Lucene search
K

130931 matches found

CNVD
CNVD
•added 2025/01/17 12:0 a.m.•15 views

WAVLINK AC3000 internet.cgi set_qos function cli_name parameter buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the cliname parameter of the internet.cgi setqos function that fails to correctly validate the length of the input data, an...

9.1CVSS9.6AI score0.01212EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

WAVLINK AC3000 login.cgi Goto_chidx function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the login.cgi Gotochidx function failing to correctly validate the length of the input data, and can be exploited by a remo...

10CVSS8.2AI score0.01359EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

WAVLINK AC3000 login.cgi restart_hour_value parameter command injection vulnerability in set_sys_init function

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the restarthourvalue parameter of the login.cgi setsysinit function failing to correctly filter the constructor command specia...

10CVSS7.3AI score0.08168EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•7 views

TOTOLINK X5000R recHour Parameter Command Injection Vulnerability in the setScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "recHour" parameter in setScheduleCfg failing to correctly filter for constructor special characters,...

8.8CVSS7.4AI score0.01193EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

Adobe Photoshop Digital Error Vulnerability

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. A security vulnerability exists in Adobe Photoshop, which can be exploited by an attacker to potentially cause arbitrary code to be executed in the...

7.8CVSS7.1AI score0.00274EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•10 views

Unspecified Vulnerability in Microsoft Windows Telephony Server (CNVD-2025-02538)

Microsoft Windows Telephony Server is a component of Microsoft Corporation USA that supports the Telephony Application Programming Interface TAPI, which allows computer programs to communicate with shared telephony services. A security vulnerability exists in Microsoft Windows Telephony Server. A...

8.8CVSS8.9AI score0.01128EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•12 views

Unspecified Vulnerability in Microsoft Windows Secure Boot (CNVD-2025-02537)

Microsoft Windows Secure Boot is a secure boot from Microsoft USA. A security vulnerability exists in Microsoft Windows Secure Boot. An attacker could exploit the vulnerability to bypass certain features...

6.8CVSS7.6AI score0.00757EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

Microsoft Message Queuing Denial of Service Vulnerability (CNVD-2025-02137)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to cause a denial of service on the system...

7.5CVSS8.1AI score0.02498EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•18 views

Microsoft Message Queuing Denial of Service Vulnerability (CNVD-2025-02134)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to cause a denial of service on the system...

7.5CVSS8.1AI score0.02589EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•12 views

Microsoft MapUrlToZone Denial of Service Vulnerability

Microsoft MapUrlToZone is a lightweight console application written in C++ by Microsoft. A security vulnerability exists in Microsoft MapUrlToZone. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS8AI score0.02334EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•15 views

Microsoft IP Helper Resource Management Error Vulnerability

Microsoft IP Helper is a Microsoft API Application Programming Interface for managing local computer network configurations. A security vulnerability exists in Microsoft IP Helper. An attacker could exploit the vulnerability to cause a denial of service on the system...

7.5CVSS7.9AI score0.02498EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•16 views

Microsoft Graphics Component elevation of privilege vulnerability (CNVD-2025-02131)

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component. An attacker could exploit the vulnerability to elevate privileges...

7.8CVSS8.4AI score0.00493EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•12 views

Microsoft Brokering File System Elevation of Privilege Vulnerability

Microsoft Brokering File System is a file system from the American company Microsoft. A security vulnerability exists in Microsoft Brokering File System. An attacker could exploit the vulnerability to elevate privileges...

7.8CVSS7.5AI score0.00629EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

Microsoft Active Directory Domain Services Elevation of Privilege Vulnerability (CNVD-2025-02127)

Microsoft Active Directory Domain Services is a key service from Microsoft Corporation USA for managing and organizing resources, users, computers, and other security objects in a network. A security vulnerability exists in Microsoft Active Directory Domain Services. An attacker could exploit the...

