Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/12/10 12:0 a.m.•3 views

Google Android Logic Error Vulnerability (CNVD-2025-3146618)

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a logic error issue in Session.java, which can be exploited by an attacker to view images of other users on the...

7.8CVSS6.4AI score0.00086EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•2 views

Google Android Input Validation Malpractice Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an improper input validation vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS6.4AI score0.00075EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Google Android Insecure Default Settings Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure default settings vulnerability that can be exploited by attackers to cause a local elevation of privilege...

7.3CVSS6.3AI score0.00125EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•2 views

Huawei HarmonyOS Improper Security Check Vulnerability

Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from an Improper Security Check vulnerability that originates from a vulnerability in the improper standard security check in the card module, which can be exploited by a...

5.5CVSS6.8AI score0.00069EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•3 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-3056248)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from improper input validation, and can be exploited by an attacker to cause impact on...

8.4CVSS6.8AI score0.00077EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Huawei HarmonyOS Competitive Conditions Vulnerability

Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a competitive condition vulnerability, which originates from a competitive condition vulnerability in the audio module, and can be exploited by an attacker to affect...

6.7CVSS6.7AI score0.00061EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•7 views

Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-0013753)

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...

6.2CVSS6.8AI score0.0008EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•2 views

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-3113443)

Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. A denial of service vulnerability exists in Huawei HarmonyOS, which originates from the vulnerability of office service to denial of service attacks. An attacker could exploit this vulnerability ...

5.5CVSS6.5AI score0.00052EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Student Management System /newcurriculm.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /newcurriculm.php. An attacker can exploit this vulnerabili...

9.8CVSS8.2AI score0.00423EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Online Ordering System user_contact.php File SQL Injection Vulnerability

Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /usercontact.php. The vulnerability can be exploited by a...

9.8CVSS7.9AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•2 views

Huawei HarmonyOS Denial of Service Vulnerability

Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. A denial of service vulnerability exists in Huawei HarmonyOS, which originates from the vulnerability of office service to denial of service attacks. An attacker could exploit this vulnerability ...

5.5CVSS6.5AI score0.00052EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•2 views

Huawei HarmonyOS office service denial of service vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS office service, which can be exploited by an attacker to cause a denial of service...

5.5CVSS6.7AI score0.00052EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•2 views

Huawei HarmonyOS camera framework module multithreaded conditional contention vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS camera framework module, which can be exploited by attackers to cause an...

5.1CVSS6.7AI score0.00058EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•16 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097005)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

5.4CVSS6.2AI score0.00221EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•2 views

WordPress Plugin MxChat Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MxChat, which stems from...

5.3CVSS6AI score0.00284EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•7 views

Employee Profile Management System Code Issue Vulnerability

Employee Profile Management System is an employee profile management system. Employee Profile Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter perfile in the file /profiling/addfilequery.php. No details of the...

8.8CVSS6.6AI score0.00359EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•5 views

Google Android Logic Error Vulnerability (CNVD-2025-3146717)

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a code logic error that can be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS6.6AI score0.00079EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•6 views

D-Link DCS-930L Command Injection Vulnerability

D-Link DCS-930L is a network camera from China AUO D-Link. The D-Link DCS-930L suffers from a command injection vulnerability that stems from the failure to properly filter construct command special characters, commands, etc. in the parameter AdminID in the file /setSystemAdmin. An attacker can...

8.8CVSS7.9AI score0.07684EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Huawei HarmonyOS Multi-threaded Competitive Condition Vulnerability

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei HarmonyOS suffers from a multi-threaded competitive condition vulnerability that can be...

8.4CVSS6.6AI score0.00061EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•9 views

Google Android Logic Error Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a code logic error, and no details of the vulnerability are provided at this time...

5.5CVSS6.9AI score0.00249EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•7 views

Currency Exchange System /edittrns.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /edittrns.php. An attacker can exploit this vulnerabilit...

9.8CVSS7.8AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

UTT Progressive 520W Buffer Overflow Vulnerability (CNVD-2026-0079988)

The UTT Progress 520W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 520W suffers from a buffer overflow vulnerability that originates from the parameter timeRangeName in the fi...

6.9CVSS7.2AI score0.00895EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

FreePBX SQL Injection Vulnerability (CNVD-2025-3038208)

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. FreePBX suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered S...

8.6CVSS8.3AI score0.00226EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•3 views

WordPress Plugin WebP Express Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...

5.3CVSS6AI score0.00271EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•5 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3096906)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...

5.4CVSS6.2AI score0.00216EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•3 views

Tenda Ax3 Buffer Overflow Vulnerability

The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A buffer overflow vulnerability exists in Tenda Ax3 version v16.03.12.11, which stems from the iptvType parameter failing to properly validate the length and size of the input data, and can be exploited by ...

6.5CVSS8.3AI score0.00516EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•5 views

Employee Profile Management System print_personnel_report.php File SQL Injection Vulnerability

Employee Profile Management System is an employee profile management system. An SQL injection vulnerability exists in Employee Profile Management System, which stems from the lack of validation of externally entered SQL statements in the parameter perid in the file /printpersonnelreport.php. An...

8.8CVSS7.2AI score0.0027EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•7 views

Simple Shopping Cart settings.php File SQL Injection Vulnerability

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter userid in the file /Customers/settings.php. An attacker can exploit this...

