Lucene search
K

130931 matches found

CNVD
CNVD
•added 2025/02/13 12:0 a.m.•11 views

Google Pixel Buffer Overflow Vulnerability (CNVD-2025-03266)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of bounds checking in multiple functions of glproc.c, which can be exploited by an attacker to cause privilege escalation...

8.8CVSS9.7AI score0.00097EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•8 views

Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability

Microsoft Dynamics 365 Sales is a powerful tool designed to streamline and enhance the sales process, providing sales teams with the insights and data to build strong customer relationships and close deals effectively. An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Sales...

8.8CVSS8.5AI score0.01155EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•7 views

Microsoft Office Code Execution Vulnerability (CNVD-2025-04198)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

7.8CVSS7.7AI score0.00783EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•2 views

Microsoft Office Code Execution Vulnerability (CNVD-2025-10664)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

7.8CVSS8.1AI score0.00726EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•2 views

Chat System addnewmember.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System has a SQL injection vulnerability that stems from a lack of sufficient input validation and cleanup of the parameter user in the file /user/addnewmember.php. An attacker could exploit this vulnerability to cause database information to be disclosed or...

7.5CVSS7.7AI score0.0043EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•4 views

Zoom Workplace App for Linux Denial of Service Vulnerability

Zoom Workplace App for Linux is a Linux application for enterprise communication and collaboration. A denial of service vulnerability exists in Zoom Workplace App for Linux, which stems from the application failing to properly handle specific network requests. An attacker could exploit the...

6.5CVSS6.7AI score0.00456EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•5 views

Zoom Workplace Apps Out-of-Bounds Write Vulnerability

Zoom Workplace Apps is an app for multiple platforms including Linux, macOS, Windows, iOS and Android. Zoom Workplace Apps suffers from an out-of-bounds write vulnerability that stems from the application failing to properly validate boundaries when processing a specific request. An attacker coul...

6.5CVSS6.1AI score0.00331EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•3 views

Zoom Workplace App for macOS Denial of Service Vulnerability

Zoom Workplace App for macOS is a video conferencing software designed for macOS, aiming to provide a stable and efficient remote collaboration experience. A denial of service vulnerability exists in Zoom Workplace App for macOS, which stems from improper link parsing when the installer handles...

5CVSS6.3AI score0.00225EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•3 views

Zoom Workplace Apps for Windows Elevation of Privilege Vulnerability

Zoom Workplace Apps for Windows is a professional video conferencing client, built for enterprise meetings, that is mobile and cloud-based. Zoom Workplace Apps for Windows suffers from an elevation of privilege vulnerability that stems from an untrusted search path in the installer. No details of...

7.8CVSS6.4AI score0.00206EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•2 views

Zoom Workplace App for Linux Elevation of Privilege Vulnerability

Zoom Workplace App for Linux is an application for enterprise communication and collaboration, offering features such as video conferencing, online meetings, chat and mobile collaboration. An elevation of privilege vulnerability exists in Zoom Workplace App for Linux, which stems from the...

9.8CVSS6.3AI score0.00592EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/13 12:0 a.m.•2 views

Dell PowerProtect DD Stack Buffer Overflow Vulnerability

PowerProtect DD is a data protection and backup solution from Dell designed to provide efficient storage and data recovery. A stack buffer overflow vulnerability exists in Dell PowerProtect DD versions 7.13.1.10 and earlier and 7.10.1.40 and earlier, which stems from a failure to properly handle ...

4.9CVSS6.9AI score0.00375EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/11 12:0 a.m.•5 views

Siemens SIPROTEC 5 Sensitive Information Plaintext Storage Vulnerability

SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other applications. A sensitive information plaintext storage vulnerability exists in Siemens SIPROTEC 5. The vulnerability arises because affected SIPROTEC 5 devices do...

5.1CVSS6.1AI score0.00153EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/11 12:0 a.m.•3 views

Siemens Web Server User Enumeration Vulnerability in Various SIMATIC Products

SIMATIC Drive Controllers are designed for the automation of production machines, combining the functionality of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. The SIMATIC S7-1200 CPU products are...

6.9CVSS7AI score0.00466EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/11 12:0 a.m.•2 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2025-23065)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

4.3CVSS6.5AI score0.00591EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/11 12:0 a.m.•8 views

Microsoft Azure Monitor Agent Elevation of Privilege Vulnerability (CNVD-2025-03436)

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. An elevation of privilege vulnerability exists in Microsoft Azure Monitor Agent, which stems from the presence of an elevation of privilege vulnerability. An attacker can exploit the...

