Lucene search
K

130931 matches found

CNVD
CNVD
•added 2025/01/07 12:0 a.m.•8 views

Google Android skia_alloc_func out-of-bounds write vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android SkDeflate.cp contains an out-of-bounds write vulnerability in skiaallocfunc, which can be exploited by a local attacker to submit a special request that can elevate privileges...

7.8CVSS6.6AI score0.00169EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•6 views

Google Android setSkipPrompt method elevation of privilege vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by local attackers to submit special requests that can elevate privileges...

7.8CVSS6.7AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•10 views

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-00954)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, resulting in a memory corruption condition that can be exploited by a remote attacker to execute code in the...

7.8CVSS7.7AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•12 views

Logic Flaw Vulnerability in DS-A80624S at Hangzhou Hikvision Digital Technology Co.

The DS-A80624S is a 24-drive network storage device from Hikvision. A logic flaw vulnerability exists in the DS-A80624S of Hangzhou Hikvision Digital Technology Co. that can be exploited by an attacker to obtain sensitive information...

6.7AI score
Exploits0
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•7 views

Linux kernel resource management error vulnerability (CNVD-2025-00975)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a resource management error vulnerability that stems from the fact that getmr will fail if a connection has not yet been established, triggering a...

7.8CVSS6.5AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•2 views

Chat System deleteuser.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from a SQL injection in the parameter id of the /admin/deleteuser.php file. An attacker can exploit this vulnerability to obtain sensitive information...

7.5CVSS7.8AI score0.0043EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•12 views

Google Android isPackageDeviceAdmin Elevation of Privilege Vulnerability

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android isPackageDeviceAdmin, which can be exploited by an attacker to submit a special request for elevation of privilege...

7.8CVSS7AI score0.00081EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•9 views

Google Android resizeToAtLeast elevation of privilege vulnerability

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from an integer overflow in the resizeToAtLeast function of the SkRegion.cpp file, which may be subject to out-of-bounds writes. A local attacker can exploit th...

7.8CVSS6.7AI score0.00258EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•6 views

Mattermost Denial of Service Vulnerability (CNVD-2025-12636)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from a failure to limit the file size of slack import file uploads. An attacker could exploit this vulnerability to import data to...

6.5CVSS5.9AI score0.00416EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•11 views

Foxit PDF Reader elevation of privilege vulnerability (CNVD-2025-01708)

Foxit PDF Reader is a PDF document reader. A security vulnerability exists in the Foxit PDF Reader installer, which can be exploited by a local attacker to construct a special request that can execute arbitrary code with SYSTEM privileges...

7.3CVSS7.3AI score0.00278EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•8 views

Google Android onPrimaryClipChanged elevation of privilege vulnerability

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android onPrimaryClipChanged, which can be exploited by an attacker to submit a special request for elevation of privilege...

7.8CVSS7AI score0.00085EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•20 views

FFmpeg integer overflow vulnerability (CNVD-2025-01707)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg n6.1.1, which can be exploited by a remote attacker to submit a special file and trick the user into parsing it, which can crash the...

6.2CVSS7AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/07 12:0 a.m.•13 views

Google Android prepare_to_draw_into_mask arbitrary code execution vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android SkBlurMaskFilterImpl.cpp contains a security vulnerability in preparetodrawintomask, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

8.8CVSS7.5AI score0.00368EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/06 12:0 a.m.•3 views

D-Link DIR-816 A2 Improper Access Control Vulnerability

The D-Link DIR-816 A2 is a wireless router from AUO D-Link of Taiwan, China. An improper access control vulnerability exists in the D-Link DIR-816 A2. The vulnerability originates from /goform/DDNS in the DDNS Service component and can be exploited by an attacker to access and manipulate the DDNS...

6.9CVSS5.4AI score0.00785EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/06 12:0 a.m.•17 views

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-00955)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A buffer overflow vulnerability exists in Foxit PDF Reader version 2024.2.3.25184, which stems from a lack of proper validation of user-supplied data, resulting in the reading of data beyond the end of the allocated buffer, and can be...

7.8CVSS7.4AI score0.00392EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/04 12:0 a.m.•10 views

Command Execution Vulnerability in Xunrui CMS of Sichuan Xunrui Cloud Software Development Co.

Xunrui CMS is a free and open source web content management system CMS based on PHP language. Sichuan Xunrui Cloud Software Development Co., Ltd. Xunrui CMS has a command execution vulnerability that can be exploited by attackers to gain server privileges...

7.7AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•8 views

Google Android elevation of privilege vulnerability (CNVD-2025-03655)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an out-of-bounds write in String16 of String16.cpp. An attacker can exploit the vulnerability to escalate privileges...

8.4CVSS7.1AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•8 views

Google Pixel has an unspecified vulnerability (CNVD-2025-05538)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an unspecified vulnerability that stems from a lack of bounds checking in handlenotificationresponse in btifrc.cc, which leads to out-of-bounds writes. No details of the vulnerability are provided at...

