Lucene search
K

131179 matches found

CNVD
CNVD
added 2026/06/11 12:0 a.m.2 views

Huawei HarmonyOS file preview module permission control vulnerability

Huawei HarmonyOS is a distributed operating system developed by Huawei. It is primarily used for intelligent terminal devices, providing cross-device collaboration and a unified experience. The Huawei HarmonyOS file preview module has a permission control vulnerability. This vulnerability stems...

5.5CVSS6.1AI score0.00087EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.2 views

Adobe Substance3D Sampler out-of-bound write vulnerability (CNVD-2026-26866)

Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Adobe Substance3D Sampler has a out-of-bounds write vulnerability, allowing attackers to execute arbitrary code within the context of the current user...

7.8CVSS7.2AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.2 views

Adobe InDesign Desktop Null Reference Deletion Vulnerability (CNVD-2026-26867)

Adobe InDesign is a typesetting and editing application developed by Adobe, a company based in America. Adobe InDesign has a null pointer dereferencing vulnerability, which can be exploited by attackers to cause a denial-of-service attack...

5.5CVSS6.2AI score0.0013EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.2 views

Adobe InDesign Null Pointer Reference Vulnerability (CNVD-2026-26868)

Adobe InDesign is a typesetting and editing application developed by Adobe, a company based in America. Adobe InDesign has a null pointer dereferencing vulnerability, which can be exploited by attackers to cause a denial-of-service attack...

5.5CVSS6.2AI score0.0013EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.7 views

Microsoft Excel information leakage vulnerability (CNVD-2026-24917)

Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is an information leakage vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to obtain sensitive information...

4.3CVSS5.8AI score0.00629EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.7 views

Adobe Substance3D Sampler out-of-bound write vulnerability (CNVD-2026-24901)

Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Adobe Substance3D Sampler has a out-of-bounds write vulnerability, allowing attackers to execute arbitrary code within the current user environment...

7.8CVSS7.4AI score0.00141EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Tenda W15E formPortalAuth function buffer overflow vulnerability

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The Tenda W15E version 15.11.0.10 has a buffer overflow vulnerability. This vulnerability stems from the faulty handling of the gotoUrl parameter in the formPortalAuth function, which fails to properly validate the length ...

7.5CVSS7.6AI score0.00309EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.6 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24903)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00224EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.12 views

Huawei HarmonyOS Access Control Vulnerability (CNVD-2026-23807)

Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing seamless experiences across devices and memory management capabilities. There is an access control vulnerability in the package management module of Huawei HarmonyOS. The cause of this...

5.2CVSS5.4AI score0.00078EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.10 views

Huawei HarmonyOS browser kernel denial-of-service vulnerability

Huawei HarmonyOS is a distributed operating system developed independently by Huawei. It primarily offers seamless collaboration across devices, intelligent experiences in various scenarios, and security features. Huawei HarmonyOS has a denial-of-service vulnerability. This vulnerability stems fr...

4.3CVSS5.4AI score0.00161EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.12 views

Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24188)

Adobe InDesign Desktop is a professional desktop publishing and page layout design software. Adobe InDesign Desktop has a heap buffer overflow vulnerability. This vulnerability arises because the program fails to properly handle data in malicious files. Attackers can exploit this vulnerability by...

7.8CVSS6.3AI score0.00175EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Huawei HarmonyOS Print Module Permission Control Vulnerability

Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing features such as cross-device collaboration, intelligent connectivity, and secure operation environments. The print module of Huawei HarmonyOS has a permission control vulnerability, which stems...

5.5CVSS5.8AI score0.00075EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.6 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24902)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00224EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.6 views

Microsoft Hyper-V Code Execution Vulnerability (CNVD-2026-24919)

Microsoft Hyper-V is an application developed by the American company Microsoft. It is a system management program that enables desktop virtualization. There is a code execution vulnerability in Microsoft Hyper-V, and attackers can exploit this vulnerability to execute arbitrary code on the syste...

8.4CVSS8AI score0.00357EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.3 views

Huawei HarmonyOS SMS app path traversal vulnerability

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. The Huawei HarmonyOS SMS app contains a path traversal vulnerability, which can be exploited by attackers to compromise the system’s...

