Lucene search
K
CnvdMost viewed

130997 matches found

CNVD
CNVD
added 2022/03/14 12:0 a.m.26 views

YzmCMS uncontrolled recursion vulnerability

Yzmcms is an open source CMS content management system for Yzmcms individual developers. an uncontrolled recursive vulnerability exists in YzmCMS v6.3, which stems from the fact that the comment function can operate concurrently and an attacker can use this vulnerability to create an unusually...

5.3CVSS3.3AI score0.01082EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.26 views

Shopware Licensing Issue Vulnerability

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware suffers from an authorization issue vulnerability that stems from incorrect api routing checks. An attacker could exploit this vulnerability to modify customers and create orders without application...

7.5CVSS4.5AI score0.00729EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.26 views

MyBB Remote Code Execution Vulnerability (CNVD-2022-20097)

MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A remote code execution vulnerability exists in MyBB, which can be exploited to cause a Remote Code Execution RCE...

7.2CVSS7.4AI score0.77677EPSS
Exploits9References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.26 views

Microsoft Azure Site Recovery Code Injection Vulnerability (CNVD-2022-18005)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to code injection. No details of the vulnerability are currently available...

7.2CVSS1.6AI score0.02281EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.26 views

WordPress Conversios.io plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. SQL injection vulnerability exists in versions of WordPress...

8.8CVSS2.8AI score0.01297EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/08 12:0 a.m.26 views

D-Link Dir-X1860 has an unspecified vulnerability (CNVD-2022-20167)

The D-Link Dir-X1860 is a dual-band router from D-Link, a Chinese company. The security vulnerability in the D-Link DIR-X1860 version 1.03 RevA1, which stems from the lack of effective information protection and filtering of information disclosure in the web interface, could be exploited by a...

5.3CVSS0.4AI score0.02136EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.26 views

Google Chrome Media Memory Misreference Vulnerability (CNVD-2022-63926)

Google Chrome is a web browser from Google, Inc. Google Chrome Media is vulnerable to a memory misreference vulnerability that results from a mix-up in the program's instructions for freeing memory, which could be exploited to execute arbitrary code on the system or cause a denial of service...

8.8CVSS4.5AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/03 12:0 a.m.26 views

seacms arbitrary code execution vulnerability

seacms Ocean Video Management System is a video-on-demand system designed for webmasters with different needs. seacms V11.5 has an arbitrary code execution vulnerability, which can be exploited by attackers to write malicious files to the site and execute commands...

9.8CVSS6.3AI score0.0206EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/03 12:0 a.m.26 views

PluXml Cross-Site Scripting Vulnerability (CNVD-2022-73493)

PluXml is a content management system that does not require a database to work.A cross-site scripting vulnerability exists in PluXML version 5.8.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a payload in the thumbnail path of a blog post...

3.5CVSS3.4AI score0.01192EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/03/03 12:0 a.m.26 views

IBM AIX Input Validation Error Vulnerability (CNVD-2022-17017)

IBM AIX is an open standards-based UNIX operating system developed by IBM for the IBM Power architecture. IBM AIX has an input validation error vulnerability that can be exploited by an attacker to cause a fatal AIX error through the CAA kernel, triggering a denial of service...

6.2CVSS4.7AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/02 12:0 a.m.26 views

IBM AIX Denial of Service Vulnerability (CNVD-2022-17018)

IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM, which can also be referred to as AIX. a denial of service vulnerability exists in IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, which stems from a file creation vulnerability in the audit command, the affected component...

4.4CVSS4.7AI score0.00211EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.26 views

Tp-link TL-WR840N has an unspecified vulnerability

Tp-link TL-WR840N is a wireless router from Tp-link, China. TP-LINK TL-WR840NES V6.20 version 180709 is vulnerable due to a lack of filtering and escaping of command parameters in the component oalstartPing. No details of the vulnerability are available at this time...

10CVSS3.6AI score0.52427EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.26 views

JetBrains Hub Cross-Site Scripting Vulnerability (CNVD-2022-17756)

JetBrains Hub is a web-based application from JetBrains Czech Republic. The application is able to integrate multiple JetBrains team tools together. JetBrains Hub has a cross-site scripting vulnerability that can be exploited by attackers to execute XSS attacks...

6.1CVSS2.3AI score0.00559EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.26 views

Gabia Firstmall has an unspecified vulnerability

Gabia Firstmall is used by Gabia for address resolution. A security vulnerability exists in Gabia Firstmall due to insufficient validation of various input values from users, which can be exploited to execute malicious code in Firstmall via the navercheckoutadd function...

9.8CVSS4.5AI score0.01249EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.26 views

JetBrains TeamCity XML External Entity Handling Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...

9.8CVSS2.1AI score0.01011EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/28 12:0 a.m.26 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-16339)

Google Android is a Linux-based open source operating system from Google. Google Android buffer overflow vulnerability, the vulnerability stems from improper boundary checking. An attacker can exploit the vulnerability to read invalid memory and cause the application to crash...