8.8CVSS7AI score0.00196EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•5 views

Google Pixel suffers from an unspecified vulnerability (CNVD-2025-05537)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an unspecified vulnerability that stems from incorrect input validation and could lead to local elevation of privilege. No details of the vulnerability are provided at this time...

7.8CVSS6.9AI score0.00082EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•4 views

Harbin Weicheng Technology Co., Ltd. eDa CMS has information leakage vulnerability

Yida CMS YidaCMS is a free open source web site management system based on Microsoft Windows IIS platform , using ASP language and ACCESS and MSSQL dual database development is completed . Harbin Weicheng Technology Co., Ltd. YidaCMS information leakage vulnerability, attackers can use the...

6.5AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•3 views

SQL Injection Vulnerability in Shenzhen Yimasuno Technology Co.

Yilma Intelligent Energy Management Platform is a comprehensive platform that integrates a variety of advanced information technologies, aiming at realizing the comprehensive intelligent management of the energy system. Shenzhen Yimasuno Technology Co., Ltd Yimasuno Intelligent Energy Management...

7.4AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•2 views

SQL Injection Vulnerability in WOES Intelligent Optimization and Energy Saving System of Wanzhou Electric Co.

WOES Intelligent Optimization and Energy Saving System is a set of energy online monitoring and analysis management system with the core purpose of energy saving and consumption reduction. WOES Intelligent Optimization and Energy Saving System of Wanzhou Electric Co., Ltd. suffers from a SQL...

7.5AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•1 views

File Upload Vulnerability in CloudLink ERP Management System of Beijing Zhongke Shangsoft Software Co.

Ltd. is a high-tech software organization focusing on enterprise informatization construction. There is a file upload vulnerability in the CloudLink ERP management system of Beijing Zhongke Shangsoft Software Co., Ltd, which can be exploited by attackers to gain server privileges...

7.3AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•7 views

Google Android Speech Recognizer Information Disclosure Vulnerability

Google Android is a Linux-based open source operating system from Google. An information disclosure vulnerability exists in Google Android Speech Recognizer, which is caused by a flaw in the Speech Recognizer component. An attacker can exploit the vulnerability to obtain sensitive information...

8.4CVSS5.9AI score0.00079EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•5 views

SQL Injection Vulnerability in Hunan Zhonghe Baiyi Information Technology Co.

Hunan Zhonghe Baiyi Information Technology Co., Ltd referred to as: Baiyi Cloud was founded in 2017 is a national high-tech enterprise focusing on digital R&D and services in the field of real estate. Hunan Zhonghe Baiyi Information Technology Co. Ltd Capital Management Cloud has a SQL injection...

7.7AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•6 views

Huawei HarmonyOS AILife Solution Path Traversal Vulnerability

Huawei HarmonyOS AILife Solution is a linked operating system for smart devices from the Chinese company Huawei. A path traversal vulnerability exists in Huawei HarmonyOS AILife Solution version 8.0, which can be exploited by an attacker to cause unauthorized deletion of a music host file or a...

8CVSS6.8AI score0.0029EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•7 views

Google Android suffers from unspecified vulnerability (CNVD-2025-01682)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android that stems from a divide-by-zero error in the VideoFrameScheduler::PLL::fit method in the VideoFrameScheduler.cpp file, which could lead to a remote denial of service. No...

6.5CVSS6.7AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•9 views

Unspecified vulnerability in Linux kernel (CNVD-2025-01676)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the cpufreq subsystem caused by the cpufreqcpugetraw function potentiall...

5.5CVSS6.6AI score0.00229EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•6 views

Unspecified vulnerability in Linux kernel (CNVD-2025-01678)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue in the net/enetc driver that does not check for SI support when configuring preemptive TCs. No...

5.5CVSS6.6AI score0.00225EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•5 views

Google Pixel has an unspecified vulnerability (CNVD-2025-01683)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that stems from multiple possible out-of-bounds writes in the /proc/driver/wmtdbg driver. No details of the vulnerability are provided at this time...

7.8CVSS6.8AI score0.00084EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•8 views

Google Pixel has an unspecified vulnerability (CNVD-2025-01684)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a security vulnerability that stems from a lack of boundary checking in mtkcfg80211vendorpacketkeepalive in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/glvendor.c and...

7.8CVSS6.8AI score0.00084EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•7 views

IBM WebSphere Automation Command Injection Vulnerability

IBM WebSphere Automation is an automation management software from IBM for optimizing and managing data center resources. A security vulnerability exists in IBM WebSphere Automation version 1.7.5. A remote attacker could exploit the vulnerability to execute arbitrary code on the system...

7.2CVSS7.7AI score0.00956EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•10 views

Apple iPadOS and iPhone OS Information Disclosure Vulnerability

iPadOS is Apple's mobile operating system for iPad devices, which is based on iOS and optimized for iPad. iPhone OS is Apple's operating system for iPhone and iPod touch. Apple iPadOS and iPhone OS suffer from an information disclosure vulnerability that originates from the possibility that a...

