Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/01/27 12:0 a.m.•27 views

SourceCodester Hospital Patient Records Management System Cross-Site Scripting Vulnerability

SourceCodester Hospital Patient Records Management System is a web-based PHP application that provides an automated platform for hospitals to store and manage their patient records. A cross-site scripting vulnerability exists in version 1.0 of the Management System. The vulnerability is related t...

5.4CVSS0.9AI score0.00839EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/27 12:0 a.m.•27 views

FreeCAD ODA Command Injection Vulnerability

FreeCad is a free and open source general-purpose parametric 3D Cad modeler from the FreeCad community and supports the finite element method of building information modeling software. A command injection vulnerability exists in FreeCAD version 0.19, which stems from improper cleanup when calling...

7.8CVSS7.5AI score0.01102EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/25 12:0 a.m.•27 views

phpMyAdmin Authorization Issues Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin, which stems...

4.3CVSS5.1AI score0.00738EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/25 12:0 a.m.•27 views

Google Chrome Buffer Overflow Vulnerability (CNVD-2022-15141)

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which could be exploited by attackers to convince users to install malicious extensions to potentially exploit heap corruption via well-designed HTML pages...

7.8CVSS4AI score0.00454EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/25 12:0 a.m.•27 views

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-13053)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. Oracle MySQL Cluster is vulnerable to buffer overflow, which can be exploited to...

2.9CVSS2.7AI score0.01443EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/25 12:0 a.m.•27 views

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-18211)

MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database designed to guarantee 99.999% availability. A buffer overflow vulnerability exists in Oracle MySQL Cluster, which can be exploited by an attacker to execute code in the context of a service account...

6.3CVSS6.2AI score0.02795EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/25 12:0 a.m.•27 views

Adobe Acrobat Reader Dc Buffer Overflow Vulnerability (CNVD-2022-11156)

Adobe Acrobat Reader Dc is a Pdf reading tool from Adobe. Adobe Acrobat Reader Dc suffers from a buffer error vulnerability that originates from a boundary error when handling untrusted input. An attacker could exploit this vulnerability to create a specially crafted PDF file, trick the victim in...

7.8CVSS7.6AI score0.12264EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/25 12:0 a.m.•27 views

AppCMS Cross-Site Scripting Vulnerability (CNVD-2022-08032)

AppCMS is a content management system CMS for mobile application downloads. a cross-site scripting vulnerability exists in AppCMS, which stems from the lack of proper validation of client-side data in the WEB application. An attacker could exploit this vulnerability to execute client-side code...

6.1CVSS3.4AI score0.02542EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/24 12:0 a.m.•27 views

Oracle GraalVM Input Validation Error Vulnerability

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...

5.3CVSS4.2AI score0.03216EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/23 12:0 a.m.•27 views

PhpIPAM Cross-Site Scripting Vulnerability (CNVD-2022-08175)

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM in v1.4.4 is vulnerable to a cross-site scripting vulnerability that stems from a lack of user-supplied data and output data validation filtering in the Site title parameter when updating site settings. ...

4.8CVSS2AI score0.00621EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/18 12:0 a.m.•27 views

IBM FileNet Content Manager Command Injection Vulnerability

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from IBM of America. The solution combines document management with ready-to-use workflow tools to manage images, videos, Web content, compliance documents, etc. IBM FileNet Content Manager in versions 5.5.4,...

9CVSS6.1AI score0.01761EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/18 12:0 a.m.•27 views

ZOHO ManageEngine Desktop Central Licensing Issue Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management...

9.1CVSS2.3AI score0.24195EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•27 views

Clam AntiVirus Input Validation Error Vulnerability (CNVD-2022-64263)

Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats.Clam AntiVirus suffers from an input validation error vulnerability that can be exploited by attackers to implement denial of service attacks...

7.5CVSS5AI score0.03061EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•27 views

Pexip Infinity has an unspecified vulnerability

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. Pexip Infinity has a security vulnerability that could be exploited by an attacker to allow a temporary remote denial of service abort...

7.5CVSS3.5AI score0.01245EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•27 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-05041)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. kernel is one of the kernel-based virtual machines. a security vulnerability exists in Linux kernel, which stems from the fact that guest users can force the Linux netback driver to consume large amounts...

6.5CVSS2.1AI score0.00332EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/13 12:0 a.m.•27 views

Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2022-08470)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

6.7CVSS6.9AI score0.00479EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/13 12:0 a.m.•27 views

Adobe Bridge resource management error vulnerability

Adobe Bridge is a file viewer from Adobe, Inc. Adobe Bridge is vulnerable to a resource management error that originates from a use-after-free error when processing files. A remote attacker could use the vulnerability to trick victims into opening specially crafted files, trigger a use-after-free...

5.5CVSS3.5AI score0.02742EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/12 12:0 a.m.•27 views

Adobe Acrobat and Reader Resource Management Error Vulnerability

Adobe Acrobat, a PDF file editing and conversion tool from Adobe, is vulnerable to a resource management error in Adobe Acrobat and Reader, which is caused by a post-release usage error when processing PDF files. A remote attacker could exploit the vulnerability to create a specially crafted PDF...