7.8CVSS6.6AI score0.00493EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/11 12:0 a.m.•12 views

Siemens SIMATIC S7-1200 CPU Family Denial of Service Vulnerability (CNVD-2025-03036)

SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. A denial of service vulnerability exists in Siemens SIMATIC S7-1200 CPU Family versions prior to V4.7, which can be...

7.1CVSS6.7AI score0.00507EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/11 12:0 a.m.•10 views

Siemens SIMATIC S7-1200 CPU Family Denial of Service Vulnerability

SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. A denial of service vulnerability exists in Siemens SIMATIC S7-1200 CPU Family versions prior to V4.7, which can be...

8.7CVSS6.7AI score0.00566EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•4 views

Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-06657)

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.4AI score0.0023EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•3 views

D-Link DHP-W310AV Authentication Bypass Vulnerability

The D-Link DHP-W310AV is a popular router device. The D-Link DHP-W310AV has an authentication bypass vulnerability that can be exploited by an attacker to bypass security restrictions and gain access to the system...

9.8CVSS7.4AI score0.02681EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•14 views

Google Chrome V8 Code Execution Vulnerability (CNVD-2025-05222)

Google Chrome is a WEB browser developed by Google Inc. A security vulnerability exists in Google Chrome V8, which can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the application context to execute arbitrary code...

8.2CVSS7.6AI score0.00323EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•7 views

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-06208)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI,...

5.4CVSS6AI score0.00206EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•3 views

Google Chrome Out-of-Bounds Access Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds access vulnerability that can be exploited by attackers to cause heap corruption via specially crafted HTML pages...

7.5CVSS6.9AI score0.00375EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•7 views

IBM ApplinX Cross-Site Request Forgery Vulnerability (CNVD-2025-06206)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, an...

4.3CVSS6.4AI score0.00136EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•2 views

Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-18674)

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...

9.8CVSS7.5AI score0.00547EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•9 views

Cisco Identity Services Engine Authorization Bypass Vulnerability (CNVD-2025-03530)

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API has an authorization bypass vulnerability that can be exploited by a remote attacker to submit a special request that can obtain sensitive information, modify...

9.1CVSS6.9AI score0.145EPSS
Exploits2References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•9 views

IBM ApplinX Cross-Site Request Forgery Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, an...

4.3CVSS6.4AI score0.00136EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•7 views

Google Chrome DevTools Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome DevTools, which can be exploited by an attacker to execute arbitrary code...

8.8CVSS8.6AI score0.00339EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•1 views

Dell Networking Switches running Enterprise SONiC OS Log Information Disclosure Vulnerability

Dell Networking Switches running Enterprise SONiC OS is an open-source based network operating system from Dell, designed for data center and cloud computing scenarios, supporting a unified network architecture from edge to core to cloud. A log information disclosure vulnerability exists in Dell...

8CVSS6.3AI score0.00331EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•3 views

Apple macOS Sequoia Information Disclosure Vulnerability (CNVD-2025-19513)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from an information disclosure vulnerability that is caused due to an information disclosure issue in the FaceTime component when using a specially crafted application. An attacker can...

5.5CVSS5.9AI score0.0026EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•2 views

Apple macOS Sequoia CoreMedia File Parsing Denial of Service Vulnerability

Apple macOS Sequoia is an operating system from the American company Apple Apple. A denial of service vulnerability exists in Apple macOS Sequoia CoreMedia file parsing, which can be exploited by attackers to cause a denial of service...

6.5CVSS6.4AI score0.00683EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•13 views

Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-03275)

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...

9.8CVSS9.7AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•3 views

Unspecified vulnerability in CMSimple (CNVD-2026-02647)

CMSimple is a free content management system. An unspecified vulnerability exists in CMSimple, which can be exploited by an attacker to submit a special request to obtain sensitive source code, leading to the disclosure of sensitive information...

7.5CVSS6.6AI score0.00632EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•3 views

Denial of Service Vulnerability in Multiple Apple Products (CNVD-2025-19515)

Apple macOS Sequoia is an operating system from Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer from Apple Inc. A denial of service vulnerability exists in several Apple products, which can be exploited by...

7.5CVSS6.3AI score0.00819EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•1 views

Apple macOS Sequoia and Apple macOS Sonoma Denial of Service Vulnerabilities

Apple macOS Sequoia and Apple macOS Sonoma are both operating systems from the American company Apple. Apple macOS Sequoia and Apple macOS Sonoma contain a denial of service vulnerability that can be exploited by an attacker to cause a denial of service...

5.5CVSS6.5AI score0.00298EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•7 views

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-06207)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI,...

