Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/09/15 12:0 a.m.•28 views

Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2022-04518)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS4AI score0.64297EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/14 12:0 a.m.•28 views

PRTG Network Monitor Cross-Site Scripting Vulnerability (CNVD-2021-93888)

PRTG Network Monitor is an uptime and bandwidth monitoring software that supports various sensor types.A stored cross-site scripting vulnerability exists in versions prior to PRTG Network Monitor 21.3.69.1333. An attacker can execute malicious JavaScript by importing a specially crafted string fr...

5.4CVSS3AI score0.00609EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/09 12:0 a.m.•28 views

Hitachi ABB Power Grids System Data Manager Encryption Issue Vulnerability

Hitachi ABB Power Grids System Data Manager is a system data manager from Hitachi, Japan. Hitachi ABB Power Grids System Data Manager is vulnerable to an encryption issue that stems from the fact that the application does not encrypt backup files. A local operating system user can modify the back...

7.8CVSS2.5AI score0.00127EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•28 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72270)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to potentially cause out-of-bounds reads in ntfsattrfind and...

7.8CVSS7.7AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•28 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72274)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a heap-based buffer overflow in ntfsinodelookupbyname in NTFS-...

7.8CVSS7.8AI score0.00455EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/03 12:0 a.m.•28 views

ZOHO ManageEngine ServiceDesk Plus Licensing Issue Vulnerability

ZOHO ManageEngine ServiceDesk Plus SDP is a set of ITIL-based IT service management software from ZOHO. The software integrates incident management, issue management, asset management IT project management, procurement and contract management, etc. An authorization issue vulnerability exists in...

9.8CVSS2.9AI score0.99854EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•28 views

Google Chrome Bookmarks code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Bookmarks. An attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS4.7AI score0.03972EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•28 views

SolarWinds Orion Platform SQL Injection Vulnerability

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...

9CVSS1.9AI score0.01642EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/27 12:0 a.m.•28 views

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22651)

Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from a lack of validation and escaping of user-supplied data in the search screen, and could be exploited by remote attackers to trick victims int...

6.1CVSS1.6AI score0.009EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/26 12:0 a.m.•28 views

F5 BIG-IP TMUI Remote Command Execution Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A remote command execution vulnerability exists in the F5 BIG-IP TMUI, which can be exploited by an authenticated attacker wi...

8.8CVSS3.9AI score0.02288EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/24 12:0 a.m.•28 views

ARM mbed TLS denial of service vulnerability

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. ARM mbed TLS suffers from a denial of service vulnerability that stems from an unrestricted calculation performed by mbedtlsmpiexpmod. An attacker could exploit this vulnerability to provide...

7.5CVSS4.1AI score0.0197EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•28 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67826)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04065EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•28 views

XStream Arbitrary Code Execution Vulnerability

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.8CVSS6.4AI score0.0454EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•28 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67828)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.16118EPSS
Exploits2References1
CNVD
CNVD
•added 2021/08/18 12:0 a.m.•28 views

IBM API Connect HOST Injection Vulnerability

IBM API Connect APIConnect is an integration solution for managing the lifecycle of APIs from IBM. The product supports creating, running, managing and securing APIs and microservices, etc. An injection vulnerability exists in IBM API Connect HOST, which stems from the product's host header not...

5.5CVSS0.5AI score0.00937EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/18 12:0 a.m.•28 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-68455)

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in Printing in versions prior to Google Chrome 92.0.4515.159. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...

8.8CVSS3.6AI score0.02539EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/16 12:0 a.m.•28 views

TYPO3 Information Disclosure Vulnerability (CNVD-2022-17972)

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association.TYPO3 suffers from an information disclosure vulnerability that stems from session identifiers not being properly present in the HTML output, which can be exploited by an attacker to cause...

7.5CVSS1.5AI score0.01013EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/16 12:0 a.m.•28 views

TYPO3 SQL Injection Vulnerability (CNVD-2022-17976)

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 is vulnerable to a SQL injection vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

9.8CVSS2.9AI score0.00996EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/12 12:0 a.m.•28 views

Mozilla Firefox Type Obfuscation Vulnerability (CNVD-2021-90101)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a type obfuscation vulnerability that stems from a faulty JIT optimization and a type obfuscation error. A remote attacker could trick a victim into opening a carefully construct...