9.3CVSS3.2AI score0.10801EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/11 12:0 a.m.•27 views

Google Android out-of-bounds write vulnerability (CNVD-2022-06897)

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android that could be exploited by attackers to remotely elevate privileges without additional executive privileges...

10CVSS6.8AI score0.02041EPSS
Exploits0
CNVD
CNVD
•added 2022/01/11 12:0 a.m.•27 views

Google Android Input Validation Error Vulnerability (CNVD-2022-06151)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android 11 is vulnerable to an input validation error, which stems from a network system or product that does not properly validate input data. No details of the vulnerability are currently available...

7.8CVSS2.8AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/10 12:0 a.m.•27 views

Huawei HarmonyOS Heap Overflow Vulnerability (CNVD-2022-17398)

Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyOS is vulnerable to a heap overflow vulnerability. An attacker could exploit this vulnerability to cause malicious code execution...

9.8CVSS2.9AI score0.0122EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/10 12:0 a.m.•27 views

Google Chrome ANGLE buffer overflow vulnerability (CNVD-2022-65576)

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome ANGLE, which can be exploited by remote attackers to overflow the buffer and execute arbitrary code on the system, or cause the application to crash...

8.8CVSS7.5AI score0.01344EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•27 views

Discourse Information Disclosure Vulnerability (CNVD-2022-05506)

Discourse is an open source community discussion platform. The platform includes community, email and chat room features.Discourse suffers from an information disclosure vulnerability for which no detailed vulnerability details are currently available...

4.3CVSS2.2AI score0.00727EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•27 views

GPAC Denial of Service Vulnerability (CNVD-2022-03211)

GPAC is an open source multimedia framework. GPAC 1.0.1 contains a security vulnerability that stems from improper design or implementation during the development of code for a networked system or product, which could be exploited by an attacker to conduct a denial-of-service attack...

5.5CVSS4.2AI score0.00625EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/06 12:0 a.m.•27 views

WordPress Download Monitor PluginSQL Injection Vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress Download Monitor Plugin has a SQL injection vulnerability in versions prior to 4.4.5, which stems from the use...

7.2CVSS4.7AI score0.17484EPSS
Exploits5References1
CNVD
CNVD
•added 2022/01/05 12:0 a.m.•27 views

ASUS RT-AC52U_B1 Cross-Site Scripting Vulnerability

Asus Rt-Ac52UB1 is a dual-band wireless router from Asus China.A cross-site scripting vulnerability exists in ASUS RT-AC52UB1, which stems from the presence of invalid data filtering in ASUS RT-AC52U B1 version 3.0.0.4.380.10931, which could lead to user session hijacking. No detailed vulnerabili...

6.1CVSS1.5AI score0.00702EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/04 12:0 a.m.•27 views

Wireshark Injection Vulnerability (CNVD-2022-11196)

Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. An injection vulnerability exists in Wireshark versions 3.4.0 - 3.4.10, which stems fro...

7.5CVSS7.3AI score0.02205EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/04 12:0 a.m.•27 views

Wireshark Injection Vulnerability (CNVD-2022-11197)

Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark version 3.6.0 suffers from an injection vulnerability that stems from a crash...

5.5CVSS6.1AI score0.01426EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/30 12:0 a.m.•27 views

Microsoft SharePoint Elevation of Privilege Vulnerability (CNVD-2022-01686)

Microsoft Office Sharepoint Server is a U.S. Microsoft Microsoft company for enterprise customers and design, web-based content management and collaboration tools. The initial version of the software exists in the form of Office components, and now also still greatly dependent on Office to provid...

8.8CVSS8.5AI score0.01918EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/30 12:0 a.m.•27 views

Command Execution Vulnerability in Panavision OA (CNVD-2022-06870)

Ltd. specializes in the field of collaborative management OA software, and is committed to collaborative OA as the core to help enterprises build a new mobile office platform. A command execution vulnerability exists in Panmicro OA, which can be exploited by an attacker to gain control of the...

7.5AI score
Exploits0
CNVD
CNVD
•added 2021/12/29 12:0 a.m.•27 views

Garrett Metal Detectors Buffer Overflow Vulnerability (CNVD-2022-01313)

Garrett Metal Detectors is a walk-in metal detector from Garrett, U.S.A. Garrett Metal Detectors is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a stack buffer overflow...

9CVSS5.3AI score0.00974EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/27 12:0 a.m.•27 views

Apple macOS High Sierra Elevation of Privilege Vulnerability

A security vulnerability exists in Apple macOS High Sierra, a specialized operating system developed by Apple for Mac computers. macOS High Sierra is caused by a faulty race condition. An attacker could exploit this vulnerability to cause elevated privileges...

