Lucene search
K

131179 matches found

CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10851)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from a device reboot during execution of the Achilles Comprehensive step limit storm test, and can be...

8.7CVSS5.9AI score0.00525EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.9 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16631)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a denial ...

6.5CVSS5.8AI score0.00317EPSS
Exploits0
CNVD
CNVD
added 2026/01/30 12:0 a.m.6 views

Tenda AX1803 Buffer Overflow Vulnerability (CNVD-2026-10638)

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. The Tenda AX1803 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the GetWifiGuestBasic function of the /goform/WifiGuestSet file. An attacker could exploit this vulnerability to execute...

9CVSS6.8AI score0.01103EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10854)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from a device losing ICMP connectivity while performing a Burp Suite active scan, and can be exploited ...

8.7CVSS5.7AI score0.00423EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

TOTOLINK NR1800X Command Injection Vulnerability (CNVD-2026-11736)

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

8.8CVSS6.2AI score0.02646EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.2 views

Tenda AX1806 sub_4C408 function stack overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 sub4C408 function, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6AI score0.00311EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.6 views

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10849)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from an unexpected device reboot during the execution of the Achilles Comprehensive limited storm test,...

8.7CVSS5.9AI score0.00514EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.3 views

Tenda W30E Information Disclosure Vulnerability

The Tenda W30E is a router from the Chinese company Tenda. The Tenda W30E suffers from an information disclosure vulnerability that can be exploited by an attacker to cause credential disclosure...

7.1CVSS5.9AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.3 views

Rockwell Automation CompactLogix 5370 Denial of Service Vulnerability

Rockwell Automation CompactLogix 5370 is a programmable logic controller from Rockwell Automation. The Rockwell Automation CompactLogix 5370 suffers from a denial of service vulnerability that originates from sending a malformed CIP forward open message, which can be exploited by an attacker to...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10850)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which stems from the device being unresponsive during fuzzing tests using Defensics, and can be exploited by an attacker...

8.7CVSS5.7AI score0.00414EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.0 views

NVIDIA CUDA toolkit gfx_hotspot module command injection vulnerability

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. The NVIDIA CUDA toolkit suffers from an operating system command injection vulnerability that stems from the failure of the gfxhotspot module of...

7.3CVSS5.9AI score0.01185EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

WordPress Plugin WP Directory Kit Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP Directory Kit has an information disclosure vulnerability, the vulnerabilit...

5.3CVSS5.5AI score0.00669EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.7 views

Google Chrome Security Bypass Vulnerability (CNVD-2026-11753)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error and can be exploited by attackers to bypass security restrictions...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

MedDream PACS Premium Cross-Site Scripting Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the sendOruReport feature. An attacker could exploit the...

6.1CVSS5.8AI score0.00317EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

WordPress Plugin WP FullCalendar Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP FullCalendar, which...

7.5CVSS5.5AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

IBM Licensing Operator Elevation of Privilege Vulnerability

IBM Licensing Operator is a component of International Business Machines IBM that automates the collection of management data. An elevation of privilege vulnerability exists in IBM Licensing Operator that can be exploited by an attacker to cause a local elevation of privilege within a container...

8.4CVSS5.9AI score0.00124EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.9 views

Google Chrome Code Execution Vulnerability (CNVD-2026-11751)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by free usage in ANGLE. An attacker can exploit the vulnerability to execute arbitrary code on a system...

8.8CVSS6.6AI score0.00314EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

IBM Concert Information Disclosure Vulnerability (CNVD-2026-10661)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

7.5CVSS5.7AI score0.00334EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

IBM Concert Information Disclosure Vulnerability (CNVD-2026-10662)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

7.5CVSS5.7AI score0.00334EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.7 views

IBM ApplinX Cross-Site Request Forgery Vulnerability (CNVD-2026-10656)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is from a...

3.5CVSS5.4AI score0.00101EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10852)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from an unexpected reboot of the device during execution of the Achilles EtherNet/IP Step Limits Storms...

8.7CVSS5.9AI score0.00525EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.3 views

IBM ApplinX Information Disclosure Vulnerability (CNVD-2026-10653)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An information disclosure vulnerability exists in IBM ApplinX, which can be exploited by attackers to obtain sensitive information...

5.3CVSS5.6AI score0.0021EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

Microsoft Office Code Execution Vulnerability (CNVD-2026-16161)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

7.8CVSS7.9AI score0.72152EPSS
Exploits12
CNVD
CNVD
added 2026/01/30 12:0 a.m.6 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16627)

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL for MySQL Server and MySQL Cluster, which can be exploited by attackers to cause a denial of service...

4.9CVSS5.8AI score0.00337EPSS
Exploits0
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

WordPress Plugin Contact Form 7 GetResponse Extension Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Contact Form 7 GetRespon...

5.3CVSS5.5AI score0.0024EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.9 views

IBM ApplinX Unauthorized Access Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...

4.3CVSS5.6AI score0.00159EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

WordPress Plugin CubeWP - All-in-One Dynamic Content Framework Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin CubeWP - All-in-One...

