Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/11/19 12:0 a.m.•27 views

Apache Druid LoadData has an arbitrary file reading vulnerability

A security vulnerability exists in Apache Druid, a column-oriented open source distributed database written in Java by the Apache Foundation, which stems from the fact that InputSource is used to read data from a data source in the Druid ingestion system. However, the HTTP InputSource allows an...

6.5CVSS1.7AI score0.81038EPSS
Exploits3References1
CNVD
CNVD
•added 2021/11/17 12:0 a.m.•27 views

Google Chrome cache security bypass vulnerability

Google Chrome is a web browser from Google, Inc. Google chrome has a security vulnerability that can be exploited by attackers to bypass security restrictions...

6.5CVSS4.5AI score0.00831EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/17 12:0 a.m.•27 views

Google Chrome V8 Code Execution Vulnerability (CNVD-2021-91296)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by type obfuscation in V8. An attacker could exploit the vulnerability to execute arbitrary code on the system...

8.8CVSS3.9AI score0.00912EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/16 12:0 a.m.•27 views

Nim code issue vulnerability

Nim is a statically typed programming language from the Nim community. nim has a code issue vulnerability that can be exploited by attackers to bypass checks and launch SSRF attacks using null bytes...

3.6AI score
Exploits0References1
CNVD
CNVD
•added 2021/11/16 12:0 a.m.•27 views

Laravel Framework has an unspecified vulnerability

Laravel Framework is a PHP-based web application development framework from Taylor Otwell, a personal developer.A security vulnerability exists in versions of Laravel Framework prior to 8.70.2, which stems from the fact that the framework does not adequately prevent the upload of executable PHP...

9.8CVSS2.2AI score0.1981EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/13 12:0 a.m.•27 views

Airangel Hsmx Gateway Cross-Site Request Forgery Vulnerability

Airangel Hsmx Gateway is a platform from Airangel UK, Inc. used to manage authentication and billing in the network.A cross-site request forgery vulnerability exists in Airangel Hsmx Gateway prior to 5.2.04, which stems from a WEB application that does not adequately verify that the request is fr...

6.5CVSS1.9AI score0.00412EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•27 views

Microsoft Windows COM Remote Code Execution Vulnerability

Microsoft Windows COM is a technology from Microsoft Corporation USA designed to reuse software.COM is described as a platform-independent, decentralized, object-oriented system for creating interactive binary software components.Microsoft Windows COM is vulnerable to a remote code execution...

8.8CVSS3.4AI score0.0191EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/11 12:0 a.m.•27 views

JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91662)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that stemmed from...

7.5CVSS2.9AI score0.00739EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/08 12:0 a.m.•27 views

BlueZ Resource Management Error Vulnerability

BlueZ is a Bluetooth protocol stack written in C, which is primarily used to provide support for the core Bluetooth layer and protocol. a resource management error vulnerability exists in BlueZ, which stems from the failure of the D-Bus in the product's gatt-database.c file to properly handle...

9.1CVSS1.3AI score0.01544EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/05 12:0 a.m.•27 views

Cisco Small Business RV Series Routers Command Injection Vulnerability

Cisco Small Business RV Series Routers is an RV Series router from Cisco, U.S.A. A command injection vulnerability exists in Cisco Small Business RV Series Routers, which stems from a network system or product that does not properly authenticate incoming data. An authenticated remote attacker wit...

9CVSS5.8AI score0.01935EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/04 12:0 a.m.•27 views

Huawei HarmonyOS post-release usage vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS 2.0 previously had a security vulnerability that could be exploited by a local attacker to cause a kernel information leak...

5.5CVSS1.7AI score0.00161EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/01 12:0 a.m.•27 views

GitLab Input Validation Error Vulnerability (CNVD-2021-91177)

GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an input validation error that could be exploited to set a pipeline plan to be active in a project export, so that an owner could import t...

6CVSS3.4AI score0.00984EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/28 12:0 a.m.•27 views

Nextcloud Contacts Cross-Site Scripting Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud Contacts application prior to version 4.0.3 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side...

6.4CVSS2.7AI score0.00504EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•27 views

Adobe After Effects Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-89934)

Adobe After Effects "AE" is a graphics video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier versions...

9.3CVSS6.4AI score0.02315EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•27 views

Adobe Media Encoder null pointer dereference vulnerability (CNVD-2021-92004)

Adobe Media Encoder, a video and audio encoding application, is vulnerable to a null pointer dereference in Adobe Media Encoder 15.4.1 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service for the application...

5.5CVSS5AI score0.0114EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•27 views

Adobe Media Encoder Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92007)

Adobe Media Encoder, a video and audio encoding application, is vulnerable to an out-of-bounds memory buffer access vulnerability in Adobe Media Encoder 15.4.1 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

9.3CVSS7.2AI score0.01932EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/26 12:0 a.m.•27 views

Apache Storm code issue vulnerability

Apache Storm is a free and open source distributed real-time computing system. Apache Storm code issue vulnerability. An attacker could exploit the vulnerability to achieve remote code execution...

9.8CVSS3.8AI score0.65587EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/24 12:0 a.m.•27 views

Atlassian Jira Access Control Error Vulnerability (CNVD-2021-103654)

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...

5.3CVSS4.3AI score0.01272EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/22 12:0 a.m.•27 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17695)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA.Oracle MySQL Cluster 8.0.26 and prior versions of Cluster: ndbcluster/plugin DDL component is vulnerable to an input validation error. which can be exploited by attackers...

