Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2024/01/26 12:0 a.m.•26 views

Code Execution Vulnerabilities in Multiple Mozilla Products

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

8.8CVSS8.1AI score0.00745EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•26 views

Mozilla Firefox Denial of Service Vulnerability (CNVD-2024-10437)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A denial of service vulnerability exists in Mozilla Firefox, which can be exploited by attackers to cause the browser to crash...

7.5CVSS6.9AI score0.00602EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/24 12:0 a.m.•26 views

Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability

Simple Online Hotel Reservation System is an online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the addreserve.php file, and can ...

6.1CVSS6.4AI score0.00556EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/23 12:0 a.m.•26 views

Huawei HarmonyOS buffer overflow vulnerability (CNVD-2024-06169)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in a module. An attacker could exploit the...

9.8CVSS7.4AI score0.00455EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•26 views

Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04951)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...

6.5CVSS5.9AI score0.02039EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•26 views

Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04950)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...

6.5CVSS5.9AI score0.01925EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•26 views

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2024-12469)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A security vulnerability exists in Adobe InDesign, which can be exploited by an attacker to cause a sensitive memory leak...

5.5CVSS5.2AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/13 12:0 a.m.•26 views

PHPEMS Deserialization Vulnerability

PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...

8.8CVSS7.3AI score0.01666EPSS
Exploits1References1
CNVD
CNVD
•added 2023/12/13 12:0 a.m.•26 views

Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the system via a malicious local administrator...

7.2CVSS7.3AI score0.00623EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/13 12:0 a.m.•26 views

IBM Informix Dynamic Server Buffer Overflow Vulnerability (CNVD-2023-9769466)

IBM Informix Dynamic Server IDS is a scalable object-relational database server from International Business Machines IBM that provides clustered data centers with features such as continuous data availability and disaster recovery. IBM Informix Dynamic Server suffers from a buffer overflow...

6.2CVSS8.3AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/21 12:0 a.m.•26 views

Adobe ColdFusion Access Control Error Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An Access Control Error vulnerability exists in Adobe ColdFusion, which arises from the presence of...

7.5CVSS6.5AI score0.10072EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/14 12:0 a.m.•26 views

Command Execution Vulnerability in Green Alliance Operations and Maintenance Security Management System

Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Securit...

7.9AI score
Exploits0
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•26 views

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-82672)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects versions 18.4....

3.3CVSS6.5AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•26 views

Google Android Information Disclosure Vulnerability (CNVD-2024-00168)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by attackers to cause information leakage...

5.5CVSS6.4AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•26 views

Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81885)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...

8.1CVSS7.8AI score0.01256EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•26 views

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office Click-To-Run has an elevation of privilege vulnerability that can be exploited by an...

7CVSS7.1AI score0.00436EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•26 views

Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81884)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...

8.1CVSS7.8AI score0.01256EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/27 12:0 a.m.•26 views

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-76937)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. Adobe After Effects suffers from an out-of-bounds read vulnerability that stems...

3.3CVSS6.5AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/18 12:0 a.m.•26 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-82284)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.7AI score0.00363EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/17 12:0 a.m.•26 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-75496)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 117.0.5938.62, which stems from an improper implementation of the Custom Tabs module. An attacker can exploit the vulnerability to bypass security restrictions...

4.3CVSS6.1AI score0.00663EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/15 12:0 a.m.•26 views

Microsoft 3D Viewer Remote Code Execution Vulnerability (CNVD-2023-74905)

Microsoft 3D Viewer is a simplified and fast graphics editing application from Microsoft. A remote code execution vulnerability exists in Microsoft 3D Viewer, which can be exploited by an attacker to execute code on the target host...

7.8CVSS7.9AI score0.00768EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/15 12:0 a.m.•26 views

Command Execution Vulnerability in 4A Unified Security Control Platform of Beijing Qixingchen Information Security Technology Co.

Beijing Qixingchen Information Security Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the 4A Unified Security Control Platform of Beijing Qixingchen Information Security...

