Lucene search
K

131179 matches found

CNVD
CNVD
•added 2025/12/19 12:0 a.m.•6 views

Apple macOS Tahoe Injection Vulnerability

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an injection vulnerability that stems from a lack of adequate validation and cleanup of th...

5.5CVSS6.4AI score0.00199EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/19 12:0 a.m.•3 views

ChurchCRM legacy endpoint SQL injection vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that originates from the unvalidated familyId parameter in legacy endpoints/Reports/ConfirmReportEmail.php, and no details of the vulnerability are provided at this time...

9.3CVSS5.9AI score0.00323EPSS
Exploits3References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•15 views

MailEnable Insecure DLL Loading Vulnerability

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.0017EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•15 views

Unspecified Vulnerability in MailEnable (CNVD-2026-10887)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable has a security vulnerability that can be exploited by attackers to cause local credential disclosure and account takeover...

8.4CVSS5.6AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•15 views

Unspecified Vulnerability in MailEnable

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable has a security vulnerability that can be exploited by attackers to cause local credential disclosure and account takeover...

8.4CVSS5.6AI score0.00105EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•14 views

MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14406)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.00147EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•16 views

MailEnableMailEnableMailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14405)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from a MailEnable Insecure DLL Load vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.00147EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•14 views

MailEnableMailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14404)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from a MailEnable Insecure DLL Load vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.0015EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•13 views

MailEnableMailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14403)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from a MailEnable Insecure DLL Load vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.0015EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•12 views

MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14401)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.00147EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•12 views

MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14400)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.0015EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•4 views

Class and Exam Timetable Management /preview7.php File SQL Injection Vulnerability

Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter courseyearsection/semester in the file...

9.8CVSS8AI score0.00363EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•5 views

Google Pixel elevation of privilege vulnerability (CNVD-2026-0269422)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause local elevation of privilege...

7.8CVSS6.6AI score0.00071EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•5 views

Class and Exam Timetable Management /index.php File SQL Injection Vulnerability

Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...

9.8CVSS7.9AI score0.00568EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•6 views

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079510)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W has a buffer overflow vulnerability, the vulnerability stems fro...

10CVSS8.2AI score0.05127EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•13 views

MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14402)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.00147EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•5 views

Google Pixel elevation of privilege vulnerability (CNVD-2026-0269323)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause local elevation of privilege...

6.7CVSS6.6AI score0.00095EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•3 views

IBM Aspera Orchestrator Denial of Service Vulnerability

IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. A denial of service vulnerability exists in IBM Aspera Orchestrator that stems from improper interaction frequency control, which can be exploited by an attacker to cause a denial of...

6.5CVSS6.7AI score0.0031EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•1 views

TeamViewer DEX Client Elevation of Privilege Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. An elevation of privilege vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause elevation of privilege and execute arbitrary code...

6.7CVSS6.1AI score0.00141EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•2 views

IBM Aspera Orchestrator Unverified Password Change Vulnerability

IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. An unauthenticated password change vulnerability exists in IBM Aspera Orchestrator, which can be exploited by an attacker to make unauthorized changes to other users' passwords...

8.1CVSS7AI score0.00242EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•4 views

D-Link DIR-803 Information Disclosure Vulnerability

The D-Link DIR-803 is a wireless router from China's AUO D-Link. The D-Link DIR-803 suffers from an information disclosure vulnerability that originates from the incorrect operation of the parameter AUTHORIZEDGROUP in the file /getcfg.php of the component Configuration Handler, which can be...

7.5CVSS5.1AI score0.03559EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•6 views

Google Pixel elevation of privilege vulnerability (CNVD-2026-0269620)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause physical elevation of privilege...

5.1CVSS6.6AI score0.00131EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•14 views

MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14399)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6AI score0.0015EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•2 views

WordPress Addon Elements for Elementor Cross-Site Scripting Vulnerability

WordPress Addon Elements for Elementor is a plugin for the Elementor page builder designed to extend its functionality by providing additional widgets, templates and tools. WordPress Addon Elements for Elementor suffers from a cross-site scripting vulnerability that stems from the program's...

6.4CVSS6.2AI score0.00225EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•3 views

Simple Attendance Record System check.php File SQL Injection Vulnerability

Simple Attendance Record System is a simple attendance record system. Simple Attendance Record System suffers from a SQL injection vulnerability that originates from an unknown function in the /check.php file that mishandles the student parameter. An attacker can use this vulnerability to obtain ...

9.8CVSS7.7AI score0.00385EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•4 views

Computer Laboratory System admin_pic.php File Upload Vulnerability

Computer Laboratory System is a computer laboratory system. Computer Laboratory System has a file upload vulnerability that originates from the mishandling of the image parameter by an unknown handler function in the /admin/adminpic.php file. An attacker can exploit this vulnerability to upload...

