Lucene search
K

131179 matches found

CNVD
CNVD
added 2026/06/08 12:0 a.m.2 views

D-Link DWR-M920 operating system command injection vulnerability

The D-Link DWR-M920 is a wireless router that provides network connectivity and configuration management functions. The D-Link DWR-M920 has a command injection vulnerability. This vulnerability stems from the sub412DA0 function in the file/boafrm/formIMEISetup failing to properly validate the...

6.5CVSS6.9AI score0.01044EPSS
Exploits0
CNVD
CNVD
added 2026/06/05 12:0 a.m.2 views

Google Chrome Reading List Permission Elevation Vulnerability

Google Chrome is a cross-platform web browser developed by Google, offering fast and secure access to the internet. There is a permission escalation vulnerability in Google Chrome’s Reading List feature on iOS. This vulnerability stems from insufficient validation of untrusted inputs. Attackers c...

8.8CVSS6.1AI score0.00234EPSS
Exploits0
CNVD
CNVD
added 2026/06/05 12:0 a.m.2 views

Beijing Xin'an Century Technology Co., Ltd.'s AG Security Access Gateway has a command execution vulnerability.

Beijing Xin'an Century Technology Co., Ltd. referred to as Xin'an Century was established in August 2001. It is a leading provider of information security products and solutions in China. Beijing Xin'an Century Technology Co., Ltd. has a command execution vulnerability in its AG security access...

6.2AI score
Exploits0
CNVD
CNVD
added 2026/06/05 12:0 a.m.12 views

GPAC Denial-of-Service Vulnerability (CNVD-2026-23411)

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contained a denial-of-service vulnerability. This vulnerability stemmed from a segmentation violation in the gfisomapplesettagex function. Attackers could exploit this vulnerability to cause a denial ...

5.5CVSS5.4AI score0.00143EPSS
Exploits0
CNVD
CNVD
added 2026/06/05 12:0 a.m.3 views

Google Android Information Leakage Vulnerability (CNVD-2026-26112)

Google Android is an open-source operating system based on Linux, developed by Google Inc. Google Android has a vulnerability related to information leakage. This vulnerability arises from logical errors in multiple functions of the KeyguardViewMediator.java file. Attackers can exploit this...

3.3CVSS6AI score0.00072EPSS
Exploits0
CNVD
CNVD
added 2026/06/05 12:0 a.m.11 views

Microsoft Azure HorizonDB authentication bypass vulnerability

Microsoft Azure HorizonDB is a cloud-native PostgreSQL database service provided by Microsoft Corporation. There is a security vulnerability in Microsoft Azure HorizonDB, which stems from bypassing authentication through deception. This could allow unauthorized attackers to escalate their...

10CVSS5.5AI score0.00973EPSS
Exploits0
CNVD
CNVD
added 2026/06/04 12:0 a.m.5 views

Cisco Webex Meetings Cross-site Scripting Vulnerability (CNVD-2026-25125)

Cisco Webex Meetings is a web-based product that provides online meetings, video conferencing, and collaboration features. Cisco Webex Meetings has a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of user input. An attacker can exploit this vulnerability...

6.1CVSS6.5AI score0.00184EPSS
Exploits0
CNVD
CNVD
added 2026/06/03 12:0 a.m.2 views

Zhengfang Software Co., Ltd.'s educational management system has logical defects and vulnerabilities

Positive Software Co., Ltd. hereinafter referred to as "Positive Company" was established in January 1999. It is a software and high-tech enterprise specialized in consulting, planning, construction, and services in the field of higher education informatization. The educational administration...

6.2AI score
Exploits0
CNVD
CNVD
added 2026/06/03 12:0 a.m.10 views

Google Chrome Resource Management Error Vulnerability (CNVD-2026-23390)

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Downloads component, where memory objects were not properly handled during user interactions...

8.8CVSS5.9AI score0.0028EPSS
Exploits0
CNVD
CNVD
added 2026/06/03 12:0 a.m.10 views

Google Chrome Input Validation Vulnerability (CNVD-2026-23389)

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation errors, which stemmed from insufficient validation processing by the DataTransfer component for untrusted inputs. Attackers could exploit...

5.3CVSS5.3AI score0.00219EPSS
Exploits0
CNVD
CNVD
added 2026/06/03 12:0 a.m.13 views

Google Chrome buffer overflow vulnerability (CNVD-2026-23391)

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability, which was caused by an out-of-bound read from the GPU component. Attackers could exploit this vulnerability to obtain sensitive information from the...

