Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/04/07 12:0 a.m.•4 views

Endian Firewall new_cert_name Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall newcertname parameter, which stems from improper handling of the newcertname parameter in /manage/ca/certificate/, and can be exploited by an attacker to inject...

6.4CVSS5AI score0.00092EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•8 views

IBM DataPower Gateway Cross-Site Request Forgery Vulnerability (CNVD-2026-19180)

IBM DataPower Gateway is an enterprise-grade application security gateway that provides API management and traffic control capabilities. A cross-site request forgery vulnerability exists in IBM DataPower Gateway. The vulnerability arises because the system fails to effectively validate the source...

8.8CVSS5.7AI score0.00167EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•4 views

IBM Verify Identity Access Authentication Bypass Vulnerability (CNVD-2026-16876)

IBM Verify Identity Access and Security Verify Access are a family of identity and access management solutions that provide user authentication and access control capabilities. An authentication bypass vulnerability exists in IBM Verify Identity Access. The vulnerability arises due to a flaw in t...

9.8CVSS5.8AI score0.0036EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•7 views

Endian Firewall name parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall name parameter, which stems from improper cleanup of the name parameter input in /manage/qos/classes/, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/password/web/, and can be exploited by an attacker to inject malicious scri...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•4 views

Endian Firewall NAME Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall NAME parameter, which originates from improperly cleaning up the input of the NAME parameter in /cgi-bin/uplinkeditor.cgi, and can be exploited by an attacker to...

6.4CVSS4.9AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall ADDRESS BCC Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall ADDRESS BCC parameter, which originates from improper handling of the ADDRESS BCC parameter in /cgi-bin/smtprouting.cgi, and can be exploited by an attacker to...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•8 views

Endian Firewall DATE Parameter OS Command Injection Vulnerability

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsids.cgi, and can be exploited by an...

8.8CVSS5.8AI score0.01222EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•6 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18373)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/vpnauthentication/user/, and can be exploited by an attacker to inject...

6.4CVSS5AI score0.00157EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•4 views

Endian Firewall DATE Parameter OS Command Injection Vulnerability

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logssmtp.cgi, and can be exploited by an...

8.8CVSS5.8AI score0.01248EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•6 views

Endian Firewall group parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall group parameter, which stems from improper handling of the group parameter in /cgi-bin/proxygroup.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•7 views

Endian Firewall DOMAIN Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. Endian Firewall DOMAIN Parameter Cross-Site Scripting VulnerabilityThe vulnerability stems from improper handling of the DOMAIN parameter in /cgi-bin/smtpdomains.cgi, which can be exploited by an attacker to inject malicious...

6.4CVSS5.4AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18401)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/vpnfw.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•8 views

Endian Firewall domain parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall domain parameter, which originates from improper handling of the domain parameter in /manage/smtpscan/domainrouting/, and can be exploited by an attacker to inject...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall mimetypes parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. Endian Firewall mimetypes parameter cross-site scripting vulnerability, which stems from improper handling of the mimetypes parameter in /cgi-bin/proxypolicy.cgi, can be exploited by an attacker to inject malicious JavaScript code...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall DATE Parameter OS Command Injection Vulnerability (CNVD-2026-18423)

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logslog.cgi, and can be exploited by an...

8.8CVSS5.8AI score0.01469EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•2 views

IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2026-16875)

IBM Content Navigator is an enterprise content management and collaboration platform for document management, workflow and content retrieval. A cross-site scripting vulnerability exists in IBM Content Navigator. The vulnerability stems from a failure to properly process user input and can be...

5.4CVSS5.6AI score0.00207EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•9 views

Endian Firewall REMARK Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall REMARK parameter, which stems from improper handling of the REMARK parameter in /cgi-bin/openvpnclient.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00179EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•3 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dnsmasq/hosts/, and can be exploited by an attacker to injec...

6.4CVSS5AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18410)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/snat.cgi, and can be exploited by an attacker to inject malicious JavaScri...

6.4CVSS5AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•7 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18377)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/dnsmasq/localdomains/, and can be exploited by an attacker to inject...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•3 views

Endian Firewall DATE Parameter OS Command Injection Vulnerability (CNVD-2026-18422)

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...

8.8CVSS5.8AI score0.01466EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18400)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/xtaccess.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•4 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18409)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/incoming.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00205EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall user parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall user parameter, which stems from improper handling of the user parameter in /cgi-bin/proxyuser.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00173EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•7 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18375)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/ipsec/, and can be exploited by an attacker to inject malicious script and...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•6 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18403)

Endian Firewall is a network security firewall system from Endian. Cross-site scripting vulnerability in Endian Firewall remark parameterThe vulnerability stems from improper handling of the remark parameter in /cgi-bin/outgoingfw.cgi, which can be exploited by an attacker to inject malicious...

6.4CVSS5.3AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•7 views

Endian Firewall dscp Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall dscp parameter, which stems from improper handling of the dscp parameter in /manage/qos/rules/, and can be exploited by an attacker to inject malicious JavaScript...

6.4CVSS5AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18402)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/zonefw.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00138EPSS
Exploits0
CNVD
CNVD
•added 2026/04/02 12:0 a.m.•6 views

FreeRDP Denial of Service Vulnerability (CNVD-2026-16035)

FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . A denial of service vulnerability exists in FreeRDP. The vulnerability arises because the IMA ADPCM audio decoding process does not validate the step index parameter, resulting in out-of-bounds access to the...