7.8CVSS7.4AI score0.00461EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/15 12:0 a.m.•26 views

Microsoft Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability

Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. An elevation of privilege vulnerability exists in Microsoft Azure HDInsight Apache Ambari, which can be exploited by an attacker to gain domain administrator privileges...

7.2CVSS6.9AI score0.01874EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/14 12:0 a.m.•26 views

Siemens Industrial Products WIBU System CodeMeter Heap Buffer Overflow Vulnerability

PSSRCAPE is a transmission and distribution network protection simulation software.PSSRE is a power system simulation and analysis tool for transmission operations and planning.PSSRODMS is a CIM-based network modeling management tool with network analysis capabilities for planning and operational...

9.8CVSS8.2AI score0.01505EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/11 12:0 a.m.•26 views

Tenda AC6 Denial of Service Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A denial of service vulnerability exists in the Tenda AC6. The vulnerability stems from a failure to properly handle incoming error messages and can be exploited to cause a denial of service device crash via a long string in the...

4.9CVSS6.5AI score0.00724EPSS
Exploits1References1
CNVD
CNVD
•added 2023/09/11 12:0 a.m.•26 views

Vim buffer overflow vulnerability (CNVD-2023-72249)

Vim is a cross-platform text editor. A buffer overflow vulnerability exists in Vim versions prior to 9.0.1873, which stems from a boundary error in the regexp.c:2482 function when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system ...

4.4CVSS8.1AI score0.00606EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/08/31 12:0 a.m.•26 views

Linux kernel memory leak vulnerability (CNVD-2023-70087)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory leak vulnerability that originates from nftsetcatchallflush in net/netfilter/nftablesapi.c not freeing or failing to free dynamically allocat...

5.5CVSS6.4AI score0.00282EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/17 12:0 a.m.•26 views

Google Chrome ANGLE Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions prior to Google Chrome 116.0.5845.96, which stems from a boundary error in ANGLE when handling untrusted input, and can be exploited by a remote attacker to cause the browser to shu...

8.8CVSS7AI score0.00923EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/14 12:0 a.m.•26 views

Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-71239)

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. The power of discrete-event simulation is used to analyze and optimize throughput and thus improve manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from an out-of-bounds write...

7.8CVSS7.1AI score0.00222EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•26 views

ASUS RT-AC66U Information Disclosure Vulnerability

The ASUS RT-AC66U is a wireless router from the Chinese company ASUS. An information disclosure vulnerability exists in ASUS RT-AC66U B1 version 3.0.0.4.28651665, which originates from transmitting sensitive information in clear text. An attacker can exploit the vulnerability to obtain sensitive...

7.5CVSS5.9AI score0.00377EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•26 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-64873)

Microsoft SharePoint Server Information Disclosure Vulnerability CNVD-2023-64874...

6.5CVSS6.6AI score0.02153EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•26 views

Huawei HarmonyOS misconfiguration vulnerability (CNVD-2023-64500)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a misconfiguration vulnerability that stems from a configuration flaw in the media module. An attacker can exploit the...

9.1CVSS7AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•26 views

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66418)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

8.8CVSS8.2AI score0.00608EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/07 12:0 a.m.•26 views

F5 BIG-IP (APM) Elevation of Privilege Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP APM elevation of privilege vulnerability, which is caused by incorrect verification of cryptographic signatures duri...

7.8CVSS7.1AI score0.00136EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/03 12:0 a.m.•26 views

Apple macOS Ventura Security Bypass Vulnerability

Apple macOS Ventura is a desktop operating system from the American company Apple. A security bypass vulnerability exists in Apple macOS Ventura, which can be exploited by attackers to bypass certain privacy preferences...

7.5CVSS6.5AI score0.00913EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/30 12:0 a.m.•26 views

Apache Shiro Path Traversal Vulnerability

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . A path traversal vulnerability exists in versions of Apache Shiro prior to 1.12.0, which stems from the program's failure to...