4.3CVSS5.5AI score0.00196EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

WordPress Plugin ABG Rich Pins Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ABG Rich Pins, no detailed...

5.4CVSS5.5AI score0.00198EPSS
Exploits0
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

IBM Aspera Console Log Message Disclosure Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. IBM Aspera Console suffers from a log information disclosure vulnerability that originates from the storage of...

4.9CVSS5.6AI score0.00287EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.3 views

WordPress Plugin Booking Ultra Pro Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Booking Ultra Pro, which...

6.5CVSS5.5AI score0.00355EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

Rockwell Automation ArmorStart LT Denial of Service Vulnerability

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which can be exploited by an attacker to cause a denial of service due to an unexpected reboot of the device during...

8.7CVSS5.9AI score0.00525EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.8 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16629)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability in Oracle MySQL's MySQL Server versions 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0 can be exploited ...

6.5CVSS7AI score0.00257EPSS
Exploits0
CNVD
CNVD
added 2026/01/30 12:0 a.m.6 views

WordPress Plugin Cargus Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Cargus, which originates...

5.3CVSS5.5AI score0.00305EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.7 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16630)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a denial ...

6.5CVSS5.8AI score0.00316EPSS
Exploits0
CNVD
CNVD
added 2026/01/30 12:0 a.m.9 views

IBM Concert Code Issue Vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a code issue vulnerability that stems from not validating the content of files uploaded to the web interface, which can be...

8.8CVSS5.7AI score0.0026EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.7 views

Google Chrome Security Bypass Vulnerability (CNVD-2026-11755)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in V8, which can be exploited by an attacker to bypass security restrictions...

8.8CVSS5.9AI score0.00323EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.5 views

Google Chrome Security Bypass Vulnerability (CNVD-2026-11750)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient enforcement of new policies on the network, which can be exploited by an attacker to obtain potentially sensitive information via web log files...

9.8CVSS6AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.8 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16638)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0, which c...

4.9CVSS5.8AI score0.00337EPSS
Exploits0
CNVD
CNVD
added 2026/01/30 12:0 a.m.14 views

NVIDIA CUDA toolkit code issue vulnerability

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in NVIDIA CUDA Toolkit, which can be exploited by an attacker to cause arbitrary code to be executed with the same...

7.3CVSS5.9AI score0.00159EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.6 views

MedDream PACS Premium Arbitrary File Read Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. An arbitrary file read vulnerability exists in MedDream PACS Premium, which can be exploited by an attacker to cause arbitrary files to be read...

9.6CVSS5.8AI score0.00436EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.6 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16628)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a partial...

2.7CVSS5.8AI score0.00305EPSS
Exploits0
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

Google Chrome Security Bypass Vulnerability (CNVD-2026-11752)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation in Blink, which can be exploited by attackers to bypass security restrictions...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/30 12:0 a.m.6 views

Google Chrome Security Bypass Vulnerability (CNVD-2026-11754)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error in split-screen view, which can be exploited by an attacker to bypass security restrictions...

9.8CVSS5.9AI score0.00246EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/29 12:0 a.m.3 views

Unspecified Vulnerability in HCL AION (CNVD-2026-16406)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused due to improper handling of host headers that enable host header injection. An attacker can exploit the vulnerability to allow malicious file uploads, resulting in...

9.8CVSS6.2AI score0.00281EPSS
Exploits0
CNVD
CNVD
added 2026/01/29 12:0 a.m.3 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10667)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input in config.php. An attacker can exploit this vulnerability to...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/29 12:0 a.m.6 views

Unspecified Vulnerability in HCL AION (CNVD-2026-16410)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to use easy-to-guess passwords, leading to unauthorized access...

9.8CVSS5.7AI score0.00149EPSS
Exploits0
CNVD
CNVD
added 2026/01/29 12:0 a.m.3 views

Unspecified Vulnerability in HCL AION (CNVD-2026-16407)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that can be exploited by attackers to weaken the overall security of the application and increase the risk of common web attacks...

5.3CVSS5.8AI score0.00169EPSS
Exploits0
CNVD
CNVD
added 2026/01/29 12:0 a.m.4 views

HCL AION Security Bypass Vulnerability (CNVD-2026-16404)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused by a JWT token that expires too long increasing the risk of token misuse. An attacker can exploit the vulnerability to cause unauthorized access...

5.3CVSS5.8AI score0.0015EPSS
Exploits0
CNVD
CNVD
added 2026/01/29 12:0 a.m.9 views

HCL AION File Upload Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a file upload vulnerability that can be exploited by an attacker to upload malicious files leading to arbitrary code execution or system compromise...

9.8CVSS6.4AI score0.00177EPSS
Exploits0
CNVD
CNVD
added 2026/01/29 12:0 a.m.6 views

HCL AION Information Disclosure Vulnerability (CNVD-2026-16405)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability, which is due to cachable HTTP responses leading to accidental storage of sensitive or dynamic content. An attacker can exploit the vulnerability to gain access to sensiti...

7.5CVSS5.8AI score0.00156EPSS
Exploits0
Total number of security vulnerabilities131179