6.9CVSS5.9AI score0.00256EPSS
Exploits1
CNVD
CNVD
•added 2026/04/02 12:0 a.m.•4 views

FreeRDP Heap Buffer Overflow Vulnerability (CNVD-2026-16033)

FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . FreeRDP suffers from a heap buffer overflow vulnerability. The vulnerability arises due to an out-of-bounds heap memory write due to a bmpSize synchronization error in the persistent cache. An attacker can...

7.1CVSS6.2AI score0.001EPSS
Exploits0
CNVD
CNVD
•added 2026/04/02 12:0 a.m.•5 views

FreeRDP Out-of-Bounds Read Vulnerability (CNVD-2026-16034)

FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . FreeRDP suffers from an out-of-bounds read vulnerability. The vulnerability arises due to a mismatch in the persistent cache allocator, which results in an out-of-bounds read of heap memory when processing...

8.1CVSS5.9AI score0.00191EPSS
Exploits0
CNVD
CNVD
•added 2026/04/02 12:0 a.m.•2 views

Linux kernel double release vulnerability (CNVD-2026-16036)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a double-release vulnerability, which stems from the bsgdone function resulting in a double-release that can be exploited by an attacker to cause the...

7.8CVSS5.9AI score0.00194EPSS
Exploits0
CNVD
CNVD
•added 2026/04/02 12:0 a.m.•6 views

FreeRDP Double Release Vulnerability (CNVD-2026-16032)

FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . FreeRDP suffers from a double release vulnerability. The vulnerability is caused by a double release problem in the memory release process of the kerberosAcceptSecurityContext and...

5.3CVSS6AI score0.00282EPSS
Exploits0
CNVD
CNVD
•added 2026/04/02 12:0 a.m.•9 views

OpenBao Authorization Issues Vulnerability

OpenBao is OpenBao open source a sensitive data management software . OpenBao there is an authorization problem vulnerability , the vulnerability stems from JWT/OIDC login and role callbackmode is set to direct when the user is not prompted to confirm , an attacker can use this vulnerability lead...

9.6CVSS6.4AI score0.00411EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•7 views

Unspecified Vulnerability in HCL Traveler

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from weak HTTP header validation, which can be exploited by an attack...

6.3CVSS5.9AI score0.0015EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•2 views

IBM Concert Encryption Problem Vulnerability (CNVD-2026-16880)

IBM Concert is an enterprise-class collaboration and project management software from IBM. A security vulnerability exists in IBM Concert versions 1.0.0 through 2.2.0 that stems from fixed authentication information embedded in the software. An attacker could exploit the vulnerability to obtain...

6.2CVSS5.8AI score0.00093EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•4 views

Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15828)

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC has a security vulnerability that can be exploited by an attacker to get a clearer picture of the organization's network layout...

5.3CVSS5.9AI score0.00202EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•2 views

Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15834)

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a security vulnerability that can be exploited by attackers to cause a denial of service by consuming server bandwidth and processing resources through mass spamming...

5.3CVSS5.9AI score0.0027EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•3 views

OpenClaw Path Traversal Vulnerability (CNVD-2026-16040)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary files and disclose sensitive information...

8.7CVSS6AI score0.00688EPSS
Exploits1
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•9 views

Apple macOS Integer Overflow Vulnerability

Apple macOS is a specialized operating system developed by Apple for Mac computers. An integer overflow vulnerability exists in Apple macOS, which can be exploited by an attacker to cause heap corruption when processing malicious strings...

7.5CVSS5.9AI score0.00599EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•3 views

Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15833)

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC has a security vulnerability that can be exploited by attackers to compromise the application using vulnerabilities available on the Internet...

6.5CVSS5.9AI score0.00175EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•5 views

HCL Aftermarket DPC Session Fixation Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a session fixation vulnerability that can be exploited by an attacker to take over a user's session and conduct unauthorized transactions...

6.5CVSS5.9AI score0.00251EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•8 views

Unspecified Vulnerability in Apple macOS (CNVD-2026-19670)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that can be exploited by an attacker to cause an application to connect to a network share without the user's consent...

7.5CVSS5.8AI score0.0042EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•8 views

Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-19991)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

10CVSS7.8AI score0.00665EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•4 views

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2026-17913)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory misreference vulnerability exists in multiple Mozilla products, whi...

9.8CVSS8.6AI score0.00398EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•6 views

Code execution vulnerability in multiple Mozilla products (CNVD-2026-16995)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...

9.1CVSS8.1AI score0.00407EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•4 views

Multiple Mozilla Products Resource Management Error Vulnerability (CNVD-2026-16998)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A resource management error vulnerability exists in multiple Mozilla...

10CVSS7.7AI score0.00531EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•4 views

Code execution vulnerability in multiple Mozilla products (CNVD-2026-17000)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products. The...

9.8CVSS8.1AI score0.00474EPSS
Exploits0
CNVD
CNVD
•added 2026/03/31 12:0 a.m.•7 views

Elevation of Privilege Vulnerability in Multiple Mozilla Products (CNVD-2026-17001)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An elevation of privilege vulnerability exists in several Mozilla...

9.8CVSS7.3AI score0.00417EPSS
Exploits0
Total number of security vulnerabilities131179