Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

WordPress SocialChamp with WordPress plugin cross-site request forgery vulnerability

WordPress SocialChamp with WordPress plugin is a plugin called SocialChamp which focuses on social media automation management. WordPress SocialChamp with WordPress plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the...

4.3CVSS5.9AI score0.00124EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

GPAC ghi_dmx_declare_opid_bin function heap buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC suffers from a heap buffer overflow vulnerability that stems from the ghidmxdeclareopidbin function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.1AI score0.00188EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Mozilla Firefox and Mozilla Thunderbird have undisclosed vulnerabilities (CNVD-2026-23772)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...

10CVSS8.3AI score0.00306EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Cyber Cafe Management System add-users.php Endpoint Cross-Site Scripting Vulnerability

Cyber Cafe Management System is an internet cafe management system. A cross-site scripting vulnerability exists in Cyber Cafe Management System that stems from the uadd parameter of the add-users.php endpoint not being sufficiently cleaned up or coded for user input, and for which no detailed...

6.1CVSS5.8AI score0.00216EPSS
Exploits2References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Microsoft Windows Management Services Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Management Services due to concurrent execution in Management Services using shared resources with incorrect...

7.8CVSS6AI score0.00288EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Multiple Mozilla product information leakage vulnerabilities (CNVD-2026-23775)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have vulnerabilities related to...

5.3CVSS5.8AI score0.00411EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Integer Overflow Vulnerability in Multiple Mozilla Products

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

8.8CVSS6.4AI score0.0057EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

Code execution vulnerability in multiple Mozilla products (CNVD-2026-11806)

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

8.1CVSS6.6AI score0.00414EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•2 views

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2026-11805)

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

8.1CVSS5.9AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Huawei HarmonyOS Memo Module Privilege Control Vulnerability (CNVD-2026-13996)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS memo module, which can be exploited by an attacker to compromise confidentiality...

5.5CVSS5.8AI score0.00081EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•3 views

WordPress WP-Members Membership plugin cross-site scripting vulnerability

WordPress WP-Members Membership plugin is an open source membership plugin for WordPress that is mainly used to create membership sites with restricted content. WordPress WP-Members Membership plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

5.4CVSS6AI score0.00187EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

WordPress Flat Shipping Rate by City for WooCommerce plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress Flat Shipping Rate by City for WooCommerce plugin, which stems from insufficient cleaning and escaping of the cities...

4.9CVSS6AI score0.00263EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Intern Membership Management System /add_activity.php File SQL Injection Vulnerability

Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the Title parameter in the file /intern/admin/addactivity.php for externally entered SQL...

7.2CVSS6AI score0.0033EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in the Microsoft Windows Ancillary Function Driver for WinSock due to a type obfuscation flaw in the auxiliary function driver for...

7.8CVSS5.8AI score0.07983EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Multiple Mozilla product information leakage vulnerabilities (CNVD-2026-23774)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have vulnerabilities related to...

4.3CVSS5.2AI score0.00284EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Cyber Cafe Management System adminprofile.php Endpoint SQL Injection Vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the adminprofile.php endpoint's adminname parameter not being sufficiently cleaned of user input, no details of the vulnerability are availab...

8.8CVSS5.9AI score0.00387EPSS
Exploits2References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Multiple Mozilla products have deception vulnerabilities (CNVD-2026-23776)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. Several Mozilla products have deceptive vulnerabilities, which are...

5.4CVSS5.8AI score0.00261EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•11 views

WordPress Shipping Rate By Cities plugin SQL Injection Vulnerability

WordPress Shipping Rate By Cities plugin is a plugin designed for WooCommerce stores running on WordPress websites. The WordPress Shipping Rate By Cities plugin suffers from a SQL injection vulnerability that stems from the escaping and underpreparation of the city parameter, which can be exploit...

7.5CVSS6AI score0.00278EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•7 views

Intern Membership Management System /add_admin.php File SQL Injection Vulnerability

Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter Username in the file /intern/admin/addadmin.php for externally entered SQL...

7.2CVSS6AI score0.00314EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Microsoft Excel Access Control Error Vulnerability

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to bypass certain features...

7.8CVSS6AI score0.00406EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Huawei HarmonyOS Camera Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13992)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...

5.1CVSS5.8AI score0.00064EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•8 views

Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10673)

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

5.5CVSS5.6AI score0.00654EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...

8CVSS5.8AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the failure of the serviceName2 parameter in the fromAdvSetMacMtuWan function to proper...

7.5CVSS6.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•8 views

Mozilla Firefox and Mozilla Thunderbird information leakage vulnerabilities (CNVD-2026-23770)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...

5.3CVSS5.7AI score0.00313EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13987)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...

8CVSS5.8AI score0.00095EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Microsoft Graphics Kernel Competitive Conditions Issue Vulnerability

Microsoft Graphics Kernel is a kernel-mode graphics driver subsystem from Microsoft. A security vulnerability exists in Microsoft Graphics Kernel. An attacker could exploit the vulnerability to gain elevated privileges...

7CVSS6AI score0.00297EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•8 views

Microsoft Excel Code Execution Vulnerability (CNVD-2026-08746)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to remotely execute code...

7.8CVSS6AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

WordPress Supreme Modules Lite plugin code issue vulnerability

WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...

8.8CVSS6AI score0.00505EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•5 views

Mozilla Firefox and Mozilla Thunderbird code execution vulnerabilities (CNVD-2026-23773)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...

9.8CVSS9.2AI score0.00404EPSS
Exploits0
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

TRENDnet TEW-811DRU Operating System Command Injection Vulnerability

The TRENDnet TEW-811DRU is a wireless router from TRENDnet. The TRENDnet TEW-811DRU suffers from an operating system command injection vulnerability that stems from a misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause...

