Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Apache Kvrocks Elevation of Privilege Vulnerability

Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an elevation of privilege vulnerability that is caused by improper privilege management in the RESET command. An attacker can exploit this vulnerability to gain administrator...

5.4CVSS7.3AI score0.00356EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Grav Elevation of Privilege Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which stems from a password hash disclosure, and can be exploited by an attacker to cause...

7.2CVSS7.3AI score0.00359EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•8 views

Huawei HarmonyOS/EMUI Post-Release Reuse Vulnerability

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A post-release...

7.1CVSS6.7AI score0.00069EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•2 views

Huawei HarmonyOS/EMUI Access to Invalid Memory Vulnerability

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. An access to...

7.1CVSS6.7AI score0.00079EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-00138)

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...

8.4CVSS6.8AI score0.00084EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Huawei HarmonyOS file management module privilege control vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS file management module, which can be exploited by an attacker to compromise service...

7.5CVSS6.9AI score0.00137EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•2 views

Huawei HarmonyOS video-related system service module denial of service vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in the Huawei HarmonyOS video-related system service module, which can be exploited by attackers to affect...

7.3CVSS6.6AI score0.00064EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•2 views

Huawei HarmonyOS screen recording framework module memory misreference vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS screen recording framework module, which can be exploited by attackers to affect...

8.4CVSS6.8AI score0.00067EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•6 views

Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30300)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the printing module and can be exploited by an...

6.2CVSS6.8AI score0.0008EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30296)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the boot recovery module, and can be exploited b...

7.1CVSS6.9AI score0.00079EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Huawei HarmonyOS screen recording framework module memory misreference vulnerability (CNVD-2025-30254)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS screen recording framework module, which can be exploited by attackers to affect...

6.4CVSS6.8AI score0.00071EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Huawei HarmonyOS Authentication Bypass Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in Huawei HarmonyOS, which stems from an authentication bypass in the Gallery application, and can be exploited...

6.2CVSS7AI score0.00089EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30299)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which arises from improper privilege control of distributed components and can be exploited by ...

8CVSS6.8AI score0.0008EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Huawei HarmonyOS Configuration Flaw Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A configuration flaw vulnerability exists in Huawei HarmonyOS, which stems from a configuration flaw in the file management module, and can be exploited by a...

7.1CVSS6.7AI score0.00076EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Huawei HarmonyOS Security Checks for Improper Standards Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an Improper Security Check Criteria vulnerability that originates from an improper security check criterion for the call module...

7.3CVSS6.8AI score0.00074EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•1 views

ChurchCRM Time-Based Blind SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from temporal blind SQL injection, which can be exploited by an attacker to cause data disclosure and modification, deterministic server-side latency...

7.2CVSS5.9AI score0.0035EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Grav Insecure Direct Object Reference Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav has an insecure direct object reference vulnerability, the vulnerability stems from the application does not correctly implement the access control...

6.5CVSS6.7AI score0.00258EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•7 views

LIVE555 Streaming Media Post-Release Reuse Vulnerability

LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a post-release reuse vulnerability that stems fr...

6.5CVSS6.5AI score0.00259EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976457)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Grav denial of service vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a denial of service vulnerability that stems from insufficient input validation, which can be exploited by an attacker to cause a denial...

6.9CVSS6.8AI score0.00337EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30455)

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from th...

7.5CVSS6.5AI score0.00279EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•8 views

Grav server-side template injection vulnerability (CNVD-2025-30342)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause disclosure of the entire Grav configuration...

8.7CVSS7.2AI score0.00331EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Socomec Easy Config System Authentication Bypass Vulnerability

Socomec Easy Config System is a free software tool developed by Socomec for fast, reliable and flexible configuration of its power monitoring and measurement equipment. An authentication bypass vulnerability exists in Socomec Easy Config System, which stems from an authentication bypass in the us...

7.3CVSS6.6AI score0.00147EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•7 views

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30346)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

6.8CVSS6.1AI score0.00182EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30345)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

6.2CVSS6.1AI score0.00182EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•12 views

Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30302)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the Notepad module, and can be exploited by an...

5.5CVSS6.8AI score0.00075EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•6 views

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30347)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

6.2CVSS6.1AI score0.00182EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30295)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the Wi-Fi module and can be exploited by an...

5.5CVSS6.8AI score0.00078EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•12 views

Grav Code Execution Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a code execution vulnerability that stems from malicious Twig expression injection, which can be exploited by an attacker to cause...

8.8CVSS8.8AI score0.00685EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•6 views

Grav server-side template injection vulnerability (CNVD-2025-30352)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that stems from insufficient regular expression validation of the cleanDangerousTwig...

8.8CVSS8.1AI score0.0264EPSS
Exploits4References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•5 views

Grav Cross-Site Scripting Vulnerability (CNVD-2025-30348)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

6.2CVSS6.1AI score0.00182EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•12 views

Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30458)

The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...