8.8CVSS8.9AI score0.18185EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

Adobe Substance 3D Stager Buffer Overflow Vulnerability (CNVD-2025-02126)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Stager that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.7AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

Adobe Substance 3D Stager Buffer Overflow Vulnerability (CNVD-2025-02125)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Stager that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.7AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•10 views

Unspecified Vulnerability in Adobe Substance 3D Stager (CNVD-2025-02124)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Stager that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.7AI score0.00259EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•7 views

Adobe Animate Numeric Error Vulnerability

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Animate that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.7AI score0.00274EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

dingfanzu SQL injection vulnerability (CNVD-2025-02106)

dingfanzu is a php based takeaway ordering website. A SQL injection vulnerability exists in dingfanzu v1.0, which stems from the application's lack of validation of externally entered SQL statements. A local attacker can exploit this vulnerability to execute arbitrary code via the contents of the...

7.1CVSS8.1AI score0.00204EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•12 views

Fortinet FortiDeceptor Cross-Site Scripting Vulnerability

Fortinet FortiDeceptor is a cyber threat detection platform from the American company Fiat Fortinet. The platform focuses on exposing cyber threats through deception techniques, among other things. Fortinet FortiDeceptor cross-site scripting vulnerability, the vulnerability stems from the...

6.1CVSS6.6AI score0.00278EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

WAVLINK AC3000 nas.cgi set_nas function command injection vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the nas.cgi setnas function failing to correctly filter constructed command special characters, commands, and so on. An attack...

9.1CVSS7.3AI score0.02272EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

Microsoft Windows Kernel Log Message Disclosure Vulnerability (CNVD-2025-02837)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. A security vulnerability exists in Microsoft Windows Kernel Memory. An attacker could exploit the vulnerability to obtain sensitive information...

5.5CVSS5.4AI score0.00833EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

Unspecified Vulnerability in D-Link DIR-823X (CNVD-2025-02107)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. A security vulnerability exists in the D-Link DIR-823X version 240126/240802 that stems from the presence of a null pointer dereference. No details of the vulnerability are provided at this time...

8.7CVSS6.8AI score0.01834EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•8 views

TOTOLINK X5000R week parameter command injection vulnerability in setWiFiScheduleCfg function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "week" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

6.8CVSS7.4AI score0.01327EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•7 views

WAVLINK AC3000 internet.cgi en_enable parameter buffer overflow vulnerability in set_qos function

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505, which is caused by the enenable parameter of the internet.cgi setqos function failing to correctly validate the length of the input data, and can be...

9.1CVSS8.3AI score0.01212EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

WAVLINK AC3000 firewall.cgi iptablesWebsFilterRun Function Command Injection Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the firewall.cgi iptablesWebsFilterRun function failing to correctly filter constructor command special characters, commands,...

9.1CVSS7.3AI score0.08248EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•3 views

WAVLINK AC3000 adm.cgi set_wzap function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505, which is caused by the adm.cgi setwzap function failing to correctly validate the length of the input data, and can be exploited by a remote attacker to...

9.1CVSS8.3AI score0.01805EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•2 views

WAVLINK AC3000 Information Disclosure Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an information disclosure vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information via a specially crafted HTTP request...

5.3CVSS8.7AI score0.0076EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

Microsoft Windows Resource Management Error Vulnerability (CNVD-2025-02539)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A security vulnerability exists in Microsoft Windows upnphost.dll. An attacker could exploit this vulnerability to cause a denial of service on the system...

7.5CVSS8.1AI score0.0244EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•8 views

Microsoft Windows Kernel Log Message Disclosure Vulnerability (CNVD-2025-02535)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. A security vulnerability exists in Microsoft Windows Kernel Memory. An attacker exploiting this vulnerability could gain access to sensitive information...

5.5CVSS6.9AI score0.00912EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

WAVLINK AC3000 Static Login Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a static login vulnerability that can be exploited by attackers to cause root access via specially crafted network packets...

10CVSS9.2AI score0.01257EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•7 views

TOTOLINK X5000R setScheduleCfg function week parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "week" parameter in setScheduleCfg to correctly filter for constructed command special...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•2 views

WAVLINK AC3000 External Configuration Control Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...

9.1CVSS6.2AI score0.01027EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-08327)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that stems from the nas.cgi removedir function failing to properly filter constructor command special characters, commands, etc. The vulnerability can be exploited to...

9.1CVSS7.7AI score0.11711EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•4 views

WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-08325)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that originates from the failure of the restartweekvalue parameter of the login.cgi setsysinit function to correctly filter constructed command special characters,...