5.4CVSS5.9AI score0.00155EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.4 views

Tenda W15E formAddWebAuthWhiteUser function: Buffer overflow vulnerability in the webAuthWhiteUserInfo parameter

Tenda W15E is a wireless router produced by the Chinese company Tenda. The Tenda W15E has a buffer overflow vulnerability in the webAuthWhiteUserInfo parameter. Attackers can exploit this vulnerability to cause denial-of-service attacks through specially crafted HTTP requests...

7.5CVSS7.5AI score0.00309EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.4 views

Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2026-25587)

FortiSandbox is a security sandbox product provided by Fortinet, primarily used for detecting and analyzing malware. Fortinet FortiSandbox has a vulnerability related to OS command injection. This vulnerability stems from an inability to properly neutralize the special elements used in OS command...

9.8CVSS7.4AI score0.23393EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.13 views

Huawei HarmonyOS package management access control error vulnerability

Huawei HarmonyOS is a distributed operating system developed by Huawei Corporation. It is designed for comprehensive scenarios and primarily offers features such as cross-device collaboration, security protection, and intelligent services. There is an access control vulnerability in the package...

5.1CVSS5.4AI score0.00073EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.6 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24908)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00283EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.11 views

Adobe InDesign Desktop stack buffer overflow vulnerability (CNVD-2026-24184)

Adobe InDesign Desktop is a professional publishing layout and page design software, primarily used for printing and digital publication creation. Adobe InDesign Desktop has a stack buffer overflow vulnerability, which stems from insufficient input validation, leading to out-of-bound writing of...

7.8CVSS6.3AI score0.00175EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.13 views

Adobe InCopy buffer overflow vulnerability (CNVD-2026-24182)

Adobe InCopy is a professional text editing and typesetting software, primarily used for creating and editing content in collaboration with Adobe InDesign. Adobe InCopy has a security vulnerability that stems from improper handling of malicious files, leading to out-of-bound memory writes...

7.8CVSS5.9AI score0.00139EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Microsoft Excel code execution vulnerability (CNVD-2026-24916)

Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute arbitrary code on the system...

7CVSS7.8AI score0.00263EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24904)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00224EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Microsoft Excel code execution vulnerability (CNVD-2026-24913)

Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute code locally...

7.8CVSS7.5AI score0.00372EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.6 views

Adobe Substance3D Sampler out-of-bound write vulnerability (CNVD-2026-24899)

Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Adobe Substance3D Sampler has a out-of-bounds write vulnerability, allowing attackers to execute arbitrary code within the current user environment...

7.8CVSS7.4AI score0.00141EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.7 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24906)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00207EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.6 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24907)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00283EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24909)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00283EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Microsoft Office Code Execution Vulnerability (CNVD-2026-24912)

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a code execution vulnerability in Microsoft Office, which is caused by improper...

7.8CVSS7.8AI score0.00457EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.9 views

Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24187)

Adobe InDesign Desktop is a professional desktop publishing application, primarily used for page layout design in print and digital media. Adobe InDesign Desktop has a buffer overflow vulnerability that stems from improper handling of malicious files during user interactions. Attackers can exploi...

7.8CVSS6.5AI score0.00175EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.16 views

Microsoft Windows DNS Permission Elevation Vulnerability (CNVD-2026-24189)

Microsoft Windows DNS is a domain name resolution service provided by Microsoft Corporation in the United States. The Domain Name System DNS is one of the industry-standard protocol suites that includes TCP/IP. Both DNS clients and DNS servers work together to provide name resolution services,...

7CVSS5.3AI score0.00274EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.4 views

Huawei EMUI and Huawei HarmonyOS have vulnerabilities related to input validation.

Huawei HarmonyOS EMUI is a microkernel-based distributed operating system developed by Huawei, offering seamless collaboration across devices. There are input validation vulnerabilities in Huawei EMUI and Huawei HarmonyOS. These vulnerabilities stem from the log service’s failure to properly hand...

5CVSS5.9AI score0.00075EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Mozilla Focus for iOS and Mozilla Klar for iOS have cross-site scripting vulnerabilities

Mozilla Focus for iOS and Mozilla Klar for iOS are mobile web browsers designed with privacy protection in mind by the American Mozilla Foundation. Both browsers have cross-site scripting vulnerabilities. These vulnerabilities arise due to improper input validation during the Webkit navigation...

