Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2016/08/04 12:0 a.m.•27 views

Crestron AirMedia AM-100 cgi-bin/login.cgi Directory Traversal Vulnerability

The Crestron AirMedia AM-100 is a gateway product from Crestron Electronics, USA. A directory traversal vulnerability in the cgi-bin/login.cgi file in the Crestron AirMedia AM-100 device allows remote attackers to submit a special request to read arbitrary files...

7.5CVSS6.9AI score0.20842EPSS
Exploits4References1
CNVD
CNVD
•added 2016/06/15 12:0 a.m.•27 views

Microsoft Office OLE DLL End Load Vulnerability

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A security vulnerability exists in Microsoft Office that originates from the program failing to properly...

9.3CVSS8.5AI score0.43431EPSS
Exploits4References1
CNVD
CNVD
•added 2016/04/22 12:0 a.m.•27 views

Plone Information Disclosure Vulnerability (CNVD-2016-02598)

Plone is the United States Plone Foundation's set of free and open source content management system CMS built on the application server Zope. An information disclosure vulnerability exists in Plone, which can be exploited by an attacker to obtain ID information for private content...

5.3CVSS6.4AI score0.01115EPSS
Exploits0References1
CNVD
CNVD
•added 2016/03/24 12:0 a.m.•27 views

Apple OS X Intel Graphics Driver Memory Corruption Vulnerability (CNVD-2016-01879)

Apple OS X is a specialized operating system developed by Apple for Mac computers.Intel Graphics Driver is one of the graphics card driver components. A security vulnerability exists in Intel Graphics Driver in Apple OS X versions prior to 10.11.4. The vulnerability can be exploited by an attacke...

9.3CVSS7.5AI score0.04157EPSS
Exploits4References1
CNVD
CNVD
•added 2016/01/16 12:0 a.m.•27 views

Apache Directory Studio Command Injection Vulnerability

Apache Directory Studio is a suite of LDAP tool platforms for connecting to, managing and developing any LDAP server. Apache Directory Studio fails to adequately filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting special requests to execute arbitrary...

9.3CVSS7.6AI score0.02109EPSS
Exploits0References1
CNVD
CNVD
•added 2015/07/16 12:0 a.m.•27 views

Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2015-04662)

Microsoft Windows Server is a series of servers based on the windows operating system launched by the U.S. Microsoft Microsoft. A security vulnerability exists in the graphics component of Microsoft Windows. A local attacker could exploit the vulnerability to gain privileges through incorrect...

7.2CVSS6.8AI score0.01799EPSS
Exploits0References1
CNVD
CNVD
•added 2015/04/14 12:0 a.m.•27 views

Multiple TP-LINK Product Catalog Traversal Vulnerability

TP-Link is a well-known supplier of networking and communication equipment. A directory traversal vulnerability exists in multiple TP-LINK products. An attacker is allowed to exploit this vulnerability to obtain sensitive information and launch further attacks...

7.8CVSS6.6AI score0.83772EPSS
Exploits5References1
CNVD
CNVD
•added 2015/01/22 12:0 a.m.•27 views

Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2015-00596)

Oracle VM VirtualBox is an open source virtual machine software. A security vulnerability in the VMSVGA device child of Oracle VM VirtualBox versions prior to 4.3.20 allows remote attackers to exploit the vulnerability to affect the availability, integrity of the system...

3.2CVSS6.7AI score0.0036EPSS
Exploits0References1
CNVD
CNVD
•added 2026/06/02 12:0 a.m.•26 views

IBM WebSphere Application Server code issue vulnerability (CNVD-2026-23396)

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and managing Java EE applications. There are security vulnerabilities in IBM WebSphere Application Server. These vulnerabilities stem from the SAML Web Single Sign-On component, which fai...

8.5CVSS5.6AI score0.00487EPSS
Exploits0
CNVD
CNVD
•added 2025/01/24 12:0 a.m.•26 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02307)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...

4.1CVSS6AI score0.00281EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/24 12:0 a.m.•26 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02318)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a security vulnerability in MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash frequent...

5.5CVSS6.1AI score0.00449EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/15 12:0 a.m.•26 views

IBM Security verify Access Appliance Denial of Service Vulnerability

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...