5.3CVSS4.9AI score0.001EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/25 12:0 a.m.26 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17687)

Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error, which can be exploited by attackers to cause MySQL Server to hang or crash repeatedly and frequently...

4.9CVSS3.6AI score0.01806EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.26 views

WordPress Plugin Advanced Database Cleaner Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Advanced Database Cleaner prior to version...

6.1CVSS6AI score0.00788EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.26 views

Plesk Cross-Site Request Forgery Vulnerability (CNVD-2022-91163)

Plesk is a hosting control panel from the Swiss company Plesk. version 18.0.37 of Plesk is vulnerable to cross-site request forgery, which stems from the software's lack of validation of cross-site request forgery tokens. An attacker could exploit this vulnerability to insert data in the user and...

6.5CVSS3.1AI score0.00719EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/21 12:0 a.m.26 views

WordPress Cozmoslabs Profile Builder plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Cozmoslabs Profile Builder plugin 3.6.1 and earlier versions have a cross-site scripting vulnerability...

6.1CVSS1.5AI score0.02703EPSS
Exploits3References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.26 views

snapd input validation error vulnerability

Snapd is an open source, cross-platform package management tool. snapd is vulnerable to an input validation error that could be exploited to allow snap to escape strict snap restrictions by injecting arbitrary AppArmor policy rules through misformatted content interfaces and layout statements...

8.2CVSS2.6AI score0.0043EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.26 views

KiCad EDA Buffer Overflow Vulnerability

KiCad Eda is a cross-platform and open source electronic design automation suite from the KiCad community. KiCad EDA is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker with a specially crafted gerber or excellon file to cause code execution...

7.8CVSS5.1AI score0.01539EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/17 12:0 a.m.26 views

Atlassian Jira Service Management Server Licensing Issue Vulnerability

Atlassian Jira Service is a server-based version of Atlassian Australia's IT service desk and request tracking system, which is used to receive, track and manage requests from team clients. An authorization issue vulnerability exists in Atlassian Jira Service Management Server, which stems from...

4.3CVSS3.8AI score0.00832EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/17 12:0 a.m.26 views

Atlassian Confluence Server权限提升漏洞

Atlassian Confluence Server is a server version of Atlassian Australia's suite of collaborative software with enterprise knowledge management capabilities and support for building enterprise WiKi. An elevation of privilege vulnerability exists in Atlassian Confluence Server, which stems from an...

7.8CVSS3.7AI score0.00325EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/16 12:0 a.m.26 views

Pybbs Cross-Site Scripting Vulnerability

Pybbs is a community forum for more practical Java development. A cross-site scripting vulnerability exists in Pybbs, which stems from the product's search box not effectively handling special characters in user input data. An attacker can exploit this vulnerability to execute client-side code...

6.1CVSS6AI score0.00611EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/15 12:0 a.m.26 views

Magnolia CMS has an unspecified vulnerability (CNVD-2022-13385)

Magnolia CMS is an application of the Swiss company Magnolia. Magnolia CMS, a website building framework, is provided with a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted CSV XLS file...

7.8CVSS6.3AI score0.01668EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/15 12:0 a.m.26 views

Samsung Wear Os StTheaterModeReceiver Access Control Error Vulnerability (CNVD-2022-56487)

Samsung Wear Os is a version of the Android operating system from Samsung South Korea designed for wearable computer devices such as smartwatches. An access control error vulnerability exists in versions of Samsung Wear OS prior to 3.0, which is designed for wearable computer devices such as...

4.3CVSS3.5AI score0.00449EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/14 12:0 a.m.26 views

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-15933)

Adobe Illustrator is a vector-based image creation software from Adobe, Inc. A security vulnerability exists in Adobe Illustrator, which stems from the product's failure to add effective data protection measures. A remote attacker could use the vulnerability to access sensitive information...

5.5CVSS2.8AI score0.01876EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/11 12:0 a.m.27 views

Radareorg Radare2 Buffer Overflow Vulnerability

radare2 is a set of libraries and tools for working with binary files. radareorg Radare2 suffers from a buffer overflow vulnerability that stems from the product's failure to effectively determine memory boundaries, which could be exploited by an attacker to cause a buffer overflow...

7.1CVSS5.1AI score0.00958EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.26 views

Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-15814)

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation that can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.9AI score0.01855EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.26 views

Bentley Systems MicroStation Resource Management Error Vulnerability (CNVD-2022-16156)

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A resource management error vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.7AI score0.01979EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.26 views

Bentley Systems MicroStation Buffer Overflow Vulnerability

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to execute arbitrary code in the context of the current process, along...

5.5CVSS6.1AI score0.01791EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.26 views

Google Chrome Buffer Overflow Vulnerability (CNVD-2022-45562)

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which can be exploited by remote attackers to potentially exploit heap corruption via well-designed HTML pages...

8.8CVSS4.7AI score0.00953EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.26 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60123)

Microsoft Edge Chromium-based is vulnerable to an elevation-of-privilege vulnerability in Microsoft Edge, a web browser that ships with Windows 10 and later. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges...