5.4CVSS6AI score0.00206EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•14 views

Cisco Identity Services Engine Code Issue Vulnerability (CNVD-2025-03531)

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API has a code issue vulnerability that can be exploited by a remote attacker to submit a special request that can execute arbitrary commands with elevated...

9.9CVSS7.8AI score0.16282EPSS
Exploits4References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•8 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2025-03533)

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Cisco Identity Services Engine WEB interface, which can be exploited by a remote attacker to inject malicious script or HTML code, which can be use...

4.8CVSS5.6AI score0.00301EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•15 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2025-03532)

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Cisco Identity Services Engine WEB interface, which can be exploited by a remote attacker to inject malicious script or HTML code, which can be use...

4.8CVSS5.6AI score0.00301EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•2 views

DELL PowerProtect DD Path Traversal Vulnerability

DELL PowerProtect DD is a family of data protection storage appliances from Dell, built on the Data Domain platform and designed for enterprise-level users. The DELL PowerProtect DD suffers from a path traversal vulnerability that can be exploited by an attacker to illegally overwrite operating...

7.1CVSS6.9AI score0.00182EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/10 12:0 a.m.•7 views

Dell PowerProtect DD Elevation of Privilege Vulnerability

Dell PowerProtect DD is Dell's data protection solution for backing up and restoring data. A security vulnerability exists in Dell PowerProtect DD. An attacker could exploit the vulnerability to cause elevation of privilege...

7.8CVSS6.8AI score0.00142EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•6 views

Denial of Service Vulnerability in Various festo Products

MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD,MSE6-E2M-5000-FB13-AGD,MSE6-E2M-5000-FB37-AGD and so on are industrial control components. A denial of service vulnerability exists in several festo products, which can be exploited by attackers to gain control of a server...

7.3AI score0.00504EPSS
Exploits0
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•9 views

IBM App Connect Enterprise Certified Container Denial of Service Vulnerability (CNVD-2025-02814)

IBM App Connect Enterprise Certified Container is an image of the IBM App Connect Enterprise software product based on the International Business Machines IBM, Inc. The package is provided as an executable file that can be deployed and run in a containerized environment. A security vulnerability...

5.5CVSS6.4AI score0.0016EPSS
Exploits0References1
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•5 views

Open5GS ogs_kdf_hash_mme function denial of service vulnerability

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial-of-service vulnerability exists in Open5GS 2.6.4 and earlier versions, which stems from a reachable assertion in the ogskdfhashmme function, and can be exploited ...

5.3CVSS6.6AI score0.00261EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•6 views

Open5GS Denial of Service Vulnerability (CNVD-2025-03154)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited to cause a denial of service by an attacker who sends an "Initial UE Message" that lacks the required...

8.6CVSS6.8AI score0.00752EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•3 views

Open5GS nas_eps_send_emm_to_esm function denial of service vulnerability

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.6.4 and earlier, which originates from a reachable assertion in the nasepssendemmtoesm function, and can be...

8.6CVSS6.6AI score0.0054EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•5 views

Open5GS mme_ue_find_by_imsi function denial of service vulnerability

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial-of-service vulnerability exists in Open5GS 2.6.4 and earlier versions, which stems from a reachable assertion in the mmeuefindbyimsi function, and can be exploite...

7.5CVSS6.6AI score0.00752EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•7 views

Open5GS Denial of Service Vulnerability (CNVD-2025-03199)

Open5GS is Open5GS open source an open source implementation of 5G Core and Epc in C, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited by an attacker to send a "UE Functional Information Indication" message missing the required mmeues1apid...

8.6CVSS6.8AI score0.00752EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•4 views

Logic flaw vulnerability in H5S video platform of ZeroVision Technology (Shanghai) Co.

ZeroVision Technology Shanghai Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. ZeroVision Technologies Shanghai Ltd. H5S video platform has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information and create...

6.5AI score
Exploits0
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•3 views

Hospital Management System index.php File Cross-Site Scripting Vulnerability

Hospital Management System a PHP and MySQL based hospital management system. Hospital Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Email parameter of /doctor/index.php, which can be...

4.2CVSS6.5AI score0.00199EPSS
Exploits1References1
CNVD
CNVD
•added 2025/02/08 12:0 a.m.•2 views

Hospital Management System /edit-profile.php File Cross-Site Scripting Vulnerability

Hospital Management System a PHP and MySQL based hospital management system. Hospital Management System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in /edit-profile.php, which can be exploited by an...

4.2CVSS6.1AI score0.00199EPSS
Exploits1References1
Total number of security vulnerabilities130931