Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/01/29 12:0 a.m.•8 views

HCL AION Information Disclosure Vulnerability (CNVD-2026-16409)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to expose sensitive technical details, leading to information disclosure or assisting in further attacks...

5.3CVSS5.7AI score0.00132EPSS
Exploits0
CNVD
CNVD
•added 2026/01/26 12:0 a.m.•7 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11738)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the autoPurge feature. An attacker could exploit the...

6.1CVSS6.1AI score0.00235EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/26 12:0 a.m.•6 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10670)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the email failedjob feature. An attacker could exploit the...

6.1CVSS5.8AI score0.00286EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/26 12:0 a.m.•7 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10669)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the Download Zip feature. An attacker could exploit the...

6.1CVSS5.8AI score0.00317EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/26 12:0 a.m.•2 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10668)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A cross-site scripting vulnerability exists in MedDream PACS Premium and is caused by improper validation of user-supplied input by the Modify Anonymization feature. An attacker could exploit the...

6.1CVSS5.7AI score0.0026EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/26 12:0 a.m.•3 views

IBM ApplinX Data Forgery Issue Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...

9.8CVSS5.6AI score0.0015EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/26 12:0 a.m.•5 views

NVIDIA Merlin Transformers4Rec Code Injection Vulnerability

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability that stems from incorrectly filtering input parameters, which can be exploited by a remote attacker t...

7.8CVSS6.1AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/26 12:0 a.m.•9 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11737)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the modifyUser feature. An attacker could exploit the...

6.1CVSS6.1AI score0.00235EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/23 12:0 a.m.•4 views

NVIDIA NSIGHT Graphics Operating System Command Injection Vulnerability

NVIDIA NSIGHT Graphics is a GPU graphics debugging and performance analysis tool from NVIDIA. NVIDIA NSIGHT Graphics suffers from an operating system command injection vulnerability that stems from a lack of input validation, which can be exploited by attackers to cause code execution, elevation ...

7.8CVSS6.1AI score0.00895EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/22 12:0 a.m.•14 views

GNU InetUtils Telnetd Remote Authentication Bypass Vulnerability

GNU InetUtils telnetd is a telnet service daemon in the GNU InetUtils suite that listens on TCP port 23 and provides clients with plaintext terminal access based on the Telnet protocol. A remote authentication bypass vulnerability exists in GNU InetUtils Telnetd, which can be exploited to bypass...

9.8CVSS5.9AI score0.98871EPSS
Exploits62References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

WordPress Sosh Share Buttons plugin cross-site request forgery vulnerability

WordPress Sosh Share Buttons plugin is a social media sharing plugin for WordPress websites. WordPress Sosh Share Buttons plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the adminpagecontent function, no details of the...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11772)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. A buffer overflow vulnerability exists in Adobe InDesign, which is caused by an access to an uninitialized pointer error, and can be exploited by an attacker to...

7.8CVSS6.5AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11773)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS6.5AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•2 views

WordPress GetContentFromURL plugin server-side request forgery vulnerability

The WordPress GetContentFromURL plugin is a tool that allows users to grab content from other websites and display it on WordPress sites with a simple short code. The WordPress GetContentFromURL plugin suffers from a server-side request forgery vulnerability that stems from the use of the...

7.2CVSS5.9AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•8 views

GPAC vorbis_to_intern function stack buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the vorbistointern function failing to correctly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.1AI score0.00141EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

GPAC dump_ttxt_sample function stack buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability , the vulnerability stems from the dumpttxtsample function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...

7.5CVSS6.1AI score0.00433EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

GPAC pcmreframe_flush_packet function stack buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability that stems from the pcmreframeflushpacket function failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.1AI score0.00141EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•7 views

Mozilla Firefox and Mozilla Thunderbird denial-of-service vulnerabilities (CNVD-2026-23771)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...

7.5CVSS7.3AI score0.00537EPSS
Exploits1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

WordPress SearchWiz plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SearchWiz plugin that stems from the use of escattr instead of eschtml to output post titles in search results, whic...

6.4CVSS6AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•12 views

Wondershare Dr. Fone Code Issue Vulnerability

Wondershare Dr. Fone is a one-stop solution for cell phones from China's Wanxing Wondershare. A code issue vulnerability exists in Wondershare Dr. Fone, which stems from an unquoted service path that can be exploited by an attacker to cause a local user to execute arbitrary code and elevate syste...

8.5CVSS6.2AI score0.00202EPSS
Exploits1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

GPAC vobsub_get_subpic_duration function buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a buffer overflow vulnerability that stems from the vobsubgetsubpicduration function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.1AI score0.00343EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Microsoft Windows File Explorer Information Disclosure Vulnerability

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

5.5CVSS5.6AI score0.00466EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•1 views

Mozilla Firefox and Mozilla Firefox ESR code execution vulnerability (CNVD-2026-11799)

Mozilla Firefox is an open source web browser from the Mozilla Foundation, USA.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation, USA. A code execution vulnerability exists in Mozilla Firefox and Mozilla Firefox ESR due to a use-after-release in...

9.8CVSS6.6AI score0.00423EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Apache Kyuubi Directory Traversal Vulnerability

Apache Kyuubi is a distributed SQL gateway from the Apache Foundation. Apache Kyuubi suffers from a directory traversal vulnerability that originates from a client-side bypass of server-side configuration, which can be exploited by an attacker to cause access to unauthorized local files...

