Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/11/24 12:0 a.m.•6 views

IBM Concert Information Disclosure Vulnerability (CNVD-2026-07114)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an information disclosure vulnerability that stems from t...

7.5CVSS5.9AI score0.00227EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•3 views

IBM Concert Encryption Problem Vulnerability (CNVD-2025-29669)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from not properly enabling HTTP Strict Transport...

5.9CVSS6.5AI score0.00189EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

IBM Concert Output Neutralization Malpractice Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an improper output neutralization vulnerability that can be exploited by an attacker to cause a forge...

6.2CVSS6.7AI score0.00101EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•3 views

Tenda AC21 saveParentControlInfo File Buffer Overflow Vulnerability

Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...

4.3CVSS7.4AI score0.00258EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•3 views

Revive Adserver Cross-Site Scripting Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

5.4CVSS6.3AI score0.00319EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

Tenda AC21 SetSysAutoRebbotCfg File Buffer Overflow Vulnerability

Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...

4.3CVSS7.4AI score0.02113EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29421)

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

6.5CVSS6.1AI score0.00184EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•3 views

Revive Adserver Uncontrolled Resource Consumption Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

6.5CVSS6.8AI score0.00353EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•6 views

Tenda AC21 SetSysTimeCfg File Stack Buffer Overflow Vulnerability

Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...

9.8CVSS8.4AI score0.03473EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

Complete Online Beauty Parlor Management System /customer-list.php file cross-site scripting vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Name ...

6.1CVSS6AI score0.00216EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•3 views

Revive Adserver Format Character Neutralization Malpractice Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

2.7CVSS6.9AI score0.00374EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•3 views

Revive Adserver Authorization Bypass Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

8.8CVSS7AI score0.00592EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

IBM Concert Cross-Site Scripting Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering an...

6.1CVSS6.1AI score0.00172EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•5 views

Revive Adserver Username In-Blank Neutralization and Improper Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

5.4CVSS6.9AI score0.0022EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•16 views

Tenda AC21 SetIpMacBind File Stack Buffer Overflow Vulnerability

Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...

9.8CVSS8.4AI score0.03473EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•3 views

Microsoft Application Gateway Elevation of Privilege Vulnerability

Microsoft Application Gateway is an application gateway from Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in Microsoft Application Gateway, which can be exploited by an attacker to elevate privileges...

9.8CVSS7.1AI score0.00555EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

D-Link DWR-M920 sub_41C7FC function buffer overflow vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that originates from malicious manipulation of the submit-url parameter of the sub41C7FC function in the /boafrm/formPinManageSetup file. An attacker can...

9CVSS6.5AI score0.00645EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•2 views

Apache Causeway Deserialization Vulnerability

Apache Causeway is the Apache Foundation of a Java rapid application development framework . Apache Causeway suffers from a deserialization vulnerability that originates from unsafe deserialization of user-controllable URL parameters in the receipt of serialized data submitted by the user, which...

6.3CVSS7.6AI score0.09442EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•7 views

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29419)

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

5.4CVSS6.3AI score0.00388EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•6 views

Revive Adserver banner-zone.php script cross-site scripting vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

6.1CVSS6.3AI score0.00358EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•5 views

IBM Concert Information Disclosure Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from uncontrolled recursive directory replication,...

5.5CVSS6.2AI score0.00101EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

UFIDA U9 Multi-Organization Enterprise Internet Application Platform of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•7 views

COVID Tracking System SQL Injection Vulnerability

The COVID Tracking System is a new crown pneumonia tracking system. The COVID Tracking System suffers from a SQL injection vulnerability that stems from the /admin/?page=state file not securely filtering the ID parameter. The vulnerability can be exploited by an attacker to illegally obtain...

8.8CVSS6.8AI score0.00276EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•5 views

Tenda AC21 saveParentControlInfo File Buffer Overflow Vulnerability

Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...

4.3CVSS7.4AI score0.00215EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•15 views

Revive Adserver stats-conversions.php script cross-site scripting vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

8.7CVSS5.9AI score0.00455EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•14 views

Revive Adserver Missing Authorization Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

7.1CVSS6.9AI score0.00281EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•11 views

Tenda AC21 setPptpUserList Buffer Overflow Vulnerability

Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...

4.3CVSS7.4AI score0.00258EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•8 views

Revive Adserver User Management System Design Insecurity Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver has a user...

4.3CVSS6.9AI score0.00258EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•9 views

Revive Adserver Information Disclosure Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

4.3CVSS7.1AI score0.00314EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•2 views

WordPress Plugin New User Approve Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin New User Approve, which...