4.3CVSS3.7AI score0.00978EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/22 12:0 a.m.•27 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17696)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster 8.0.26 and earlier versions of the Cluster: General component are vulnerable to an input validation error that could be exploited by an attacker to...

4.3CVSS3.7AI score0.01497EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•27 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84808)

Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Profiles in versions prior to Google Chrome 95.0.4638.54. A remote attacker exploited this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS4.5AI score0.00827EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•27 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84810)

Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit the vulnerability to exploit heap corruption via a crafted HTML page...

8.8CVSS3.3AI score0.00875EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•27 views

Google Chrome Blink improperly implemented vulnerability (CNVD-2021-84806)

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper Blink implementation. An attacker could exploit this vulnerability to abuse content security policies via crafted HTML pages...

6.5CVSS4.3AI score0.00797EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•27 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80260)

A security vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.26 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...

4.9CVSS4.4AI score0.02068EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•27 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81781)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...

5.3CVSS5.2AI score0.02126EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•27 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80247)

Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: PS component of Oracle MySQL Server 8.0.26 and earlier. An attacker could exploit this vulnerability to perform a denial of service DoS attack...

6.8CVSS3.3AI score0.01999EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•27 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80250)

A security vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.26 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...

4.9CVSS4.4AI score0.01935EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•27 views

Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability (CNVD-2021-81804)

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. An information...

4.3CVSS5.8AI score0.04104EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•27 views

Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81805)

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. A denial of servic...

5.3CVSS5.8AI score0.06218EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•27 views

Oracle E-Business Suite Denial of Service Vulnerability (CNVD-2022-02355)

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

6.5CVSS1.2AI score0.00487EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/15 12:0 a.m.•27 views

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2021-90909)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A reflective cross-site scripting vulnerability exists in the generic user interface of versions of Nagios XI prior to 5.8.4. An...

6.1CVSS2.7AI score0.04289EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/10 12:0 a.m.•27 views

Apache OpenOffice XML External Entity Injection Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. Apache OpenOffice in version 4.1.10 and earlier versions of the existence of XML external entity...

6.5CVSS6.6AI score0.03423EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/10 12:0 a.m.•27 views

IBM Sterling B2B Integrator SQL Injection Vulnerability (CNVD-2021-87020)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition in versions...

9.8CVSS3AI score0.01097EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•27 views

Adobe Framemaker Buffer Overflow Vulnerability (CNVD-2021-102812)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a buffer error vulnerability that originates when a networked system or product...

4.3CVSS5.7AI score0.01453EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/29 12:0 a.m.•27 views

Irfanview infinite loop vulnerability

IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from an infinite loop vulnerability that can be exploited by attackers to cause a denial of service DOS...

5.5CVSS4.1AI score0.00638EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/29 12:0 a.m.•27 views

Siemens Solid Edge Information Disclosure Vulnerability

Solid Edge is a 3D CAD, parametric feature and synchronous technology solid modeling software. information disclosure vulnerability exists in previous versions of Siemens Solid Edge SE2021MP8. An attacker could exploit the vulnerability to obtain information via specially crafted OBJ files...

4.3CVSS2.9AI score0.00935EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/24 12:0 a.m.•27 views

VMware vCenter Server Path Traversal Vulnerability

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...

7.5CVSS2AI score0.01602EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/24 12:0 a.m.•27 views

VMware vCenter Server Information Disclosure Vulnerability (CNVD-2021-74283)

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...

7.5CVSS2.7AI score0.01629EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/24 12:0 a.m.•27 views

VMware vCenter Server Information Disclosure Vulnerability (CNVD-2021-74279)

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. An information disclosure vulnerabili...

5.5CVSS6.1AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•27 views

FFmpeg buffer overflow vulnerability (CNVD-2021-74089)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in Ffmpeg that can be exploited by attackers to cause a denial of service or other unspecified impact...

8.8CVSS8.4AI score0.01182EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•27 views

libslax code issue vulnerability

libslax is an open-source implementation of the SLAX language. libslax is vulnerable to a code problem caused by a null pointer dereference in the function slaxLexer in slaxLexer .c, which can be exploited to cause a denial of service...

6.5CVSS3.2AI score0.00829EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•27 views

FAAD2 Heap Buffer Overflow Vulnerability (CNVD-2021-89951)

Freeware Advanced Audio Decoder 2 FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder licensed under the GPLv2 license. a heap buffer overflow vulnerability exists in the stszin function in mp4read.c in FAAD2 version 2.10.0 and earlier. An attacker could exploit this vulnerability to execute co...

7.8CVSS5AI score0.01218EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•27 views

JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09219)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...

7.5CVSS1.9AI score0.00622EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•27 views

Google Chrome Offline Code Execution Vulnerability

Google Chrome Offline is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Offline. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.7AI score0.01157EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•27 views

libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78430)

libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the ffhevcputunweightedpred8sse function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...

8.8CVSS4.8AI score0.01687EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•27 views

Adobe InDesign out-of-bounds read vulnerability (CNVD-2021-85268)

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for typesetting and editing of various printed materials. Adobe InDesign suffers from an out-of-bounds read vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS5.1AI score0.00265EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•27 views

Adobe Acrobat/Reader Type Obfuscation Vulnerability (CNVD-2021-85264)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from a type obfuscation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS4.8AI score0.1134EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•27 views

Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2021-94912)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS6.1AI score0.16828EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•27 views

Adobe Acrobat/Reader Stack Buffer Overflow Vulnerability (CNVD-2021-94917)

Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a stack buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...

6.1CVSS5.3AI score0.02509EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•27 views

Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2022-04518)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS4AI score0.64297EPSS
Exploits0References1
Total number of security vulnerabilities5000