8.8CVSS6AI score0.00892EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

GPAC uncv_parse_config function stack buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability that originates from the uncvparseconfig function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.1AI score0.00188EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

GPAC avi_parse_input_file function heap buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a heap buffer overflow vulnerability that stems from the aviparseinputfile function failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

6.5CVSS6.1AI score0.00304EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

WordPress Gotham Block Extra Light plugin path traversal vulnerability

The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. A path traversal vulnerability exists in the WordPress Gotham Block Extra Light plugin, which stems from the mishandling of the ghostban shortcode, and...

6.5CVSS6AI score0.00307EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Adobe Dreamweaver License Issue Vulnerability

Adobe Dreamweaver is a professional web code editor and web development tool developed by Adobe. Adobe Dreamweaver suffers from an authorization issue vulnerability that can be exploited by attackers to execute arbitrary code on the system...

7.8CVSS6.3AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Huawei HarmonyOS and EMUI Clone Module Man-in-the-Middle Attack Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A man-in-the-middle attack vulnerability exists in the...

5.7CVSS5.7AI score0.00134EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•1 views

Mozilla Firefox and Mozilla Firefox ESR Buffer Overflow Vulnerability (CNVD-2026-11800)

Mozilla Firefox is an open source web browser from the Mozilla Foundation, USA.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation, USA. Mozilla Firefox and Mozilla Firefox ESR suffer from a buffer overflow vulnerability caused by incorrect bounda...

8CVSS6.5AI score0.00417EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•2 views

Code execution vulnerability in multiple Mozilla products (CNVD-2026-11803)

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•1 views

Unspecified Vulnerability in Multiple Mozilla Products (CNVD-2026-11801)

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

5.3CVSS6AI score0.00437EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Siemens Industrial Edge Devices authorization bypass vulnerability

Siemens Industrial Edge Devices are a series of industrial edge devices developed by the German company Siemens, used for on-site data processing and intelligent control. Siemens Industrial Edge Devices have a vulnerability related to authorization bypassing. This vulnerability stems from imprope...

10CVSS5.4AI score0.00601EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

WordPress SpiceForms Form Builder plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SpiceForms Form Builder plugin, which stems from the lack of effective filtering and escaping of user-supplied data ...

6.4CVSS6AI score0.0019EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

GPAC oggdmx_parse_tags function out-of-bounds read vulnerability

GPAC is an open source multimedia framework. GPAC suffers from an out-of-bounds read vulnerability that stems from the oggdmxparsetags function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...

8.2CVSS5.9AI score0.00394EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05118)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...

9.4CVSS6AI score0.00145EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

D-Link DIR-806A Command Injection Vulnerability

The D-Link DIR-806A is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-806A version 100CNb11, which stems from the failure of the ssdpcgimain function in the SSDP Request Handler component to correctly filter constructed command special...

9.8CVSS6AI score0.03695EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

WordPress Gotham Block Extra Light plugin cross-site scripting vulnerability

The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. The WordPress Gotham Block Extra Light plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

4.4CVSS6AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•1 views

WordPress AJS Footnotes plugin cross-site scripting vulnerability

WordPress AJS Footnotes plugin is a plugin for WordPress designed to add aesthetically pleasing footnote features to posts or pages. The WordPress AJS Footnotes plugin suffers from a cross-site scripting vulnerability that stems from the lack of valid filtering and escaping of notelistclass and...

7.2CVSS6AI score0.00275EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Huawei HarmonyOS Card Framework Module Multi-threaded Contest Condition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded race condition vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause availabili...

8.4CVSS5.6AI score0.00104EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•7 views

Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10674)

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

5.5CVSS5.6AI score0.00654EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•8 views

Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege vulnerability (CNVD-2026-17154)

Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Cloud Files Mini Filter Driver due to an untrusted pointer dereference flaw in the Cloud Files Mini-Filter Driver component. An...

7.8CVSS5.8AI score0.0046EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•1 views

Code execution vulnerability in multiple Mozilla products (CNVD-2026-11802)

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

8.8CVSS6.6AI score0.00405EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the mac2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate th...

7.5CVSS6.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

GPAC Stack Buffer Overflow Vulnerability

GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the dmxsaf function failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.1AI score0.00188EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

ZTE MF258K Pro Configuration Flaw Vulnerability

The ZTE MF258K Pro is a 4G outdoor bridge kit from ZTE China. The ZTE MF258K Pro suffers from a configuration flaw vulnerability that stems from improperly set directory permissions, which can be exploited by an attacker to cause a write operation to be performed...

8.8CVSS5.9AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Adobe Substance 3D Modeler Null Pointer Dereference Vulnerability

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13984)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...

8CVSS5.8AI score0.00095EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•7 views

Mozilla Firefox and Mozilla Thunderbird information leakage vulnerabilities (CNVD-2026-23770)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...

5.3CVSS5.7AI score0.00313EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

WordPress Electric Studio Download Counter plugin cross-site scripting vulnerability

WordPress Electric Studio Download Counter plugin is a plugin for WordPress websites whose main function is to count and track the number of file downloads. The WordPress Electric Studio Download Counter plugin suffers from a cross-site scripting vulnerability that stems from the application's la...

4.4CVSS6AI score0.00207EPSS
Exploits0References1
Total number of security vulnerabilities131179