5.3CVSS5.6AI score0.00263EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•5 views

WordPress Booking for Appointments plugin input validation error vulnerability

WordPress Booking for Appointments plugin is a tool for implementing appointment management on WordPress websites. The WordPress Booking for Appointments plugin suffers from an input validation error vulnerability that stems from a lack of validation for the tslotapptemail AJAX action, which can ...

5.3CVSS7.1AI score0.00258EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•7 views

WordPress Community Events plugin SQL Injection Vulnerability

WordPress Community Events plugin is an event management plugin on the WordPress platform , mainly used to create and display the event calendar , support for AJAX dynamic loading and event submission form features . WordPress Community Events plugin suffers from a SQL injection vulnerability tha...

7.5CVSS8.3AI score0.0029EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•5 views

Tenda CH22 Buffer Overflow Vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter chkHz in the file /goform/WrlExtraGet that fails to correctly validate the length of the input data, and can be exploited by an attacker t...

9.8CVSS8.3AI score0.00618EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•10 views

Command Execution Vulnerability in DH2100+ NAS of Shenzhen Greenlink Technology Co.

The DH2100+ NAS is a two-drive network attached storage device designed for home and personal users. A command execution vulnerability exists in the Shenzhen Greenlink DH2100+ NAS, which can be exploited by attackers to remotely execute commands...

6.1AI score
Exploits0
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•5 views

WordPress Plugin Quiz Maker Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Quiz Maker, which stems...

7.5CVSS5.5AI score0.00293EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•5 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29234)

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome prior to version 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...

8.8CVSS7.9AI score0.00244EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•4 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29236)

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome prior to version 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...

8.8CVSS7.9AI score0.00244EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•3 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29235)

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...

8.8CVSS7.3AI score0.00244EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•27 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29232)

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...

8.8CVSS7.3AI score0.00244EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•4 views

Google Chrome code issue vulnerability (CNVD-2025-29233)

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via specially...

8.8CVSS7.9AI score0.00244EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/21 12:0 a.m.•31 views

WordPress Code Snippets plugin code injection vulnerability

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

8CVSS7.7AI score0.00317EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Fortinet FortiExtender Buffer Overflow Vulnerability

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet. The Fortinet FortiExtender suffers from a buffer overflow vulnerability that originates from buffer copying without checking the input size, which can be exploited by an attacker to cause an authenticated us...

7.8CVSS8.1AI score0.00139EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

School Fees Payment Management System /ajax.php?action=save_student file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

9.8CVSS6AI score0.00318EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Dell SmartFabric OS10 Software Code Injection Vulnerability

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a code injection vulnerability that can be exploited by an attacker to cause code execution...

6.7CVSS7.9AI score0.0017EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Online Voting System /index.php File Code Problem Vulnerability

Online Voting System is an online voting system. Online Voting System has a code issue vulnerability that stems from a lack of validation of uploaded files in the page parameter of file /index.php. An attacker can exploit this vulnerability to upload malicious files...

8.8CVSS7.3AI score0.00295EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Apache OpenOffice Security Bypass Vulnerability (CNVD-2025-29167)

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A security bypass vulnerability exists in Apache OpenOffice, which can be exploited by an attacker t...

7.5CVSS6.9AI score0.0118EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Apache OpenOffice Security Bypass Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A security bypass vulnerability exists in Apache OpenOffice, which can be exploited by an attacker t...

7.5CVSS6.9AI score0.00837EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

Fortinet FortiClientWindows Access Control Error Vulnerability

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. An Access Control Error vulnerabili...

7.8CVSS7AI score0.00142EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

WordPress Live sales notification for WooCommerce plugin missing authorization vulnerability

WordPress Live sales notification for WooCommerce plugin is a real-time sales notification tool designed for WooCommerce e-commerce platform, which displays recent purchases through pop-ups, and utilizes social proof to boost user trust and conversion rates. The WordPress Live sales notification...

7.5CVSS6.4AI score0.0028EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

WordPress Category and Product Woocommerce Tabs plugin file inclusion vulnerability

WordPress Category and Product Woocommerce Tabs plugin is a plugin for WordPress websites, the main function is to add custom tabs Tabs to WooCommerce product pages to organize and display product information, categories and other content. A file inclusion vulnerability exists in the WordPress...

8.8CVSS7.3AI score0.00293EPSS
Exploits0References1
Total number of security vulnerabilities131179