6.2CVSS6.5AI score0.00295EPSS
Exploits1References1
CNVD
CNVD
•added 2024/04/02 12:0 a.m.•26 views

IBM Security Verify Access Information Disclosure Vulnerability (CNVD-2024-16916)

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...

6.2CVSS5.9AI score0.00107EPSS
Exploits1References1
CNVD
CNVD
•added 2024/04/01 12:0 a.m.•26 views

Dell PowerScale OneFS Symbolic Link Vulnerability (CNVD-2024-16193)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from a symbolic link vulnerability, which can be exploited by a local, highly-privileged attacker to cause a denial of service,...

6CVSS6.9AI score0.0019EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/21 12:0 a.m.•26 views

Google Chrome Security Bypass Vulnerability (CNVD-2024-16881)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from a misimplementation issue with Downloads. An attacker could exploit this vulnerability to bypass security restrictions...

4.3CVSS6.8AI score0.0059EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/21 12:0 a.m.•26 views

Google Chrome Security Bypass Vulnerability (CNVD-2024-16877)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an incorrect security UI in iOS. An attacker can exploit this vulnerability to bypass security restrictions...

4.3CVSS6.8AI score0.00655EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/21 12:0 a.m.•26 views

Mozilla Firefox ESR and Thunderbird Denial of Service Vulnerabilities

Mozilla Firefox ESR is an extended support version of Firefox the Web browser.Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application Suite. A denial of service vulnerability exists in Mozilla Firefox ESR and Thunderbird, which is caused by an ICU...

2.7CVSS6.3AI score0.00699EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/18 12:0 a.m.•26 views

Apache Airflow Information Disclosure Vulnerability Vulnerability (CNVD-2024-13567)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has an information disclosure vulnerability vulnerability that can b...

8.1CVSS6.6AI score0.01332EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/15 12:0 a.m.•26 views

IBM Maximo Application Suite Cross-Site Scripting Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Maximo Application Suite version 7.6.1.3, which stems...

6.4CVSS5.9AI score0.00315EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/13 12:0 a.m.•26 views

Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems Buffer Overflow Vulnerability

Cerberus PRO EN is a fire protection system consisting of fire panels, detection and management stations. It is available to Siemens partners and complies with the European standard EN 54 for fire detection and alarm systems. Sinteso EN is a fire protection system consisting of fire panels,...

7.5CVSS7.3AI score0.00508EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/13 12:0 a.m.•26 views

Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems Out-of-Bounds Read Vulnerability

Cerberus PRO EN is a fire protection system consisting of fire panels, detection and management stations. It is available to Siemens partners and complies with the European standard EN 54 for fire detection and alarm systems. Sinteso EN is a fire protection system consisting of fire panels,...

7.5CVSS6.8AI score0.00832EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/12 12:0 a.m.•26 views

Apache InLong Code Issue Vulnerability (CNVD-2024-16113)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.8.0 through 1.10.0, which can be exploited by an attacker to read...

9.1CVSS6.9AI score0.0122EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/23 12:0 a.m.•26 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CNVD-2024-17976)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A remote code execution vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by an attacker to execute arbitrary code on a system...

8.3CVSS8.4AI score0.01231EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•26 views

IBM Storage Ceph Input Validation Error Vulnerability

IBM Storage Ceph is an IBM-powered, open source software-defined storage platform from International Business Machines IBM that provides scalable object, block, and file storage in a single system. IBM Storage Ceph suffers from an input validation error vulnerability that stems from the possibili...

6.5CVSS4.8AI score0.00698EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•26 views

CKEditor cross-site scripting vulnerability (CNVD-2024-09867)

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor4, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code by abusing a misconfigured preview function...

6.1CVSS6.5AI score0.01652EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/22 12:0 a.m.•26 views

IBM CICS TX Standard Encryption Issues Vulnerability

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard has a cryptographic issue vulnerability that stems from the use ...

