Lucene search
+L

131179 matches found

cnvd
cnvd
added 2025/12/12 12:0 a.m.13 views

MailEnable AddressesBcc Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6.3AI score0.00336EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.3 views

WordPress Basel plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in WordPress Basel plugin that stems from an improperly configured access control security level. No details of the vulnerability ar...

5.3CVSS6.8AI score0.00216EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.3 views

WordPress Animation Addons for Elementor plugin SQL Injection Vulnerability

WordPress Animation Addons for Elementor plugin is an Elementor page builder extension plugin for the WordPress platform, focused on adding rich animation effects to websites. The WordPress Animation Addons for Elementor plugin suffers from a SQL injection vulnerability that stems from improper...

6.5CVSS8AI score0.003EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.4 views

WordPress Business Directory Plugin Cross-Site Request Forgery Vulnerability

WordPress Business Directory Plugin is a plugin for creating and managing business directories such as business yellow pages, real estate listings, or classified ads on your WordPress website. WordPress Business Directory Plugin suffers from a cross-site request forgery vulnerability that stems...

4.3CVSS7AI score0.00102EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.9 views

Microsoft Exchange Server Input Validation Error Vulnerability (CNVD-2025-3057284)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A security vulnerability exists in Microsoft Exchange Server. An attacker could exploit the...

7.5CVSS6.7AI score0.01021EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.3 views

WordPress Essential Widgets plugin cross-site scripting vulnerability

WordPress Essential Widgets plugin is a tool used to enhance the functionality of your website, mainly providing the ability to create and add highly customizable widgets Widgets to help users manage the layout of their website content more flexibly. A cross-site scripting vulnerability exists in...

6.5CVSS6.1AI score0.00167EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.4 views

Microsoft Windows Routing and Remote Access Service Remote Code Execution Vulnerability

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft USA that is used to implement features such as network routing, virtual private networks VPNs and dial-up connections. A remote code execution vulnerability exists in Microsoft Windows Routing and Remote Acces...

8.8CVSS6.8AI score0.01242EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.3 views

Microsoft Outlook Resource Management Error Vulnerability

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. A security vulnerability exists in Microsoft Outlook. An attacker could exploit the vulnerability to remotely execute code...

7.8CVSS6.8AI score0.00766EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.15 views

MailEnable Added Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6.4AI score0.00418EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.4 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30654)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...

7.8CVSS8AI score0.00491EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.3 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30658)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS8AI score0.00664EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.5 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30657)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00619EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.2 views

WordPress AdForest plugin missing authorization vulnerability

WordPress AdForest plugin is a popular classified ads solution for building an online classified ads platform on your WordPress website. WordPress AdForest plugin suffers from a missing authorization vulnerability that stems from an improperly configured access control security level. No detailed...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.3 views

WordPress Plugin Download Manager Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Download Manager, which...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/12 12:0 a.m.7 views

Tenda CH22 Buffer Overflow Vulnerability (CNVD-2025-3077012)

The Tenda CH22 is an enterprise-grade wireless router for small to medium-sized businesses or home office environments. It supports single-band 2.4GHz wireless networks with a maximum transmission rate of up to 450Mbps. A buffer overflow vulnerability exists in the Tenda CH22 in version 1.0.0.1...

9CVSS8.4AI score0.00711EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.2 views

Nextcloud Calendar Security Feature Issue Vulnerability

Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...

6.5CVSS6.8AI score0.00255EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097500)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

5.4CVSS6.2AI score0.00182EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

WordPress Plugin SSP Debug Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin SSP Debug, which stems from...

5.3CVSS6AI score0.00256EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.6 views

Simple Shopping Cart adminlogin.php File SQL Injection Vulnerability

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminusername in the file /adminlogin.php. An attacker can exploit this...

9.8CVSS7.8AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.6 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097401)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

5.4CVSS6.3AI score0.00172EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.5 views

Employee Profile Management System /view_personnel.php File Cross-Site Scripting Vulnerability

Employee Profile Management System is an employee profile management system. Employee Profile Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter peraddress/drschool/otherschool in...

5.4CVSS4.4AI score0.00218EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.6 views

Online Ordering System /admin File SQL Injection Vulnerability

Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file /admin/. An attacker can exploit this vulnerability t...

9.8CVSS7.9AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.5 views

Currency Exchange System /editotheraccount.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editotheraccount.php. An attacker can exploit this vulnerabili...

9.8CVSS7.9AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

Currency Exchange System /edit.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of file /edit.php. An attacker can exploit this vulnerability to execute...