8.1CVSS5.7AI score0.00909EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/27 12:0 a.m.•27 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-00608)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel versions prior to 5.15.11 have a security vulnerability that stems from f2fssetxattr in fs/f2fs/xattr.c in the Linux kernel, which can be exploited when an inode has an invalid last xattr...

7.8CVSS3.8AI score0.00549EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/27 12:0 a.m.•27 views

Apple macOS High Sierra Information Disclosure Vulnerability (CNVD-2022-15495)

A security vulnerability exists in Apple macOS High Sierra, a specialized operating system developed by Apple for Mac computers. macOS High Sierra is caused by a problem with handling contact sharing. An attacker could exploit this vulnerability to cause unexpected data sharing...

5CVSS3.5AI score0.00926EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/12/24 12:0 a.m.•27 views

Linux Kernel kvm_dirty_ring_get() function denial of service vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux Kernel kvmdirtyringget suffers from a function denial of service vulnerability, which is caused by the kvmdirtyring function in virt/kvm/dirtyring.c without creating a vCPU. dirtyring function in...

5.5CVSS3.6AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/23 12:0 a.m.•27 views

Information Leakage Vulnerability in Qixing Tianqing Hanma USG Firewall

Tianqing Hanma USG Firewall is a new firewall series product officially launched by Qixing. There is an information leakage vulnerability in Qishen Tianqing Hanma USG Firewall, which can be exploited by attackers to obtain sensitive information...

6.6AI score
Exploits0
CNVD
CNVD
•added 2021/12/21 12:0 a.m.•27 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05065)

Vim is a UNIX-based editor. buffer overflow vulnerability exists in Vim. No detailed vulnerability details are currently available...

7.8CVSS3.3AI score0.01831EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/20 12:0 a.m.•27 views

xorg-x11-server out-of-bounds access vulnerability

xorg-x11-server is an X Window System display server from the X.Org X.org Foundation. xorg-x11-server is vulnerable to an out-of-bounds access vulnerability that could be exploited by attackers to crash the server, deny service, or possibly execute arbitrary code and escalate privileges...

7.8CVSS7.1AI score0.00565EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/20 12:0 a.m.•27 views

xorg-x11-server out-of-bounds access vulnerability (CNVD-2022-04966)

xorg-x11-server is an X Window System display server from the X.Org Foundation. xorg-x11-server 21.1.2 and versions prior to 1.20.14 have an out-of-bounds access vulnerability in the SwapCreateRegister function, which can be exploited by attackers to threaten data confidentiality, integrity, and...

7.8CVSS6.7AI score0.00565EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•27 views

Delta Electronics DIAEnergie .NET Request.QueryString Cross-Site Scripting Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

7.5CVSS2.1AI score0.00603EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•27 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59688)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...

7.8CVSS6.3AI score0.02512EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•27 views

Motorola Solutions Avigilon Cross-Site Scripting Vulnerability

Motorola Solutions Avigilon is a series of security cameras from Motorola Solutions, U.S. A cross-site scripting vulnerability exists in Motorola Solutions Avigilon, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability...

4.8CVSS3AI score0.00452EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/17 12:0 a.m.•27 views

Bentley View Code Execution Vulnerability (CNVD-2021-102049)

Bentley View is a free viewer from Bentley Systems, Inc. A security vulnerability exists in Bentley View, which is caused by out-of-bounds writes when parsing JT files. An attacker could exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS6.1AI score0.01937EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/17 12:0 a.m.•27 views

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

4.3CVSS2.4AI score0.01593EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/12/17 12:0 a.m.•27 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-05440)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

8CVSS6.4AI score0.01545EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/16 12:0 a.m.•27 views

Bentley View Code Execution Vulnerability (CNVD-2021-102033)

Bentley View is a free viewer from Bentley Systems, U.S.A. A security vulnerability exists in Bentley View, which is caused by a use-after-release vulnerability when parsing 3DS files. An attacker could exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS6.2AI score0.02103EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/14 12:0 a.m.•27 views

SonicWall SMA100 has an unspecified vulnerability

The Sonicwall SMA100 is a secure access gateway appliance from Sonicwall, Inc. A security vulnerability exists in the SonicWall SMA100 that could be exploited by an unauthenticated remote attacker to bypass firewall rules by using the SMA100 as an unexpected proxy or intermediate undetectable pro...

9.8CVSS3.7AI score0.02663EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/14 12:0 a.m.•27 views

Fortinet FortiWeb Input Validation Error Vulnerability

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content.Fortinet FortiWeb An input validation error...

5.4CVSS0.2AI score0.00506EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/13 12:0 a.m.•27 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2021-99616)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to an information disclosure vulnerability that stems from the use of XMLHttpRequest, which can be exploited by attackers to identify installed applications by probing error message...

6.5CVSS2.1AI score0.01714EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•27 views

Autodesk Navisworks code issue vulnerability

Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. A code issue vulnerability exists in Autodesk Navisworks, which can be exploited by attackers to execute code via a maliciously crafted DLL file...

7.8CVSS7AI score0.01437EPSS
Exploits0References1
Total number of security vulnerabilities5000