7.5CVSS6.4AI score0.00486EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/19 12:0 a.m.•26 views

IBM Security Verify Access Information Disclosure Vulnerability (CNVD-2024-09176)

IBM Security Verify Access is a service from International Business Machines IBM that improves user access security. An information disclosure vulnerability exists in IBM Security Verify Access, which can be exploited by an attacker to compromise a server...

9.8CVSS6.3AI score0.00577EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•26 views

Microsoft Edge for Android Information Disclosure Vulnerability

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

4.3CVSS4.2AI score0.00902EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•26 views

Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

5.3CVSS5.1AI score0.00722EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•26 views

Code Execution Vulnerabilities in Multiple Mozilla Products

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

8.8CVSS8.1AI score0.00745EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•26 views

Mozilla Firefox Denial of Service Vulnerability (CNVD-2024-10437)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A denial of service vulnerability exists in Mozilla Firefox, which can be exploited by attackers to cause the browser to crash...

7.5CVSS6.9AI score0.00602EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/24 12:0 a.m.•26 views

Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability

Simple Online Hotel Reservation System is an online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the addreserve.php file, and can ...

6.1CVSS6.4AI score0.00556EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/23 12:0 a.m.•26 views

Huawei HarmonyOS buffer overflow vulnerability (CNVD-2024-06169)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in a module. An attacker could exploit the...

9.8CVSS7.4AI score0.00455EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•26 views

Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04951)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...

6.5CVSS5.9AI score0.02039EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•26 views

Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04950)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...

6.5CVSS5.9AI score0.01925EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•26 views

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2024-12469)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A security vulnerability exists in Adobe InDesign, which can be exploited by an attacker to cause a sensitive memory leak...

5.5CVSS5.2AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/13 12:0 a.m.•26 views

PHPEMS Deserialization Vulnerability

PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...

8.8CVSS7.3AI score0.01666EPSS
Exploits1References1
CNVD
CNVD
•added 2023/12/13 12:0 a.m.•26 views

Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the system via a malicious local administrator...

7.2CVSS7.3AI score0.00623EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/13 12:0 a.m.•26 views

IBM Informix Dynamic Server Buffer Overflow Vulnerability (CNVD-2023-9769466)

IBM Informix Dynamic Server IDS is a scalable object-relational database server from International Business Machines IBM that provides clustered data centers with features such as continuous data availability and disaster recovery. IBM Informix Dynamic Server suffers from a buffer overflow...

6.2CVSS8.3AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/21 12:0 a.m.•26 views

Adobe ColdFusion Access Control Error Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An Access Control Error vulnerability exists in Adobe ColdFusion, which arises from the presence of...

7.5CVSS6.5AI score0.10072EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/14 12:0 a.m.•26 views

Command Execution Vulnerability in Green Alliance Operations and Maintenance Security Management System

Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Securit...

7.9AI score
Exploits0
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•26 views

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-82672)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects versions 18.4....

3.3CVSS6.5AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•26 views

Google Android Information Disclosure Vulnerability (CNVD-2024-00168)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by attackers to cause information leakage...

5.5CVSS6.4AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•26 views

Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81885)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...

8.1CVSS7.8AI score0.01256EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•26 views

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office Click-To-Run has an elevation of privilege vulnerability that can be exploited by an...

7CVSS7.1AI score0.00436EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•26 views

Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81884)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...

8.1CVSS7.8AI score0.01256EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/27 12:0 a.m.•26 views

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-76937)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. Adobe After Effects suffers from an out-of-bounds read vulnerability that stems...

3.3CVSS6.5AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/18 12:0 a.m.•26 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-82284)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.7AI score0.00363EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/17 12:0 a.m.•26 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-75496)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 117.0.5938.62, which stems from an improper implementation of the Custom Tabs module. An attacker can exploit the vulnerability to bypass security restrictions...

4.3CVSS6.1AI score0.00663EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/15 12:0 a.m.•26 views

Microsoft 3D Viewer Remote Code Execution Vulnerability (CNVD-2023-74905)

Microsoft 3D Viewer is a simplified and fast graphics editing application from Microsoft. A remote code execution vulnerability exists in Microsoft 3D Viewer, which can be exploited by an attacker to execute code on the target host...

7.8CVSS7.9AI score0.00768EPSS
Exploits0References1
Total number of security vulnerabilities5000