Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/01/19 12:0 a.m.•2 views

WordPress Testimonials Creator plugin cross-site scripting vulnerability

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

4.4CVSS6AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Huawei HarmonyOS Camera Framework Module Multi-threaded Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...

5.1CVSS5.8AI score0.00084EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•1 views

Buffer overflow vulnerability in multiple Mozilla products (CNVD-2026-11804)

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

9.8CVSS6.5AI score0.00525EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•10 views

Microsoft Excel Code Execution Vulnerability (CNVD-2026-08747)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to remotely execute code...

7.8CVSS6AI score0.00399EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

WordPress Short Link plugin cross-site scripting vulnerability

WordPress Short Link plugin is a class of tools for generating and managing short links Shortlinks. A cross-site scripting vulnerability exists in the WordPress Short Link plugin, which stems from insufficient input cleanup and output escaping of the shortlinkposttitle and shortlinkpagetitle...

4.4CVSS6AI score0.002EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18590)

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. The Dell PowerProtect Data Domain suffers from an operating system command injection vulnerability that originates from improper...

7.2CVSS5.5AI score0.01409EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Huawei HarmonyOS Memo Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS memo module, which can be exploited by an attacker to compromise confidentiality...

5.5CVSS5.8AI score0.00078EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Microsoft Windows SMB Server Denial of Service Vulnerability

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A denial of service vulnerability exists in Microsoft Windows SMB Server, which is caused d...

5.3CVSS5.7AI score0.00892EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

WordPress LinkedIn SC plugin cross-site scripting vulnerability

WordPress LinkedIn SC plugin is a plugin for WordPress websites. The WordPress LinkedIn SC plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping of the linkedinscdateformat, linkedinscapikey, and linkedinscsecretkey parameters, whi...

4.4CVSS6AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•2 views

D-Link DI-8200G Command Injection Vulnerability

The D-Link DI-8200G is an enterprise router from China-based AUO D-Link. The D-Link DI-8200G suffers from a command injection vulnerability due to manipulation of a path parameter in an unknown function in the /upgradefilter.asp file. An attacker could exploit this vulnerability to execute...

9.8CVSS6.1AI score0.09953EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

WordPress Stopwords for comments plugin cross-site request forgery vulnerability

The WordPress Stopwords for comments plugin is a pre-screening tool designed to help webmasters filter out user comments that contain certain banned words i.e. "stopwords". comments. The WordPress Stopwords for comments plugin suffers from a cross-site request forgery vulnerability that stems fro...

4.3CVSS5.8AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•8 views

Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CNVD-2026-17152)

Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Ancillary Function Driver for WinSock, which is caused by freeing memory in the WinSock Ancillary Function...

7.8CVSS5.8AI score0.00475EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10677)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

7.5CVSS5.9AI score0.01154EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•7 views

Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10675)

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

5.5CVSS5.6AI score0.00468EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10680)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

7.5CVSS5.9AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10681)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server, which can b...

7.5CVSS5.7AI score0.00731EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10679)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

7.5CVSS5.9AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10678)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

7.5CVSS5.9AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Adobe Substance 3D Modeler Out-of-Bounds Write Vulnerability (CNVD-2026-10858)

Adobe Substance 3D Modeler is a software focused on 3D sculpting that allows users to create 3D models in both desktop and VR environments using digital clay-like intuitive tools.... Adobe Substance 3D Modeler suffers from an out-of-bounds write vulnerability that can be exploited by an attacker ...

7.8CVSS6.1AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the cloneType parameter of the sub65B5C function failing to properly validate the length size of the input data, which can be exploited by an attacker ...

7.5CVSS6.1AI score0.00311EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Tenda AX1806 sub_65A28 function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the serviceName parameter of the sub65A28 function failing to properly validate the length size of the input data, which can be exploited by an attacke...

7.5CVSS6.1AI score0.00475EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•2 views

Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the mac parameter of the sub65B5C function failing to properly validate the length size of the input data, which can be exploited by an attacker to cau...

7.5CVSS6.1AI score0.00311EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the sub65B5C function's wanSpeed parameter failing to properly validate the length size of the input data, which can be exploited by an attacker to cau...

7.5CVSS6.1AI score0.00311EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Microsoft Graphics Component Resource Management Error Vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component. An attacker could exploit this vulnerability to gain elevated privileges...

7.8CVSS5.9AI score0.00387EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Tenda AX1806 sub_4CA50 function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the security5g parameter in the sub4CA50 function failing to properly validate the length size of the input data, which can be exploited by an attacker...

7.5CVSS6.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the cloneType2 parameter in the fromAdvSetMacMtuWan function failing to properly valida...

7.5CVSS6.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the failure of the serviceName2 parameter in the fromAdvSetMacMtuWan function to proper...

