Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/12/07 12:0 a.m.•2 views

SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-986300)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/07 12:0 a.m.•8 views

SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-986298)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/05 12:0 a.m.•5 views

Google Chrome elevation of privilege vulnerability (CNVD-2025-30386)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome prior to version 143.0.7499.41, which stems from an improper implementation of Google Updater and could lead to an elevation of privilege attack. No details of the vulnerability are...

8.8CVSS6.8AI score0.00303EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/05 12:0 a.m.•3 views

SQL Injection Vulnerability in PM2 Project Management Platform of Beijing Bangyong Technology Co. Ltd (CNVD-C-2025-983218)

Ltd. is a professional project management software provider, providing advanced and practical project management software and project management informationization related consulting. SQL injection vulnerability exists in the PM2 project management platform of Beijing BangYong Technology Co., Ltd...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/05 12:0 a.m.•8 views

Google Chrome Use After Release Vulnerability (CNVD-2026-07245)

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a use-after-free vulnerability that stems from Storage objects being accessed even after they have been released prematurely. An attacker could use this vulnerability to trick a user into visiting a specially craft...

8.8CVSS6.2AI score0.00314EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/04 12:0 a.m.•4 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-980402)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/04 12:0 a.m.•5 views

ZEIT Next.js Remote Code Execution Vulnerability

Next.js is a React framework for building full-stack web applications. ZEIT Next.js suffers from a remote code execution vulnerability that stems from Next.js versions 15.x and 16.x relying on a flawed React server-side DOM package when using App Router, which can be exploited by an attacker to...

8.2AI score
Exploits111References1
cnvd
cnvd
•added 2025/12/04 12:0 a.m.•2 views

NVIDIA TAO Resource Loading Vulnerability

NVIDIA TAO is NVIDIA's tool suite for machine learning model development and deployment. NVIDIA TAO suffers from a resource loading vulnerability that can be exploited by attackers to cause elevation of privilege, data tampering, denial of service, and information disclosure hazards...

8.8CVSS6.6AI score0.00358EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/04 12:0 a.m.•16 views

Meta React Server Components Remote Code Execution Vulnerability

React Server Components is a new component model in the React Framework that allows components to run and render on the server and not execute in the client browser. Meta React Server Components has a remote code execution vulnerability that stems from a lack of security checks when parsing...

10CVSS8.4AI score0.99562EPSS
Exploits375References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30457)

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from...

8.6CVSS6.5AI score0.00375EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Socomec DIRIS Digiware M-70 Buffer Overflow Vulnerability

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. The Socomec DIRIS Digiware M-70 suffers from a buffer overflow vulnerability that originates fro...

8.6CVSS7.2AI score0.00447EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Grav path traversal vulnerability (CNVD-2025-30353)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that stems from the program's failure to properly filter special elements in the path of a resource or...

6.8CVSS7AI score0.0042EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976455)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Unspecified Vulnerability in Devolutions Server

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an unspecified vulnerability that originates from exposing credentials...

3.5CVSS6.6AI score0.00258EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•6 views

Apache SkyWalking Cross-Site Scripting Vulnerability (CNVD-2025-30566)

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...

6.1CVSS6.1AI score0.00625EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Apache bRPC Denial of Service Vulnerability (CNVD-2026-00022)

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. Apache bRPC suffers from a denial of service vulnerability due to an uncontrolled recursion flaw in the json2pb component. An attacker could exploit the...

7.5CVSS6.7AI score0.01479EPSS
Exploits2References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Apache Kvrocks Information Disclosure Vulnerability

Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an information disclosure vulnerability that stems from the MONITOR command disclosing plaintext credentials. An attacker could exploit this vulnerability to obtain sensitive...

5.3CVSS6.4AI score0.00257EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30454)

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...

8.6CVSS6.4AI score0.00363EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•6 views

WordPress StreamTube Core plugin arbitrary user password change vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary user password change vulnerability exists in the WordPress StreamTube Core plugin that originates from providing user-controlled access to objects, allowing a user ...

9.8CVSS7AI score0.00324EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Apache CloudStack Access Control Error Vulnerability (CNVD-2025-30565)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An Access Control Error vulnerability exists in Apache CloudStack tha...

4.3CVSS6.7AI score0.00314EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Devolutions Server SQL Injection Vulnerability

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...