6.8CVSS4AI score0.01204EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.26 views

Sante DICOM Viewer Pro J2K Remote Code Execution Vulnerability (CNVD-2022-14984)

Sante DICOM Viewer Pro is a medical DICOM image viewer.A remote code execution vulnerability exists in Sante DICOM Viewer Pro J2K, which can be exploited by attackers to execute code in the context of the current process...

7.8CVSS6.2AI score0.01731EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.26 views

Sante DICOM Viewer Pro DCM Information Disclosure Vulnerability

Sante DICOM Viewer Pro is a medical DICOM image viewer.An information disclosure vulnerability exists in Sante DICOM Viewer Pro DCM, which can be exploited by attackers to execute arbitrary code in the context of the current process along with other vulnerabilities...

5.5CVSS4.5AI score0.0144EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/09 12:0 a.m.26 views

Intel Connman Information Disclosure Vulnerability (CNVD-2022-09128)

Connman is a connection manager. a security vulnerability exists in Connman's DNS proxy, which stems from the fact that the TCP server reply implementation has an infinite loop. No details of the vulnerability are currently available...

5CVSS1.6AI score0.02485EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/02/09 12:0 a.m.26 views

Sensio Labs Twig Injection Vulnerability

Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...

9.8CVSS3.1AI score0.08209EPSS
Exploits3References1
CNVD
CNVD
added 2022/02/08 12:0 a.m.26 views

Siemens Simcenter Femap内存破坏漏洞

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap suffers from a memory corruption vulnerability that can...

7.8CVSS5.2AI score0.01564EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/08 12:0 a.m.26 views

Siemens Simcenter Femap Out-of-Bounds Writing Vulnerability (CNVD-2022-10008)

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap is vulnerable to an out-of-bounds write vulnerability...

7.8CVSS3AI score0.01293EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/03 12:0 a.m.26 views

Palo Alto Networks Cortex XDR Code Issue Vulnerability

Palo Alto Networks Cortex XDR is a security operations platform for remote endpoint-based detection from Palo Alto Networks Malaysia. A code issue vulnerability exists in the Palo Alto Networks Cortex XDR agent that can be exploited by an attacker to execute a live endpoint session used by a loca...

7.3CVSS7.3AI score0.0025EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/03 12:0 a.m.26 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09144)

Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server that originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete da...

4.3CVSS4.9AI score0.01399EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/03 12:0 a.m.26 views

Oracle MySQL Buffer Overflow Vulnerability

Oracle MySQL Server is a relational database from Oracle Corporation. MySQL Server suffers from a buffer overflow vulnerability that originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete data...

4CVSS5AI score0.01658EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/28 12:0 a.m.26 views

SPIP Cross-site Request Forgery Vulnerability (CNVD-2022-08190)

SPIP is a Web-based content publishing system. A cross-site request forgery vulnerability exists in SPIP, which stems from a Web application that does not adequately validate that requests are coming from trusted users. An attacker could use this vulnerability to send unintended requests to the...

8.8CVSS3.9AI score0.00491EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/26 12:0 a.m.26 views

Google Chrome Security Feature Issue Vulnerability (CNVD-2022-15135)

Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to a security feature that could be exploited by attackers to bypass navigation restrictions via carefully designed HTML pages...

4.3CVSS3.7AI score0.00582EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/01/25 12:0 a.m.26 views

Adobe Acrobat Reader Dc Input Validation Error Vulnerability

Adobe Acrobat Reader Dc is a Pdf reading tool from the American company Adobe. It is used to reliably view, print and annotate Pdf documents. Adobe Acrobat Reader Dc suffers from an input validation error vulnerability, which stems from inadequate validation of user-supplied input. A remote...

5.5CVSS3AI score0.02168EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.26 views

Adobe Acrobat Reader Dc Buffer Overflow Vulnerability (CNVD-2022-11149)

Adobe Acrobat Reader Dc is a Pdf reading tool from Adobe. Adobe Acrobat Reader Dc suffers from a buffer overflow vulnerability that originates from a boundary error when handling untrusted input. A remote attacker could exploit the vulnerability by creating a specially crafted PDF file, tricking...

9.3CVSS7.8AI score0.08618EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.26 views

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-18211)

MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database designed to guarantee 99.999% availability. A buffer overflow vulnerability exists in Oracle MySQL Cluster, which can be exploited by an attacker to execute code in the context of a service account...

6.3CVSS6.2AI score0.02795EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.26 views

SourceCodester Online Leave Management System SQL注入漏洞

SourceCodester Online Leave Management System is an online leave management system. v1 of SourceCodester Online Leave Management System is vulnerable to SQL injection. system/classes/Login.php parameter lacks effective filtering and escaping, which can be exploited to execute arbitrary SQL comman...

9.8CVSS3.3AI score0.01356EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.26 views

pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07497)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. pimcore has a cross-site scripting...

6.6CVSS2.3AI score0.01456EPSS
Exploits1References1
Total number of security vulnerabilities5000