3.3CVSS5.4AI score0.00173EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•8 views

Apple macOS Access Control Vulnerability

macOS is a set of operating systems developed by Apple to run on the Macintosh family of computers. Apple macOS suffers from an access control vulnerability that stems from the fact that applications may be able to access sensitive user data. An attacker could exploit the vulnerability to obtain...

5.5CVSS5.8AI score0.00187EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•6 views

Apple iPhone OS and iPadOS Privacy Breach Vulnerability

iPhone OS is the operating system developed by Apple for the iPhone and iPod touch. iPadOS is Apple's mobile operating system for iPad devices, which is based on iOS and optimized for iPad. A privacy disclosure vulnerability exists in Apple iPhone OS and iPadOS, which stems from the fact that use...

4.3CVSS5.7AI score0.00336EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•4 views

Google Android Information Disclosure Vulnerability (CNVD-2025-00875)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

7.5CVSS6.4AI score0.00334EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•8 views

Google Android Code Execution Vulnerability (CNVD-2025-03018)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code execution vulnerability caused by an out-of-bounds write in prop2cfg of btifstorage.cc. An attacker can exploit the vulnerability to run arbitrary code on the system...

9.8CVSS9.5AI score0.00385EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•5 views

SQL Injection Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

7.5AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•8 views

Huawei Myna Input Validation Error Vulnerability

Huawei Myna is a smart speaker from Chinese company Huawei Huawei. Huawei Myna suffers from an Input Validation Error vulnerability that originates from a module that does not adequately integrity check inputs in certain scenarios. An attacker can exploit this vulnerability to affect the normal...

6.8CVSS6.7AI score0.00146EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•7 views

Logic flaws exist in the integrated collaborative office platform of Hunan Chuangxing Technology Co.

Hunan Chuangxing Technology Co., Ltd. is a national key high-tech enterprise focusing on providing overall solutions of informatization, digitization and intelligence in the field of medical and healthcare. A logic flaw exists in the integrated collaborative office platform of Hunan Chuangxing...

6.7AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•5 views

WordPress plugin wp-publications cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...

4.8CVSS7.5AI score0.0118EPSS
Exploits3References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•9 views

Dcat Admin admin/articles/create interface cross-site scripting vulnerability

Dcat Admin is a second development based on laravel-admin to build the backend system tools . A cross-site scripting vulnerability exists in Dcat Admin v2.2.0-beta, which stems from the lack of effective filtering and escaping of user-supplied data in /admin/articles/create, and can be exploited ...

4.8CVSS5.1AI score0.00315EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•3 views

Smarts Smart Agent interface.php Page SQL Injection Vulnerability

Smarts Smart Agent is a powerful, flexible and scalable tool from Smarts for monitoring wireless network performance and services from the end user's perspective. An SQL injection vulnerability exists in Smarts Smart Agent v1.1.0, which stems from a lack of validation of externally entered SQL...

9.8CVSS7.9AI score0.00509EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•15 views

IBM AIX Competitive Conditions Issue Vulnerability

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX has a security vulnerability that can be exploited by attackers to cause a denial of service...

5.5CVSS6.6AI score0.00123EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•7 views

Information Leakage Vulnerability in the Commercial Lease Management System of Joyous (Guangzhou) Information Technology Co.

Competitive Excellence Guangzhou Information Technology Ltd. is a company mainly engaged in the manufacturing of computer, communication and other electronic equipment. An information leakage vulnerability exists in the commercial leasing management system of Competitive Excellence Guangzhou...

6.5AI score
Exploits0
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•6 views

Google Android Denial of Service Vulnerability (CNVD-2025-03020)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

6.5CVSS7.9AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•7 views

Google Pixel suffers from an unspecified vulnerability (CNVD-2025-05536)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an unspecified vulnerability that stems from improper input validation in l2clccprocpdu in l2cfcr.cc, which can lead to out-of-bounds writes. No details of the vulnerability are provided at this time...

8.8CVSS7AI score0.00292EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•10 views

Google Android Denial of Service Vulnerability (CNVD-2025-03654)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability caused by an out-of-bounds read in mverrcost in mcomp.c. The vulnerability is caused by an out-of-bounds read in mverrcost. An attacker can exploit this...

6.5CVSS6.4AI score0.00224EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•9 views

Cisco IOS Software and IOS XE Software Access Control Error Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. An access control error vulnerability exists in the Simple Network Management Protocol SNMP IPv4 access control list feature of Cisco IOS Software and IOS XE Software, which stems from the program not...

5.3CVSS6.6AI score0.00511EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/03 12:0 a.m.•14 views

Google Android Denial of Service Vulnerability (CNVD-2025-00876)

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which originates in the ihevcdapi.c file where the ihevcdallocatedynamicbufs function runs out of resources due to an integer overflow, which can be exploited by a...

6.5CVSS6.8AI score0.00299EPSS
Exploits0References1
Total number of security vulnerabilities130931