10CVSS7.7AI score0.08168EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•4 views

Adobe Photoshop Uncontrolled Search Path Element Vulnerability

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from an uncontrolled search path element vulnerability that can be exploited by an attacker to cause arbitrary code to be...

7.8CVSS7.3AI score0.00285EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•3 views

WAVLINK AC3000 Cross-Site Scripting Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A cross-site scripting vulnerability exists in the WAVLINK AC3000, which stems from the lack of effective filtering and escaping of user-supplied data in the login.cgi setlangCountryCode function, for which no detailed vulnerability...

9.6CVSS8.8AI score0.48086EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

Google Chrome Security Bypass Vulnerability (CNVD-2025-05089)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in versions of Google Chrome prior to 132.0.6834.83, which can be exploited by attackers to bypass security restrictions...

6.5CVSS6.3AI score0.00334EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

Microsoft AutoUpdate for Mac Elevation of Privilege Vulnerability (CNVD-2026-00045)

Microsoft AutoUpdate for Mac is a Microsoft product auto-update application for the Mac platform from Microsoft Corporation USA. Microsoft AutoUpdate for Mac suffers from an elevation of privilege vulnerability that is exploited by attackers to gain elevated privileges on the system...

7.8CVSS7.3AI score0.0044EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•15 views

Microsoft Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Microsoft Windows Hyper-V is a tool from Microsoft USA that provides hardware virtualization. An elevation of privilege vulnerability exists in Microsoft Windows Hyper-V NT Kernel Integration VSP, which can be exploited by an attacker to gain elevated privileges on a system...

7.8CVSS7.2AI score0.09798EPSS
Exploits5References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•14 views

Microsoft Visual Studio Elevation of Privilege Vulnerability

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete set of development tools that includes most of the tools needed throughout the software lifecycle. A security vulnerability exists in Microsoft Visual Studio. An attacker can exploit the...

7.3CVSS7AI score0.00512EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

Google Chrome Security Bypass Vulnerability (CNVD-2025-06037)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...

6.5CVSS6.8AI score0.00333EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•7 views

WAVLINK AC3000 adm.cgi rep_as_bridge function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505, which is caused by the adm.cgi repasbridge function failing to correctly validate the length of the input data, and can be exploited by a remote attacker...

9.1CVSS8.3AI score0.01265EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•18 views

Microsoft Brokering File System Elevation of Privilege Vulnerability (CNVD-2025-02130)

Microsoft Brokering File System is a file system from the American company Microsoft. A security vulnerability exists in Microsoft Brokering File System. An attacker could exploit the vulnerability to elevate privileges...

7.8CVSS7.5AI score0.0039EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•3 views

TOTOLINK X5000R eMinute Parameter Command Injection Vulnerability in setWiFiScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "eMinute" parameter in setWiFiScheduleCfg failing to properly filter constructor special characters, commands, etc. The vulnerability can ...

6.8CVSS9.6AI score0.01476EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

WAVLINK AC3000 internet.cgi set_qos function buffer overflow vulnerability in cli_mac parameter

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the climac parameter of the internet.cgi setqos function that fails to correctly validate the length and size of the input...

9.1CVSS8.3AI score0.00845EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-09263)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that arises from the wireless.cgi AddMac function failing to properly filter special characters, commands, etc. used to construct commands. An attacker can exploit this...

9.1CVSS7.7AI score0.08494EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08333)

WAVLINK AC3000 is a wireless router from China RuiYin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which originates from the touchlistsync.cgi touchlistsync function that fails to properly validate the length of the input data, which can be exploited by an attacker to...

10CVSS8.2AI score0.12447EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•12 views

WAVLINK AC3000 internet.cgi set_add_routing function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the internet.cgi setaddrouting function failing to correctly validate the length of the input data, and can be exploited by...

9.1CVSS8.3AI score0.13476EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•13 views

Microsoft Windows Kernel Log Message Disclosure Vulnerability

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. A security vulnerability exists in Microsoft Windows Kernel Memory. An attacker could exploit the vulnerability to obtain sensitive information...

5.5CVSS6.8AI score0.00912EPSS
Exploits0References1
Total number of security vulnerabilities130931