7.2CVSS5.2AI score0.00343EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•4 views

Student File Management System update_user.php File Cross-Site Scripting Vulnerability

Student File Management System is a student file management system. A cross-site scripting vulnerability exists in Student File Management System, which originates from an incorrect operation of the file /admin/updateuser.php, for which no detailed vulnerability details are currently available...

5.4CVSS4AI score0.00196EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•6 views

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079609)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W has a buffer overflow vulnerability that originates from the...

10CVSS8.2AI score0.05045EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•8 views

Student File Management System user_id Parameter SQL Injection Vulnerability

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from an incorrect manipulation of the parameter userid in the file /admin/deleteuser.php, and can be exploited by an attacker to obtain or...

9.8CVSS7.7AI score0.00363EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/18 12:0 a.m.•6 views

Google Pixel elevation of privilege vulnerability (CNVD-2026-0269521)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause local elevation of privilege...

7.8CVSS6.6AI score0.00071EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•5 views

WordPress Video Merchant Cross-Site Request Forgery Vulnerability

WordPress Video Merchant is a once-existing WordPress plugin that is mainly used for managing and displaying video content. WordPress Video Merchant suffers from a cross-site request forgery vulnerability that stems from missing or incorrect random number validation, which can be exploited by an...

8.8CVSS7AI score0.00383EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•4 views

WordPress WP CarDealer Elevation of Privilege Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in WordPress WP CarDealer, which stems from insufficient user role registration restrictions, and can be exploited by an...

9.8CVSS7AI score0.00305EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•2 views

WordPress List category posts SQL Injection Vulnerability

WordPress List category posts is a feature-rich WordPress plugin , mainly through the catlist short code to achieve the function . WordPress List category posts has a SQL injection vulnerability, the vulnerability stems from the existence of the startingwith parameter time-based SQL injection, an...

6.5CVSS8.1AI score0.00297EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•6 views

WordPress RSS Aggregator by Feedzy Code Issue Vulnerability

WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...

5.8CVSS7.2AI score0.00227EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•3 views

WordPress Wp Job Portal Arbitrary File Read Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in WordPress Wp Job Portal, which stems from improper handling of the downloadCustomUploadedFile function, and can be exploited ...

6.5CVSS6.6AI score0.00319EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•4 views

WordPress db-access SQL Injection Vulnerability

WordPress db-access is the core part of the WordPress system that interacts with the database. WordPress db-access exists SQL injection vulnerability, the vulnerability stems from the lack of authorization for AJAX operations, an attacker can use this vulnerability by sending malicious SQL comman...

7.7CVSS8.3AI score0.00274EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•3 views

WordPress Widgets For Google Reviews Cross-Site Scripting Vulnerability

WordPress Widgets For Google Reviews is a category of WordPress plugins designed to help webmasters easily display Google Business Reviews Google reviews on their websites. WordPress Widgets For Google Reviews suffers from a cross-site scripting vulnerability that stems from stored cross-site...

6.4CVSS5.9AI score0.00225EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•5 views

WordPress Upload.am Arbitrary Option Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary option disclosure vulnerability exists in WordPress Upload.am, which stems from a lack of capability checking by the AJAX request processor, which can be...

4.9CVSS6.3AI score0.00235EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•4 views

WordPress Donation SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Donation suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping, no details of the vulnerability are provided at this time...

4.1CVSS8.1AI score0.00222EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/16 12:0 a.m.•12 views

Command Injection Vulnerability in FineReport, FineBI, and FineDataLink of SailSoft Software Ltd.

FineReport is a leading enterprise-grade web reporting tool.FineBI is a new generation of self-service BI tools.FineDataLink is a low-code/high-time-efficiency enterprise-grade one-stop data integration and governance platform product. A command injection vulnerability exists in FineReport, FineB...

8.3AI score
Exploits0
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•2 views

NVIDIA Merlin Transformers4Rec Deserialization Vulnerability

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a deserialization vulnerability that originates from unsafe deserialization processing of serialized data submitted by a user when...

8.8CVSS6.1AI score0.00561EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00679)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•1 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0013343)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that originates from a low-privilege attacker who can inject malicious script into form fields, no details of the vulnerability are...

5.4CVSS6.2AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0012849)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from a stored cross-site scripting vulnerability in form fields, for which no detailed vulnerability details are currently...

5.4CVSS6.1AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0494065)

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

9.3CVSS5.8AI score0.00711EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•2 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0493967)

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

9.3CVSS5.8AI score0.00412EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•4 views

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00680)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00684)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/15 12:0 a.m.•6 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00687)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References1
Total number of security vulnerabilities131179