Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/07/21 12:0 a.m.•27 views

Oracle BI Publisher Unauthorized Access Vulnerability

Oracle BI Publisher is a reporting solution that makes it easier and faster to produce, manage, and deliver all reports and documents than traditional reporting tools.Oracle BI Publisher versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 of the E- Business Suite - XDO component contains a...

7.5CVSS2.8AI score0.83298EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/20 12:0 a.m.•27 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2021-90103)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a buffer overflow vulnerability that stems from a boundary error when processing HTML content. An attacker could exploit the vulnerability to create a specially crafted web page...

8.8CVSS2.6AI score0.01009EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/19 12:0 a.m.•27 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-62172)

Chrome is a web browsing tool developed by Google, and a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 91.0.4472.164. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash...

8.8CVSS5.8AI score0.01724EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/19 12:0 a.m.•27 views

D-LINK DIR-3040 Information Disclosure Vulnerability (CNVD-2021-53338)

The D-LINK DIR-3040 is a router from D-Link, a Taiwan-based company that provides connectivity to the Internet.The D-LINK DIR-3040 is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to send HTTP requests resulting in the disclosure of sensitive...

6.5CVSS0.8AI score0.36486EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66074)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Projected File System in...

7.8CVSS3.3AI score0.00563EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•27 views

Microsoft Windows Server Information Disclosure Vulnerability (CNVD-2021-54418)

Windows Server is the brand name of a series of server operating systems released by Microsoft, including all Windows operating systems released under the brand name "Windows Server". An information disclosure vulnerability exists in the "Key Distribution Center" in Microsoft Windows Server. No...

5.9CVSS1.8AI score0.03031EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66076)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the Cloud Files Mini Filter Driver in Microsoft...

7.8CVSS3.6AI score0.00563EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•27 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2021-70128)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video.A remote code execution vulnerability exists in Microsoft HEVC Video Extensions. An attacker could...

7.8CVSS4.2AI score0.02177EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66077)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation-of-privilege vulnerability exists in the Remote Access Connection Manager in Microsoft...

7.8CVSS3.8AI score0.00485EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•27 views

Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66062)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in the TCP/IP driver in Microsoft...

7.5CVSS2.8AI score0.03556EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•27 views

Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66061)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in the TCP/IP driver in Microsoft...

7.5CVSS2.8AI score0.03034EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•27 views

ECTouch SQL Injection Vulnerability

ECTouch is an application. An open source mobile mall system to create an enterprise exclusive mobile mall. ECTouch suffers from a SQL injection vulnerability, which originates from the SQL injection vulnerability in ECTouch v2 generated through the integralmin parameter in index.php. An attacker...

9.8CVSS4.7AI score0.01138EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•27 views

SQL Injection Vulnerability in Riptide NBR Routers

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and so on. A SQL injection vulnerability exists in Ruijie NBR routers, which...

8.2AI score
Exploits0
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•27 views

Adobe Acrobat/Reader Type Obfuscation Vulnerability (CNVD-2021-55976)

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader suffers from a type obfuscation vulnerability. An attacker can exploit this vulnerability to read arbitrary file systems...

4.3CVSS3.9AI score0.02721EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•27 views

Adobe Acrobat/Reader Type Obfuscation Vulnerability (CNVD-2021-70147)

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to a type obfuscation vulnerability. An attacker could exploit the vulnerability to disclose sensitive memory informati...

4.3CVSS1.7AI score0.01919EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/08 12:0 a.m.•27 views

Cisco 7000 Series IP Camera Memory Leak Vulnerability (CNVD-2021-57459)

The Cisco 7000 Series IP cameras are 5 megapixel, high definition, outdoor fixed dome cameras in vandal resistant enclosures with pan/tilt/zoom functionality.The Cisco 7000 Series IP camera implementation of Link Layer Discovery Protocol LLDP in firmware versions prior to 2.12.4 is vulnerable to ...

6.5CVSS1.4AI score0.00381EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/05 12:0 a.m.•27 views

XWiki Platform has an unspecified vulnerability (CNVD-2022-13410)

Xwiki Platform is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki Platform has a security vulnerability that stems from the fact that the reset password form can display a user's email address by simply providing a username. No details of the...

5.3CVSS1.5AI score0.01199EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/29 12:0 a.m.•27 views

WordPress Popular Posts Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Popular Posts 5.3.2 and earlier versions are vulnerable to cross-site scripting. An authenticated remote attacker can use this vulnerability to inject arbitrary scripts...