9.8CVSS7AI score0.00282EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•6 views

mall-swarm authorization issue vulnerability

mall-swarm is a microservice mall system. An authorization issue vulnerability exists in mall-swarm, which stems from incorrect manipulation of the parameter ids in the file /member/readHistory/delete, for which no detailed vulnerability details are provided at this time...

8.1CVSS5.5AI score0.00259EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•5 views

Google Android Competitive Conditions Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a competitive condition vulnerability that can be exploited by an attacker to cause bypassing of intent filters and local elevation of privilege...

7CVSS6.4AI score0.00073EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Huawei HarmonyOS Competitive Conditions Vulnerability (CNVD-2026-00632)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to cause confidentiality to be compromised...

7.1CVSS6.7AI score0.00059EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Huawei HarmonyOS camera framework module multi-threaded conditional contention vulnerability (CNVD-2026-00621)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS camera framework module, which can be exploited by an attacker to cause...

5.1CVSS6.7AI score0.00058EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-3055852)

Huawei HarmonyOS is an operating system. Provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from improper control of media library permissions, and can be exploited by an attacker to compromise service...

5.5CVSS6.9AI score0.00066EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•4 views

Google Android Missing Privilege Checking Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a missing privilege check vulnerability that can be exploited by attackers to cause a physical denial of service...

4.6CVSS6.3AI score0.00097EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•5 views

Google Android Permission Obfuscation Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege obfuscation vulnerability that originates from a privilege obfuscation issue in the SettingsSliceProvider.java file, which can be exploited by an...

7.8CVSS6.5AI score0.00078EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•10 views

Student Management System /edit_user.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...

9.8CVSS8.3AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•3 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097302)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

5.4CVSS6.3AI score0.00182EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•3 views

Google Android Precondition Check Failure Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a pre-condition check failure vulnerability that can be exploited by an attacker to cause a remote elevation of privilege...

9.8CVSS6.7AI score0.00343EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/10 12:0 a.m.•7 views

Google Android Privilege Bypass Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege bypass vulnerability that can be exploited by an attacker to cause activities to be launched from the background and local elevation of privilege...

7.8CVSS6.5AI score0.00232EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/09 12:0 a.m.•4 views

Billing System password-recovery.php Endpoint SQL Injection Vulnerability

Billing System is a billing system. The Billing System suffers from a SQL injection vulnerability that stems from the username and mobileno parameters in the /admin/password-recovery.php endpoint not validating user input. An attacker can use this vulnerability to steal, tamper, or delete sensiti...

6.5CVSS7.7AI score0.00179EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/09 12:0 a.m.•3 views

Billing System admin/index.php Endpoint SQL Injection Vulnerability

Billing System is a billing system. The Billing System suffers from a SQL injection vulnerability that originates when the username parameter in the admin/index.php endpoint is spliced directly into a back-end SQL query without validation. An attacker can exploit this vulnerability by submitting ...

6.5CVSS8.3AI score0.00179EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/09 12:0 a.m.•5 views

Google Chrome Error Type Conversion Vulnerability

Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a mis-typed conversion vulnerability that originates from the presence of a mis-typed conversion in the loader, which can be exploited ...

8.8CVSS6.2AI score0.0024EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/08 12:0 a.m.•6 views

Google Chrome Competitive Conditions Vulnerability

Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a competitive condition vulnerability that stems from the presence of a competitive condition in v8, which can be exploited by an...

7.5CVSS6.1AI score0.00187EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/08 12:0 a.m.•4 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-987341)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/08 12:0 a.m.•6 views

Google Chrome Media Stream Post-Release Reuse Vulnerability (CNVD-2025-30385)

Google Chrome is a web browser developed by Google. Google Chrome Media Stream suffers from a post-release reuse vulnerability that originates from re-referencing or using freed memory, which can be exploited by remote attackers to crash an application...

8.8CVSS6.9AI score0.0023EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/08 12:0 a.m.•5 views

Google Chrome Improperly Implemented Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a mal-implementation vulnerability that stems from a DevTools mal-implementation, which can be exploited by an attacker to sandbox escape by convincing a user to install a malicious extension, possibly using a...

5.4CVSS5.9AI score0.00206EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/08 12:0 a.m.•27 views

Claude Code Code Execution Vulnerability

Claude Code is a smart endpoint programming assistant that understands code bases and helps improve development efficiency through natural language commands that perform routine tasks, interpret complex code, handle Git workflows, and more, allowing developers to complete coding operations with...

9.8CVSS8.6AI score0.00639EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/08 12:0 a.m.•22 views

Google Chrome Reuse After Release Vulnerability

Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a post-release reuse vulnerability that stems from the reuse of digital credentials after release, which can be exploited by an attacke...

8.8CVSS5.9AI score0.00393EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/08 12:0 a.m.•6 views

Advantech iView SQL Injection Vulnerability

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from improper SNMP v1 trap request cleanup, which can be exploited by attackers to obta...

8.7CVSS7.9AI score0.00387EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/08 12:0 a.m.•6 views

Google Chrome Type Obfuscation Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause a heap corruption attack...

8.8CVSS5.9AI score0.00386EPSS
Exploits0References1
Total number of security vulnerabilities131179