6.5CVSS2.2AI score0.01124EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/12 12:0 a.m.•28 views

cPanel XXE vulnerability

cPanel is a web-based host control management system from cPanel USA. cPanel versions prior to 98.0.1 have an XXE vulnerability in the WHM Locale Upload feature. No detailed vulnerability details are currently available...

7.2CVSS3.1AI score0.00863EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/11 12:0 a.m.•28 views

ZTE ZXHN H2640 Information Disclosure Vulnerability

The ZTE ZXHN H2640 is a home gateway device from ZTE Corporation China.An information disclosure vulnerability exists in the ZTE ZXHN H2640, which stems from a configuration and other errors in the network system or product during operation. An unauthorized attacker could exploit the vulnerabilit...

2.4CVSS2.2AI score0.00442EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/11 12:0 a.m.•28 views

Adobe Magento Improper Input Validation Vulnerability (CNVD-2021-90927)

Magento is an open source e-commerce platform written in PHP by Adobe. Adobe Magento is vulnerable to improper input validation. An attacker can exploit this vulnerability to execute arbitrary code...

9.1CVSS3.3AI score0.02867EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•28 views

WordPress Astra Pro Addon Plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Astra Pro Addon Plugin versions prior to 3.5.2, which stems...

9.8CVSS9.9AI score0.11004EPSS
Exploits2References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•28 views

Exiv2 Infinite Loop Vulnerability (CNVD-2021-61438)

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. exiv2 0.27.4 and earlier versions are vulnerable to an infinite loop. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...

5.5CVSS5.1AI score0.01051EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/06 12:0 a.m.•28 views

Libgd out-of-bounds read vulnerability (CNVD-2021-94953)

LibGD is an open source library for programmers to dynamically create images. an out-of-bounds read vulnerability exists in LibGD 2.3.2 and earlier. An attacker can exploit the vulnerability to cause a denial of service via specially crafted TGA files...

6.5CVSS5AI score0.01869EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/04 12:0 a.m.•28 views

Huawei HarmonyOS Incorrect Permission Management Vulnerability Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. Huawei HarmonyOS has a security vulnerability that can be exploited by local attackers to elevate privileges...

7.8CVSS3.9AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/04 12:0 a.m.•28 views

Huawei HarmonyOS configuration settings vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which can be exploited by local attackers to cause a lack of trust in the underlying application trust list...

7.8CVSS2.9AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/03 12:0 a.m.•28 views

Incorrect security UI vulnerability in Google Chrome navigation

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 92.0.4515.131 are vulnerable to an incorrect security UI in navigation. An attacker could exploit this vulnerability to bypass security restrictions...

4.3CVSS4.5AI score0.01718EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/03 12:0 a.m.•28 views

Google Chrome out-of-bounds read vulnerability (CNVD-2021-62186)

Chrome is a web browsing tool developed by Google. An out-of-bounds read vulnerability exists in the Tab Strip in versions of Google Chrome prior to 92.0.4515.131. A remote attacker could exploit this vulnerability to obtain sensitive information...

8.1CVSS4.3AI score0.01948EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/27 12:0 a.m.•28 views

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-57425)

CMS Made Simple is a simple and easy-to-use content management system developed using PHP, MySQL and Smarty template engine.A cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14. The vulnerability can be exploited by attackers to conduct cross-site scripting attacks via th...

4.8CVSS2.8AI score0.00473EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/27 12:0 a.m.•28 views

Exiv2 integer overflow vulnerability (CNVD-2021-62191)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An integer overflow vulnerability exists in CrwMap::encode0x1810 in Exiv2 version 0.27.3. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted image file...

7.5CVSS7.3AI score0.02555EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/23 12:0 a.m.•28 views

Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2021-59241)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. Oracle Fusion Middleware has a security vulnerability that can be exploited...

7.5CVSS7.5AI score0.01834EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•28 views

Adobe Media Encoder out-of-bounds read vulnerability (CNVD-2021-54350)

Adobe Media Encoder, a video and audio encoding application, is vulnerable to an out-of-bounds read vulnerability in Adobe Media Encoder version 15.2 and earlier. An attacker could exploit this vulnerability to execute arbitrary code...

7.8CVSS6.5AI score0.02044EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•28 views

Oracle BI Publisher Unauthorized Access Vulnerability

Oracle BI Publisher is a reporting solution that makes it easier and faster to produce, manage, and deliver all reports and documents than traditional reporting tools.Oracle BI Publisher versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 of the E- Business Suite - XDO component contains a...