9.8CVSS7.8AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.16 views

Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-0013655)

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...

5.5CVSS6.8AI score0.00076EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

Command Execution Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1018960)

Ltd. is a deep-rooted enterprise in the field of visualization. A command execution vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to remotely execute commands...

6.1AI score
Exploits0
cnvd
cnvd
added 2025/12/10 12:0 a.m.5 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097798)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...

5.4CVSS6.3AI score0.00172EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.2 views

WordPress Plugin SurveyFunnel - Survey Plugin for WordPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in SurveyFunnel - Survey Plugin for WordPress...

5.3CVSS6AI score0.00256EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.6 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097203)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...

5.4CVSS6.3AI score0.00182EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.4 views

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079790)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progressive 512W suffers from a buffer overflow vulnerability, which originat...

9.8CVSS8.2AI score0.00707EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.5 views

Google Android elevation of privilege vulnerability (CNVD-2025-3067712)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause an elevation of physical privileges...

6.8CVSS6.6AI score0.00118EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.6 views

Advantech WISE-DeviceOn Server Hard-Coded Encryption Key Vulnerability

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a hard-coded encryption key vulnerability that can be exploited by an attacker to impersonate an arbitrary account...

10CVSS7AI score0.00604EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.132 views

Apache HTTP Server Cross-Site Request Forgery Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...

7.5CVSS6.8AI score0.00784EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-3113638)

Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a denial-of-service vulnerability that originates from a denial-of-service vulnerability in Office Services, which can be exploited by an attacker to cause a...

5.5CVSS6.7AI score0.00052EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.11 views

Google Chrome Information Disclosure Vulnerability (CNVD-2025-3038304)

Google Chrome is a web browser from Google, an American company. An information disclosure vulnerability exists in versions of Google Chrome prior to 139.0.7258.66, which stems from the disclosure of side-channel information during navigation and loading, and can be exploited by an attacker to...

4.7CVSS6.1AI score0.00168EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.7 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...

5.4CVSS6.2AI score0.00221EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.118 views

Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...

6.5CVSS6.8AI score0.00771EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.18 views

Apache HTTP Server Command Injection Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A command injection vulnerability exists in Apache HTTP Server versions prior to 2.4.66, which stems from modcgid passing a...

8.3CVSS7.6AI score0.01527EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.126 views

Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-30837)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.30 through 2.4.66 and earlier, which can be exploited by an...

7.5CVSS6.8AI score0.00417EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.132 views

Apache HTTP Server Code Execution Vulnerability (CNVD-2025-30835)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...

5.4CVSS7.6AI score0.00591EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

Google Android Insecure Defaults Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure defaults vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS6.4AI score0.00075EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.6 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097699)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...

5.4CVSS6.3AI score0.00172EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

UTT Progressive 520W Buffer Overflow Vulnerability (CNVD-2026-0079889)

The UTT Progress 520W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 520W suffers from a buffer overflow vulnerability that stems from the failure of the parameter pools in the...

9.8CVSS8.2AI score0.00707EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.6 views

Employee Profile Management System /view_personnel.php File SQL Injection Vulnerability

Employee Profile Management System is an employee profile management system. The Employee Profile Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter perid in the file /viewpersonnel.php. An...

8.8CVSS7AI score0.00307EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.9 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097104)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...

5.4CVSS6.3AI score0.00221EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.6 views

Online Ordering System user_school.php File SQL Injection Vulnerability

Online Ordering System is an online ordering system. Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter productid in the file /userschool.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.7 views

UTT Progressive 520W Buffer Overflow Vulnerability

The UTT Progress 520W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 520W suffers from a buffer overflow vulnerability, which originates from the parameter addHostFilter in the...

7.1CVSS7.2AI score0.00535EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.5 views

Simple Shopping Cart additems.php File SQL Injection Vulnerability

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter itemname in the file /Admin/additems.php against externally entered SQL statements. An attacker can exploit this...

9.8CVSS7AI score0.00282EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

Huawei HarmonyOS file management app bypasses app lock checksum vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A vulnerability exists in the Huawei HarmonyOS file management app that bypasses the application lock checksum and can be exploited by an attacker to...

5.5CVSS6.7AI score0.00078EPSS
Exploits0References1
cnvd
cnvd
added 2025/12/10 12:0 a.m.3 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-3056050)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which arises from a multi-threaded race condition that can be exploited by an attacker to cause an impac...

5.1CVSS6.7AI score0.00058EPSS
Exploits0References1
Total number of security vulnerabilities131179