5.4CVSS2.6AI score0.01442EPSS
Exploits1References1
CNVD
CNVD
•added 2021/06/28 12:0 a.m.•27 views

Autodesk Design Review Resource Management Error Vulnerability (CNVD-2021-53948)

Autodesk Design Review ADR is a suite of AutoCAD drafting software support software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a resource management error that could be...

7.8CVSS4AI score0.02992EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/24 12:0 a.m.•27 views

Linux Kernel Code Execution Vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux Kernel is vulnerable to code execution, which can be exploited by attackers to execute arbitrary code, obtain sensitive information, or cause a system denial of service by sending specially crafted...

7.8CVSS5.3AI score0.00282EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/23 12:0 a.m.•27 views

Unauthorized Access Vulnerability in MOBOTIX M26

MOBOTIX M26 is a camera from MOBOTIX. MOBOTIX M26 suffers from an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
•added 2021/06/17 12:0 a.m.•27 views

OpenEXR Logic Flaw Vulnerability

OpenEXR is an image file format for high dynamic range HDR images.A security vulnerability exists in OpenEXR, which stems from a flaw in the ImfDeepScanLineInputFile functionality. An attacker could use the upstairs to trigger an out-of-bounds read by submitting a harmful file to an application...

5.5CVSS1.3AI score0.00428EPSS
Exploits1References1
CNVD
CNVD
•added 2021/06/15 12:0 a.m.•27 views

Unauthorized Access Vulnerability in AXIS 241Q Video Server

Axis is an IT company that specializes in providing web video solutions. An unauthorized access vulnerability exists in AXIS 241Q Video Server, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
•added 2021/06/12 12:0 a.m.•27 views

TamronOS IPTV V5 System Backend Contains Arbitrary File Download Vulnerability

TamronOS IPTV system is a live and on-demand system solution for broadband operators, hotels, schools and other high traffic scenarios. TamronOS IPTV V5 system has an arbitrary file download vulnerability in the background, which can be exploited by attackers to obtain sensitive information...

7AI score
Exploits0
CNVD
CNVD
•added 2021/06/04 12:0 a.m.•27 views

Pillow Denial of Service Vulnerability (CNVD-2021-54030)

Pillow is a Python-based image processing library. A denial of service vulnerability exists in versions of Pillow prior to 8.2.0, which stems from the fact that PSDImagePlugin.PsdImageFile does not properly check the number of input layers based on data block size, and can be exploited by attacke...

5.5CVSS5.1AI score0.0096EPSS
Exploits0References1
CNVD
CNVD
•added 2021/05/20 12:0 a.m.•27 views

WordPress plugin cross-site scripting vulnerability (CNVD-2021-36523)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in versions o...

6.1CVSS5.6AI score0.05501EPSS
Exploits5References1
CNVD
CNVD
•added 2021/05/18 12:0 a.m.•27 views

Liferay Portal and Liferay DXP have unspecified vulnerabilities (CNVD-2021-62988)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

5.3CVSS0.6AI score0.01082EPSS
Exploits0References1
CNVD
CNVD
•added 2021/05/12 12:0 a.m.•27 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63293)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. An information disclosure vulnerability exists in the CSC service of...

5.5CVSS1.4AI score0.0076EPSS
Exploits0References1
CNVD
CNVD
•added 2021/05/07 12:0 a.m.•27 views

Adobe Acrobat Reader DC out-of-bounds write vulnerability

Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader DC is vulnerable to an out-of-bounds write vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS3.6AI score0.04714EPSS
Exploits1References1
CNVD
CNVD
•added 2021/04/23 12:0 a.m.•27 views

Mozilla Thunderbird has an unspecified vulnerability (CNVD-2021-54709)

Mozilla Thunderbird is a set of email client software from the Mozilla Foundation that is separate from the Mozilla Application Suite. Mozilla Thunderbird has a security vulnerability that could be exploited by attackers to perform operations on unlocked keys without having to unlock them...

7.5CVSS4AI score0.00853EPSS
Exploits1References1
CNVD
CNVD
•added 2021/04/16 12:0 a.m.•27 views

Atlassian Jira Server and Data Center Information Disclosure Vulnerability (CNVD-2021-55945)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian Jira Server and Data Center have an...

5.3CVSS3.8AI score0.0141EPSS
Exploits0References1
CNVD
CNVD
•added 2021/03/15 12:0 a.m.•27 views

Pillow Buffer Overflow Vulnerability (CNVD-2021-54035)

Pillow is a Python-based image processing library.A buffer overflow vulnerability exists in Pillow Tiff image file processing, which can be exploited by remote attackers to submit special file requests that trick users into parsing, which can crash the application or execute arbitrary code in the...