7.5CVSS5.8AI score0.00216EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.2 views

Microsoft ASP.NET Core resource management error vulnerability

Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. There are security vulnerabilities in Microsoft ASP.NET Core. Attackers can exploit...

7.5CVSS7AI score0.0243EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.10 views

WordPress plugin WP Meta Sort Posts cross-site request fraud vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP Meta Sort Posts plugin has a cross-site request...

4.3CVSS5.4AI score0.00128EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.9 views

WordPress plugin WPMobi has a cross-site request forgeing vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance the functionality of the platform. The wpMobi plugin has a...

4.3CVSS5.8AI score0.00128EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.10 views

WordPress plugin WP-Ultimate-Map has a cross-site request forgeing vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP-Ultimate-Map plugin has a cross-site request...

6.1CVSS5.5AI score0.00119EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.9 views

The WordPress plugin WPForms has an unknown vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a security vulnerability in the WPForms plugin. This vulnerability stems from...

5.3CVSS5.6AI score0.00197EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.11 views

WordPress plugin WP Emoticon Rating cross-site request fraud vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WP Emoticon Rating plugin has a cross-site reques...

6.1CVSS5.3AI score0.0012EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.11 views

WordPress plugin: WP GDPR Cookie consent and cross-site scripting vulnerabilities

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP GDPR Cookie Consent plugin has a cross-site...

6.4CVSS5.3AI score0.00188EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.13 views

The WordPress plugin Events for GeoDirectory has an unknown vulnerability.

WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in the Events Calendar...

8.8CVSS5.5AI score0.00275EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.11 views

WordPress Plugin Custom Block Builder Cross-Site Script Vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a website. The WordPress Plugin Custom Block Builder has a cross-site...

3.5CVSS5.6AI score0.00138EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.9 views

The WordPress plugin 6Storage Rentals has an unknown vulnerability.

WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in WordPress Plugin...

7.5CVSS5.4AI score0.00403EPSS
Exploits0
CNVD
CNVD
added 2026/06/10 12:0 a.m.14 views

WordPress Plugin Recover Exit For WooCommerce file contains a vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance functionality of the platform. The "Recover Exit For WooCommerce"...

8.1CVSS5.8AI score0.00551EPSS
Exploits0
CNVD
CNVD
added 2026/06/09 12:0 a.m.13 views

Apache HTTP Server buffer overflow vulnerability (CNVD-2026-23635)

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a buffer overflow vulnerability present in Apache HTTP Server, but detailed informatio...

9.8CVSS5.7AI score0.00486EPSS
Exploits0
CNVD
CNVD
added 2026/06/09 12:0 a.m.12 views

Apache HTTP Server infinite loop vulnerability

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a bug in Apache HTTP Server involving infinite loops; however, detailed information...

7.3CVSS5.3AI score0.00562EPSS
Exploits0
CNVD
CNVD
added 2026/06/09 12:0 a.m.17 views

Apache HTTP Server memory allocation overflow vulnerability

The Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server features speed, reliability, and the ability to be expanded through simple APIs. There is a vulnerability in Apache HTTP Server where excessive memory allocation exists;...

7.5CVSS5.3AI score0.11471EPSS
Exploits8
CNVD
CNVD
added 2026/06/09 12:0 a.m.3 views

jflyfox jfinal_cms SQL injection vulnerability

jfinalcms is a content management system used for managing website sections, articles, and feedback content. jflyfox jfinalcms has a SQL injection vulnerability. The vulnerability arises due to the list function in the AdvicefeedbackController.java file not properly filtering the orderBy paramete...

6.5CVSS6.6AI score0.00204EPSS
Exploits0
CNVD
CNVD
added 2026/06/09 12:0 a.m.11 views

Apache HTTP Server memory error reference vulnerability

The Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. The Apache HTTP Server has a memory corruption vulnerability. Attackers can exploit this...

7.3CVSS5.9AI score0.00479EPSS
Exploits0
CNVD
CNVD
added 2026/06/08 12:0 a.m.2 views

UOS Desktop 20 Professional of Tongxin Software Technology Co., Ltd has a local privilege escalation vulnerability.

Tongxin Software Technology Co., Ltd. hereinafter referred to as “Tongxin Software” is a Chinese operating system development company. It is a national high-tech enterprise and a gazelle enterprise. Its main business includes the research and development of desktop operating systems, server...

6.1AI score
Exploits0
Total number of security vulnerabilities131179