9.8CVSS9.2AI score0.01533EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/20 12:0 a.m.•26 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65505)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...

4.9CVSS6.3AI score0.01049EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/20 12:0 a.m.•26 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65507)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to MySQL Server accessible data...

2.7CVSS6AI score0.00782EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/13 12:0 a.m.•26 views

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2023-72197)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

8.8CVSS8.1AI score0.43984EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/12 12:0 a.m.•26 views

Siemens Tecnomatix Plant Simulation Type Obfuscation Vulnerability

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany, that uses discrete-event simulation to analyze and optimize throughput and thereby improve manufacturing system performance. A type confusion vulnerability exists in Siemens Tecnomatix Plant Simulation, whi...

7.8CVSS7.1AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/10 12:0 a.m.•26 views

Milesight UR32L vtysh_ubus toolsh_excute.constprop.1 Functional Command Injection Vulnerability (CNVD-2023-65490)

The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L vtyshubus toolshexcute.constprop.1 feature suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

8.8CVSS8.2AI score0.036EPSS
Exploits1References1
CNVD
CNVD
•added 2023/07/10 12:0 a.m.•26 views

Milesight UR32L ys_thirdparty user_delete function command injection vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L ysthirdparty userdelete function, which can be exploited by an attacker to execute arbitrary commands on the system...

7.2CVSS8.1AI score0.03607EPSS
Exploits1References1
CNVD
CNVD
•added 2023/06/14 12:0 a.m.•26 views

Siemens Teamcenter Visualization and JT2Go Null Pointer Dereference Vulnerability

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM and TIF data.Teamcenter Visualization software is able to enhance its Product Lifecycle Management PLM environments with a comprehensive range of visualization solutions. PLM environme...

5.5CVSS6.5AI score0.00184EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/08 12:0 a.m.•26 views

Wireshark Buffer Overflow Vulnerability (CNVD-2023-62286)

Wireshark is a network packet analysis tool. The tool is mainly used to capture network packets and automatically parses the packets to display detailed information about the packets for users to analyze. Wireshark has a security vulnerability that can be exploited by attackers to execute arbitra...

6.5CVSS7.7AI score0.02008EPSS
Exploits1References1
CNVD
CNVD
•added 2023/05/31 12:0 a.m.•26 views

Google Chrome Mojo Component Code Execution Vulnerability

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in the Google Chrome Mojo component that stems from an out-of-bounds memory access issue in the Mojo module. An attacker could exploit this vulnerability to execute arbitrary code on the system ...

8.8CVSS8.7AI score0.01463EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/31 12:0 a.m.•26 views

GIT suffers from a service parameter injection vulnerability

GIT is a revision control system. GIT suffers from a service parameter injection vulnerability that can be exploited by an attacker to execute arbitrary code from a distance...

4.4CVSS8.2AI score0.06079EPSS
Exploits2Affected Software1
CNVD
CNVD
•added 2023/05/30 12:0 a.m.•26 views

Moodle cross-site scripting vulnerability (CNVD-2023-43862)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle version 3.10.1 that stems from improper input cleanup and is susceptible to...

5.4CVSS5.6AI score0.00686EPSS
Exploits1References1
CNVD
CNVD
•added 2023/05/15 12:0 a.m.•26 views

Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability (CNVD-2023-44295)

Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view user data and modify the web...

5.9CVSS6AI score0.0062EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/23 12:0 a.m.•26 views

Apache DolphinScheduler Authorization Issues Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache DolphinScheduler suffers from an authorization problem vulnerability that stems from the presence of incorrect authentication, which can ...

4.3CVSS6.7AI score0.01127EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/23 12:0 a.m.•26 views

Google Chrome Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 112.0.5615.137, which stems from a confusion in the directive responsible for freeing memory in DevTools. An attacker could use this vulnerability to caus...

7.5CVSS6.8AI score0.01EPSS
Exploits0References1
Total number of security vulnerabilities5000