7.5CVSS6.5AI score0.00363EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•4 views

Grav Resource Management Error Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a resource management error vulnerability that stems from insufficient input cleanup, which can be exploited by an attacker to cause a...

4.9CVSS6.8AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/03 12:0 a.m.•3 views

Huawei HarmonyOS App Lock Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS App Lock module, which can be exploited by attackers to affect availability...

5.5CVSS6.8AI score0.00069EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/02 12:0 a.m.•6 views

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-448742)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/12/01 12:0 a.m.•2 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-948730)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•8 views

Apache Hive SQL Injection Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...

5.4CVSS7.7AI score0.00343EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•5 views

Cisco Catalyst Center Operating System Command Injection Vulnerability

Cisco Catalyst Center Cisco DNA Center is a network management system from the American company Cisco. Cisco Catalyst Center Cisco DNA Center suffers from an operating system command injection vulnerability that stems from insufficient user input validation. An attacker could exploit this...

8.8CVSS5.8AI score0.00354EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•6 views

Cisco Catalyst Center Cross-Site Scripting Vulnerability

Cisco Catalyst Center Cisco DNA Center is a network management system from the American company Cisco. Cisco Catalyst Center suffers from a cross-site scripting vulnerability that stems from insufficient user input validation. An attacker could exploit the vulnerability to cause cross-site...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•2 views

Cisco Catalyst Center Virtual Appliance Input Validation Error Vulnerability

Cisco Catalyst Center Virtual Appliance is a network controller and automated management platform from the American company Cisco Cisco. An input validation error vulnerability exists in the Cisco Catalyst Center Virtual Appliance that stems from improper validation of HTTP request parameters in...

4.7CVSS5.8AI score0.00241EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•4 views

ZTE ElasticNet UME R32 on Linux Mismanagement of Privileges Vulnerability

ZTE ElasticNet UME R32 is a service management and traffic processing platform from China's ZTE Corporation ZTE. A mismanagement of privileges vulnerability exists in ZTE ElasticNet UME R32 on Linux, which can be exploited by an attacker to gain access to functionality that is not properly...

7.5CVSS5.9AI score0.00241EPSS
Exploits0
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•2 views

Wireshark Buffer Overflow Vulnerability (CNVD-2025-30215)

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark version 4.6.0 suffers from a buffer overflow vulnerability that stems from a BPv7 pars...

5.5CVSS7.3AI score0.00098EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•3 views

WordPress TAX SERVICE Electronic HDM Missing Authorization Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress TAX SERVICE Electronic HDM, which stems from a lack of authorization and CSRF checks in AJAX operations. An attacker...

8.6CVSS6.5AI score0.00158EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•5 views

TRENDnet TEW-657BRM Command Injection Vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. The TRENDnet TEW-657BRM suffers from a command injection vulnerability that is caused by a flaw in the setup.cgi binary file. An attacker can exploit this vulnerability to execute arbitrary operating system commands on the system...

8CVSS6.1AI score0.06838EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•4 views

Cisco Catalyst Center Virtual Appliance Access Control Error Vulnerability

Cisco Catalyst Center Virtual Appliance is a network controller and automated management platform from the American company Cisco Cisco. The Cisco Catalyst Center Virtual Appliance suffers from an Access Control Error vulnerability that stems from insufficient validation of user input. An attacke...

8.8CVSS6.8AI score0.00509EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/28 12:0 a.m.•5 views

WordPress houzez cross-site scripting vulnerability

WordPress houzez is a WordPress theme designed for real estate brokers and companies, providing powerful Elementor integration, listing management, map search and other features, supporting multi-language and currency conversion, aiming to create a professional and user-friendly real estate...

6.1CVSS6.2AI score0.00179EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•10 views

WordPress Ace Post Type Builder plugin unauthorized custom taxonomy removal vulnerability

WordPress Ace Post Type Builder plugin is a plugin for creating and managing Custom Post Types CustomPostTypes,CPT, which helps users to extend the content structure in WordPress with support for advanced features such as custom fields, categories and tags. WordPress Ace Post Type Builder plugin...

5.3CVSS6.7AI score0.00234EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•1 views

FastAdmin Arbitrary File Read Vulnerability of Shenzhen Extreme Creative Technology Co.

FastAdmin is an open source and free commercial backend development framework, built on ThinkPHP and Bootstrap, with a comprehensive permission management system and one-click generation of CRUD and other powerful features. Shenzhen Extreme Creative Technology Co. FastAdmin arbitrary file reading...

6AI score
Exploits0
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•11 views

WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin unauthorized access vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a lack of privilege...

5.3CVSS7AI score0.00254EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•10 views

WordPress iframe plugin cross-site scripting vulnerability

The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

6.4CVSS6.1AI score0.00161EPSS
Exploits0References1
Total number of security vulnerabilities131179