7.5CVSS2.8AI score0.83298EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•28 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54389)

Oracle MySQL is an open source relational database management system from Oracle Corporation. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.25 and earlier versions. An attacker could exploit this vulnerability to cause MySQL Server to hang ...

4.9CVSS3.3AI score0.02588EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/19 12:0 a.m.•28 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63282)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in GDI in Microsoft Windows/Windo...

5.5CVSS1.4AI score0.0076EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•28 views

Linux kernel buffer overflow vulnerability (CNVD-2021-54395)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. The vulnerability stems from the discovery that the eBPF ALU32 bounds trace for bitwise operations AND, OR and XOR does not...

7.8CVSS7.4AI score0.27477EPSS
Exploits8References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•28 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2021-70127)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video.A remote code execution vulnerability exists in Microsoft HEVC Video Extensions. An attacker could...

7.8CVSS4.2AI score0.02177EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•28 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63285)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in the Remote Access Connection Manager in Microsoft...

5.5CVSS1.5AI score0.0076EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•28 views

Unspecified Vulnerability in Exiv2 (CNVD-2021-62175)

Exiv2 is a suite of C++ libraries and command line applications for managing image metadata. It provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A security vulnerability exists in Exiv2 v0.27.1, which stems from a buffer overflow...

6.5CVSS6.6AI score0.0114EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•28 views

Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66063)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in the TCP/IP driver in Microsoft...

7.5CVSS2.8AI score0.03034EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•28 views

Microsoft Windows Server Denial of Service Vulnerability (CNVD-2021-76467)

Windows Server is the brand name of a series of server operating systems released by Microsoft, including all Windows operating systems released under the brand name "Windows Server." Windows Server in Microsoft Windows Server A denial-of-service vulnerability exists in Windows DNS Server. No...

6.5CVSS1.9AI score0.03003EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•28 views

Microsoft Windows Server Remote Code Execution Vulnerability (CNVD-2021-76462)

Windows Server is the brand name of a series of server operating systems released by Microsoft, including all Windows operating systems released under the brand name "Windows Server." Windows Server in Microsoft Windows Server A remote code execution vulnerability exists in DNS Server, which can ...

8.8CVSS3.4AI score0.02524EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•28 views

Adobe Illustrator 2021 out-of-bounds write vulnerability (CNVD-2021-55964)

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to an out-of-bounds write vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS6.3AI score0.0194EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•28 views

Siemens Jt2go and Siemens Teamcenter Visualization Out-of-Bounds Writing Vulnerability (CNVD-2021-53346)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens, a German company. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds write vulnerability exists in Siemens JT2Go versions pri...

7.8CVSS3.9AI score0.01574EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/13 12:0 a.m.•28 views

IBM DB2 Command Injection Vulnerability

IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 for Linux, UNIX, and Windows including Db2 Connect Server, which stems...

7.5CVSS3.3AI score0.01692EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/09 12:0 a.m.•28 views

WordPress ProfilePress plugin elevation of privilege vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An elevation of privilege vulnerability exists in the ProfilePress plugin for WordPress versions 3.0...

9.8CVSS8.9AI score0.0412EPSS
Exploits2References1
CNVD
CNVD
•added 2021/07/05 12:0 a.m.•28 views

XWiki Platform has an unspecified vulnerability (CNVD-2022-13410)

Xwiki Platform is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki Platform has a security vulnerability that stems from the fact that the reset password form can display a user's email address by simply providing a username. No details of the...

5.3CVSS1.5AI score0.01199EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/28 12:0 a.m.•28 views

ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability

ManageEngine ADSelfService Plus is a web-based self-service application that allows end-users to perform tasks such as password resets, account unlocks, profile information updates, etc. without relying on a help desk.Zoho ManageEngine ADSelfService Plus 6101 and earlier versions are vulnerable t...

9.8CVSS1.9AI score0.73126EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/25 12:0 a.m.•28 views

Unauthorized Access Vulnerability in Hong Kong Broadband Network Limited IAD601D

Hong Kong Broadband Network Limited is a leading provider of integrated telecommunications and technology solutions. An unauthorized access vulnerability exists in IAD601D of Hong Kong Broadband Network Limited, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
Total number of security vulnerabilities5000