7.5CVSS6.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the wanSpeed2 parameter in the fromAdvSetMacMtuWan function failing to correctly valida...

7.5CVSS6.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•2 views

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the wanMTU2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate...

7.5CVSS6.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Microsoft Windows NTFS Code Execution Vulnerability (CNVD-2026-17156)

Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...

7.8CVSS6.5AI score0.02422EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Microsoft Windows Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in the Microsoft Windows Tablet Windows User Interface TWINUI Subsystem, which can be exploited by attackers to obtain sensitive...

5.5CVSS5.8AI score0.00633EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Adobe Substance 3D Modeler null pointer dereference vulnerability (CNVD-2026-11768)

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Microsoft Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Cloud Files Mini Filter Driver, which can be exploited by an attacker to elevate privileges...

7.8CVSS5.7AI score0.00453EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Adobe InDesign Out-of-Bounds Read Vulnerability (CNVD-2026-11767)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information...

5.5CVSS5.9AI score0.0019EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2026-11770)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a heap buffer overflow vulnerability that originates from a partial overwrite of heap memory, which can be exploited by an attacker to...

7.8CVSS6.5AI score0.00238EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Microsoft Windows NTFS Code Execution Vulnerability

Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...

7.8CVSS6.5AI score0.00569EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Cyber Cafe Management System add-users.php Endpoint Cross-Site Scripting Vulnerability

Cyber Cafe Management System is an internet cafe management system. A cross-site scripting vulnerability exists in Cyber Cafe Management System that stems from the username parameter of the add-users.php endpoint not adequately handling the input, no details of the vulnerability are available at...

6.1CVSS5.8AI score0.00216EPSS
Exploits2References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

WordPress Kunze Law plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...

4.4CVSS6AI score0.00237EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Adobe Substance 3D Modeler Out-of-Bounds Write Vulnerability (CNVD-2026-10859)

Adobe Substance 3D Modeler is a software focused on 3D sculpting that allows users to create 3D models in both desktop and VR environments using digital clay-like intuitive tools.... Adobe Substance 3D Modeler suffers from an out-of-bounds write vulnerability that can be exploited by an attacker ...

7.8CVSS6.1AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

WordPress Responsive Accordion Slider plugin unauthorized data modification vulnerability

WordPress Responsive Accordion Slider plugin is a WordPress plugin that combines the functionality of folding panels Accordion and rotating images Slider. The WordPress Responsive Accordion Slider plugin suffers from an unauthorized data modification vulnerability that stems from a lack of...

4.3CVSS5.9AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

WordPress Float Payment Gateway plugin unauthorized data modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Float Payment Gateway plugin that stems from mishandling of errors and can be exploited by an attacker to...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

WordPress Aplazo Payment Gateway plugin missing privileges vulnerability

WordPress Aplazo Payment Gateway plugin is a payment gateway plugin for WooCommerce stores that allows customers to choose "buy now, pay later" payment method at the time of purchase. A lack of privileges vulnerability exists in WordPress Aplazo Payment Gateway plugin, which can be exploited by a...

5.3CVSS5.9AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

WordPress Internal Link Builder plugin cross-site scripting vulnerability

WordPress Internal Link Builder plugin is a tool used to help webmasters create internal links on WordPress sites. WordPress Internal Link Builder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

4.4CVSS6AI score0.0019EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•9 views

Huawei HarmonyOS and EMUI Media Library Module Privilege Authentication Bypass Vulnerability (CNVD-2026-10873)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...

6.1CVSS5.7AI score0.00078EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

GPAC Out-of-Bounds Read Vulnerability

GPAC is an open source multimedia framework. GPAC suffers from an out-of-bounds read vulnerability that stems from the GSF demultiplexer filter component failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...

7.5CVSS5.9AI score0.00323EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Huawei HarmonyOS and EMUI Media Library Module Privilege Authentication Bypass Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...

6.2CVSS5.7AI score0.00085EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Huawei HarmonyOS Print Module Improper Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improper privilege control vulnerability exists in the Huawei HarmonyOS printing module, which can be exploited by an attacker to compromise confidentiali...

5.7CVSS5.8AI score0.00103EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Cyber Cafe Management System add-users.php Endpoint SQL Injection Vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the username parameter of the add-users.php endpoint not adequately validating user input, no details of the vulnerability are available at...

9.8CVSS5.9AI score0.00414EPSS
Exploits2References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Huawei HarmonyOS Multimode Input Module Double Release Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A double-release vulnerability exists in the Huawei HarmonyOS multimode input module, which can be exploited by an attacker to cause input functionality to b...

7.8CVSS5.8AI score0.00083EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Huawei HarmonyOS Thermal Management Module Multi-threaded Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS thermal management module, which can be exploited by an attacker to caus...

6.8CVSS5.8AI score0.00061EPSS
Exploits0References1
Total number of security vulnerabilities131179