8.6CVSS7.1AI score0.20097EPSS
Exploits1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•4 views

WordPress Uploadify plugin code issue vulnerability

WordPress Uploadify plugin is a jQuery-based multi-file upload plugin that allows webmasters or users to implement intuitive and customizable file uploading features on web pages. A code issue vulnerability exists in WordPress Uploadify plugin that stems from a lack of file type validation in...

9.3CVSS6.2AI score0.008EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/19 12:0 a.m.•6 views

Huawei HarmonyOS Video Framework Module Multi-threaded Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Video Framework module, which can be exploited by an attacker to cause...

8.4CVSS5.8AI score0.00088EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/16 12:0 a.m.•9 views

Adobe Dreamweaver Desktop Input Validation Error Vulnerability (CNVD-2026-11774)

Adobe Dreamweaver Desktop is a web design and development software from the American company Audobee Adobe. Adobe Dreamweaver Desktop is vulnerable to an incorrect input validation error vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the system...

8.6CVSS6.3AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•4 views

D-Link DWR-M920 sub_423848 function buffer overflow vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that stems from the incorrect manipulation of the parameter submit-url in the function sub423848 in the file /boafrm/formParentControl, for which no...

9CVSS6AI score0.00693EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•7 views

Tenda M3 /goform/setInternetLanInfo File Heap Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the file / goform / setInternetLanInfo function...

9CVSS6.1AI score0.02475EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•3 views

D-Link DWR-M920 sub_464794 function buffer overflow vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that stems from the incorrect manipulation of the parameter submit-url in the function sub464794 in the file /boafrm/formDefRoute, for which no detailed...

9CVSS6AI score0.00693EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•7 views

D-Link DWR-M920 sub_42261C Function Stack Buffer Overflow Vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a stack buffer overflow vulnerability that stems from incorrect manipulation of the parameter ip6addr in the function sub42261C in the file /boafrm/formFilter, for which no detailed...

9CVSS6AI score0.00693EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•6 views

D-Link DWR-M920 Command Injection Vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter fotaurl in the function sub4155B4 in the file /boafrm/formLtefotaUpgradeFibocom, for which n...

8.8CVSS5.9AI score0.03443EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•3 views

TRENDnet TEW-713RE Operating System Command Injection Vulnerability

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from an operating system command injection vulnerability due to manipulation of the SZCMD parameter in an unknown function in the /goformX/formFSrvX file. An attacker could exploit the...

10CVSS7.4AI score0.12113EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•3 views

IBM Concert Information Disclosure Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an information disclosure vulnerability that stems from...

6.2CVSS5.9AI score0.00082EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•7 views

Delta Electronics DVP-12SE11T Improper Input Validation Vulnerability

Delta Electronics DVP-12SE11T is a networked mainframe from Delta Electronics China. The Delta Electronics DVP-12SE11T suffers from an improper input validation vulnerability that can be exploited by an attacker to cause a denial of service...

7.5CVSS6AI score0.00277EPSS
Exploits0
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•3 views

Refugee Food Management System SQL Injection Vulnerability

Refugee Food Management System is a refugee food management system. Refugee Food Management System suffers from a SQL injection vulnerability that stems from the incorrect manipulation of parameter a in the file /home/addusers.php, no details of the vulnerability are available at this time...

9.8CVSS5.9AI score0.00326EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•8 views

Delta Electronics DVP-12SE11T Out-of-Bounds Write Vulnerability

Delta Electronics DVP-12SE11T is a networked mainframe from Delta Electronics China. The Delta Electronics DVP-12SE11T is vulnerable to an out-of-bounds write vulnerability, no details of the vulnerability are available at this time...

9.8CVSS6AI score0.00288EPSS
Exploits0
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•4 views

Delta Electronics DVP15MC11T Denial of Service Vulnerability

The Delta Electronics DVP15MC11T is a multi-axis motion controller from Delta Electronics China. A denial of service vulnerability exists in the Delta Electronics DVP15MC11T, which stems from improper validation of modbus/tcp packets and can be exploited by an attacker to cause a denial of servic...

7.5CVSS5.7AI score0.00192EPSS
Exploits0
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•4 views

Complete Online Beauty Parlor Management System /search-invoices.php File Cross-Site Scripting Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from an incorrect manipulation of the parameter searchdata in the file...

4.8CVSS5.8AI score0.00198EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•2 views

Tenda WH450 /goform/RouteStatic file stack buffer overflow vulnerability

The Tenda WH450 is a wireless access point produced by the Chinese company Tenda. The Tenda WH450 has a stack buffer overflow vulnerability, which stems from incorrect handling of the page parameter in the file/goform/RouteStatic. No detailed details about the vulnerability are currently availabl...

8.6CVSS7.1AI score0.00676EPSS
Exploits1
CNVD
CNVD
•added 2026/01/14 12:0 a.m.•5 views

IBM Concert Competitive Conditions Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from a competitive condition vulnerability that stems from a...

7.7CVSS5.9AI score0.00117EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/12 12:0 a.m.•2 views

TRENDnet TEW-822DRE Command Injection Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. The TRENDnet TEW-822DRE suffers from a command injection vulnerability that originates from a misuse of the parameter peerPin in the file /boafrm/formWsc, which can be exploited by an attacker to execute arbitrary commands on t...

8.8CVSS6.8AI score0.1177EPSS
Exploits1References1
CNVD
CNVD
•added 2026/01/12 12:0 a.m.•2 views

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the function subF934 in the file NTPSyncWithHost.cgi, which can be exploited by an attacker to execute arbitrary command...

9CVSS7.6AI score0.10346EPSS
Exploits1
Total number of security vulnerabilities131179