privileges...

8.3CVSS5.5AI score0.01742EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Huawei EMUI Information Disclosure Vulnerability (CNVD-2022-64484)

Huawei EMUI is an Android-based mobile operating system developed by the Chinese company Huawei Huawei. Huawei EMUI suffers from an information disclosure vulnerability, which is caused by an unauthorized rewrite vulnerability in the memory access management module on the ACPU. An attacker can...

5.5CVSS5.2AI score0.00179EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84117)

Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...

9CVSS6.9AI score0.03415EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84610)

Microsoft Windows is a set of operating systems for personal devices used by the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...

8.5CVSS6.7AI score0.01841EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows SMB Remote Code Execution Vulnerability (CNVD-2022-74596)

Microsoft Windows SMB Server is a network file sharing protocol from Microsoft Corporation USA. It allows applications on a computer to read and write files and request services from server programs on the computer network.A remote code execution vulnerability exists in Microsoft Windows SMB. An...

7.5CVSS4.3AI score0.01936EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.27 views

Microsoft Windows Print Spooler Elevation of Privilege Vulnerability (CNVD-2022-84604)

Microsoft Windows is an operating system for personal devices, Microsoft Windows Server is a server operating system, and Windows Print Spooler is one of the print spoolers. An elevation of privilege vulnerability exists in Microsoft Windows Print Spooler due to a flaw in the print spooler...

7.8CVSS6.2AI score0.01943EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.27 views

Samsung SMR null pointer dereference vulnerability

Samsung SMR is a system patch package from South Korea's Samsung Samsung. Samsung SMR is vulnerable to a null pointer dereference vulnerability that can be exploited by attackers to cause out-of-bounds writes...

9.8CVSS4AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.27 views

Samsung Smart Switch PC DLL hijacking vulnerability

Samsung Smart Switch PC is a Windows software from Samsung, a South Korean company, used for data transfer. A security vulnerability exists in previous versions of Samsung Smart Switch PC 4.2.220224, which can be exploited by attackers to execute arbitrary code...

7.8CVSS4.6AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.27 views

Jenkins Mask Passwords Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

5.4CVSS1.2AI score0.00798EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.27 views

Samsung SMR Buffer Overflow Vulnerability (CNVD-2022-63646)

Samsung SMR is a system patch package from South Korea's Samsung Samsung. A buffer overflow vulnerability exists in versions prior to Samsung SMR Apr-2022 Release 1, which stems from incorrect boundary checking in libsflvextractor's sflvdrdbufbits function. An attacker could exploit this...

4.4CVSS5.7AI score0.00095EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/08 12:0 a.m.27 views

ASUS RT-AC86U Command Injection Vulnerability

The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands and interrupt or terminate services...

8.8CVSS8.1AI score0.00842EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.27 views

WordPress Library File Manager plugin跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Library File Manager plugin has a cross-site request forgery vulnerability, which stems from the fact that the plugin uses a...

5.5CVSS3.2AI score0.01231EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/04/07 12:0 a.m.27 views

SWHKD Resource Management Error Vulnerability

SWHKD is a display protocol-independent hotkey daemon made in Rust. SWHKD has a security vulnerability that stems from insecure parsing and can be exploited by an attacker to cause a simple denial of service memory exhaustion when attempting to parse large or unlimited files such as blocks or...

5.3CVSS3.5AI score0.00822EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/06 12:0 a.m.27 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60122)

Microsoft Edge Chromium-based is vulnerable to an elevation-of-privilege vulnerability in Microsoft Edge, a web browser that ships with Windows 10 and later. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges...

8.3CVSS4AI score0.01742EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/02 12:0 a.m.27 views

Delta Electronics DIAEnergie Code Issue Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A code issue...

7.8CVSS2AI score0.00235EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.27 views

TOTOLINK EX300_v2 and EX1200T Access Control Error Vulnerability

TOTOLINK EX300 is a 300 Mbps wireless N range extender from TotoLink, China, and TOTOLINK EX1200T is a Wi-Fi range extender from Gion Electronics TOTOLINK, China.An access control error vulnerability exists in TOTOLINK EX300v2 and EX1200T. The vulnerability stems from the fact that the device web...

8.8CVSS2.8AI score0.04263EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.27 views

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57828)

ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program does not filter user input and can be exploited by remote attackers to execute scripts in the user's browse...

6.1CVSS5.4AI score0.00873EPSS
Exploits1References1
Total number of security vulnerabilities5000