8.8CVSS7.8AI score0.00524EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976466)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976462)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•6 views

Unspecified Vulnerability in Devolutions Server (CNVD-2025-30126)

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unspecified vulnerability exists in Devolutions Server that stems from a non-administrativ...

4.3CVSS6.5AI score0.00326EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•2 views

Socomec DIRIS Digiware M-70 Denial of Service Vulnerability

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from th...

8.6CVSS6.4AI score0.00363EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•2 views

Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30453)

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...

7.5CVSS6.5AI score0.00279EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Huawei HarmonyOS Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the memory management module and can be exploite...

9.3CVSS7AI score0.00084EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Huawei HarmonyOS file management module privilege control vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS file management module, which can be exploited by an attacker to compromise service...

5.5CVSS6.9AI score0.00074EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Grav Cross-Site Scripting Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

6.2CVSS6.1AI score0.00197EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•2 views

WordPress Nextend Social Login and Register plugin cross-site request forgery vulnerability

WordPress Nextend Social Login and Register plugin is a free WordPress plugin designed to simplify the registration and login process for website users. A cross-site request forgery vulnerability exists in the WordPress Nextend Social Login and Register plugin, which arises from a web application...

4.3CVSS6.8AI score0.00129EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976459)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Socomec DIRIS Digiware M-70 Cross-Site Request Forgery Vulnerability

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A cross-site request forgery vulnerability exists in the Socomec DIRIS Digiware M-70 that stems...

8.8CVSS6.9AI score0.00192EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•7 views

Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30459)

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...

7.5CVSS6.5AI score0.0037EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

WordPress Arconix Shortcodes plugin cross-site scripting vulnerability

WordPress Arconix Shortcodes plugin is a plugin that provides a wide range of shortcode functionality for WordPress websites. WordPress Arconix Shortcodes plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

6.5CVSS6.1AI score0.00135EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976458)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976469)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•1 views

Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30456)

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from a...

8.6CVSS6.5AI score0.00375EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Grav Path Traversal Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that stems from a path traversal sequence that causes an account YAML file to write to the wrong path. An...

8.8CVSS6.9AI score0.00482EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Grav Path Traversal Vulnerability (CNVD-2025-30350)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that can be exploited by a low-privileged user to read server files, which can be exploited by an attacke...

8.5CVSS6.8AI score0.00397EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Grav Server-Side Template Injection Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause arbitrary code execution...

8.8CVSS8.2AI score0.00527EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Grav Authorization Issues Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an authorization issue vulnerability that stems from improper authorization checking, which can be exploited by an attacker to cause for...

9.6CVSS6.9AI score0.01252EPSS
Exploits4References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Grav User Enumeration and Email Disclosure Vulnerabilities

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a user enumeration and email disclosure vulnerability that can be exploited by attackers to enumerate users and disclose sensitive email...

6.5CVSS6.5AI score0.00277EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Grav elevation of privilege vulnerability (CNVD-2025-30354)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which can be exploited to cause an elevation of privilege due to a lack of user name uniqueness...

8.8CVSS7.2AI score0.00278EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

LIVE555 Streaming Media Heap Buffer Overflow Vulnerability (CNVD-2025-30509)

LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a heap buffer overflow vulnerability that stems...

6.5CVSS6.9AI score0.00277EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

LIVE555 Streaming Media Buffer Overflow Vulnerability

LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a buffer overflow vulnerability that stems from...

6.5CVSS6.9AI score0.00277EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•2 views

LIVE555 Streaming Media Null Pointer Dereference Vulnerability

LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media has a null pointer dereference vulnerability that originates...

6.5CVSS6.5AI score0.00259EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•2 views

Socomec DIRIS Digiware M-70 Plaintext Transfer Vulnerability

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. The Socomec DIRIS Digiware M-70 suffers from a plaintext transmission vulnerability that...

7.5CVSS6.3AI score0.00825EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•6 views

LIVE555 Streaming Media Post-Release Reuse Vulnerability (CNVD-2025-30510)

LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a post-release reuse vulnerability that stems fr...

6.5CVSS6.5AI score0.00259EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Huawei HarmonyOS Denial of Service Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which originates from a denial of service in Office Services, and can be exploited by an attack...

5.5CVSS6.7AI score0.00062EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976472)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
Total number of security vulnerabilities131179