9.8CVSS6.7AI score0.02281EPSS
Exploits0References1
CNVD
CNVD
•added 2021/02/26 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66102)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is a set of operating systems for personal devices, and Microsoft Windows Server is a set of server operating systems. Microsoft Windows/Windows Server PKU2U has an elevation of...

7.8CVSS3.2AI score0.00585EPSS
Exploits0References1
CNVD
CNVD
•added 2021/02/18 12:0 a.m.•27 views

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2021-13232)

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A cross-site scripting vulnerability exists in the web interface of Cisco Webex Meetings. The vulnerability stems from insufficient validation of user-supplied input in the web interface of the affected service. An...

6.1CVSS6.4AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
•added 2021/01/06 12:0 a.m.•28 views

Projectworlds Online Book Store Project In Php SQL Injection Vulnerability

Projectworlds Online Book Store Project In Php is a Php-based online bookstore system from the Austrian company Projectworlds. Projectworlds Online Book Store Project In Php 1.0 is vulnerable to SQL injection. An attacker could exploit this vulnerability to dump the entire database on which the w...

9.8CVSS2.7AI score0.17166EPSS
Exploits1References1
CNVD
CNVD
•added 2020/12/04 12:0 a.m.•27 views

WebKitGTK post-release reuse vulnerability

WebKitGTK is a full-featured port of the WebKit rendering engine.A post-release reuse vulnerability exists in the WebSocket functionality of WebKitGTK 2.30.0. An attacker could exploit the vulnerability to achieve remote code execution by tricking a user into visiting a specially crafted web page...

8.8CVSS3.5AI score0.03266EPSS
Exploits1References1
CNVD
CNVD
•added 2020/11/19 12:0 a.m.•27 views

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22655)

Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. Six Apart Movable Type Premium is vulnerable to a cross-site scripting vulnerability that could be exploited by a remote authenticated attacker to inject arbitrary scripts via unspecified vectors...

5.4CVSS4AI score0.00585EPSS
Exploits0References1
CNVD
CNVD
•added 2020/11/13 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66104)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA Microsoft Windows is an operating system for personal devices Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server errors report an elevation of privilege vulnerability...

7.8CVSS4.8AI score0.0075EPSS
Exploits0References1
CNVD
CNVD
•added 2020/11/13 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66105)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server is vulnerable to an elevation of privilege...

7.8CVSS3.6AI score0.01026EPSS
Exploits0References1
CNVD
CNVD
•added 2020/11/13 12:0 a.m.•27 views

Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66065)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial-of-service vulnerability has been reported in Microsoft Windows/Windows...

5.5CVSS3.4AI score0.01455EPSS
Exploits0References1
CNVD
CNVD
•added 2020/11/13 12:0 a.m.•27 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63304)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server MSCTF Server is vulnerable to information...

5.5CVSS1.3AI score0.01365EPSS
Exploits0References1
CNVD
CNVD
•added 2020/10/15 12:0 a.m.•27 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61778)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server, which can be...

7.8CVSS5AI score0.02417EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•27 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63321)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in Microsoft Windows/Windows...

5.5CVSS1.5AI score0.01079EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68738)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

7.8CVSS2.9AI score0.00996EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68744)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...

7.8CVSS4.2AI score0.00777EPSS
Exploits0References1
CNVD
CNVD
•added 2020/08/13 12:0 a.m.•27 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65601)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

9.3CVSS4.2AI score0.04264EPSS
Exploits0References1
CNVD
CNVD
•added 2020/07/17 12:0 a.m.•27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90801)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. Th...

7.8CVSS3.1AI score0.00864EPSS
Exploits0References1
CNVD
CNVD
•added 2020/07/17 12:0 a.m.•27 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65603)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in Microsoft Windows/Windo...

9.3CVSS2.9AI score0.11536EPSS
Exploits0References1
CNVD
CNVD
•added 2020/06/11 12:0 a.m.•27 views

agoo environmental issues loophole

agoo is a Ruby-based HTTP server by Peter Ohler Software Developers. An environmental issue vulnerability exists in agoo 2.12.3 and earlier versions. An attacker can exploit this vulnerability by sending the Content-Length header twice to conduct an HTTP request smuggling attack...

7.5CVSS6.6AI score0.0117EPSS
Exploits0References1
CNVD
CNVD
•added 2020/05/13 12:0 a.m.•27 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61779)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server, which could be...

7.8CVSS3.9AI score0.00708EPSS
Exploits0References1
Total number of security vulnerabilities5000