5.3CVSS5.7AI score0.00205EPSS
Exploits0
CNVD
CNVD
added 2026/06/03 12:0 a.m.10 views

Zyxel VMG4005-B50B buffer overflow vulnerability

Zyxel VMG4005-B50B is a network device firmware designed for managing the network functions and configurations of Zyxel VMG4005-B50B router devices. There is a buffer overflow vulnerability present in Zyxel VMG4005-B50B. This vulnerability stems from the UPnP DeletePortMapping command failing to...

6.5CVSS5.9AI score0.00168EPSS
Exploits0
CNVD
CNVD
added 2026/06/03 12:0 a.m.13 views

Google Chrome Resource Management Error Vulnerability (CNVD-2026-23388)

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from the Extensions component being reused after being released. Attackers could exploit this vulnerability to execute arbitrary...

8.8CVSS5.9AI score0.00175EPSS
Exploits0
CNVD
CNVD
added 2026/06/03 12:0 a.m.9 views

Google Chrome Resource Management Error Vulnerability (CNVD-2026-23387)

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from insufficient validation of memory usage after the Mojo component was released. Attackers could...

9.6CVSS5.3AI score0.00211EPSS
Exploits0
CNVD
CNVD
added 2026/06/02 12:0 a.m.2 views

Beijing Zhiyuan Internet Software Co., Ltd.'s Zhiyuan A8+ Collaborative Management Software has a vulnerability regarding arbitrary file reading.

Zhiyuan A8+ Collaborative Management Software is designed for groups, international organizations, industrial chains, large organizations, foreign-related work units, and organizational groups. It serves as an integrated portal and work entry point for group-level control and business management...

6.2AI score
Exploits0
CNVD
CNVD
added 2026/06/02 12:0 a.m.2 views

Yot CMS SQL injection vulnerability

Yot CMS is Yot’s content management system, used for website content publishing and page management. Yot CMS has a SQL injection vulnerability. The vulnerability arises due to the lack of proper filtering of SQL query fragments in the aid and cid parameters of the index.php file. Attackers can...

8.8CVSS6.1AI score0.0027EPSS
Exploits0
CNVD
CNVD
added 2026/06/02 12:0 a.m.10 views

IBM WebSphere Application Server identity spoofing vulnerability

IBM WebSphere Application Server is a Java enterprise application server developed by IBM. It is primarily used for deploying and managing enterprise-level web applications. IBM WebSphere Application Server has a vulnerability known as “Identity Spoofing.” This vulnerability arises from the failu...

9.1CVSS5.4AI score0.0033EPSS
Exploits0
CNVD
CNVD
added 2026/06/02 12:0 a.m.12 views

IBM WebSphere Application Server security control bypass vulnerability

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and running Java enterprise applications. IBM WebSphere Application Server has a security control bypass vulnerability. This vulnerability stems from the improper implementation of securi...

9CVSS5.6AI score0.00508EPSS
Exploits0
CNVD
CNVD
added 2026/06/02 12:0 a.m.29 views

IBM WebSphere Application Server code issue vulnerability (CNVD-2026-23396)

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and managing Java EE applications. There are security vulnerabilities in IBM WebSphere Application Server. These vulnerabilities stem from the SAML Web Single Sign-On component, which fai...

8.5CVSS5.6AI score0.00487EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.5 views

NVIDIA Display Driver Denial-of-Service Vulnerability

NVIDIA Display Driver is a graphics driver developed by NVIDIA Corporation. NVIDIA Display Driver contains security vulnerabilities. Attackers can exploit these vulnerabilities to cause denial-of-service attacks...

6.5CVSS5.7AI score0.00125EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.5 views

WordPress plugin Felan Framework cross-site scripting vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WordPress plugin Felan Framework has a cross-site...

7.1CVSS5.8AI score0.0018EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.3 views

WordPress plugin Endless Scroll cross-site scripting vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to extend the functionality of the platform. The Endless Scroll plugin has a...

6.4CVSS5.8AI score0.00187EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.2 views

Beijing Shenzhou Shihan Technology Co., Ltd. has a SQL injection vulnerability in its multimedia integrated business display system (CNVD-C-2026-244712).

Beijing Shenzhou Shihan Technology Co., Ltd. is a company that specializes in the field of visualization. The multimedia integrated business display system of Beijing Shenzhou Shihan Technology Co., Ltd. has a SQL injection vulnerability, and attackers can exploit this vulnerability to obtain...

6.1AI score
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.4 views

WordPress plugin Easy Prism Syntax Highlighter: Cross-site scripting vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WordPress plugin Easy Prism Syntax Highlighter ha...

6.4CVSS5.8AI score0.00187EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.4 views

WordPress Plugin: Cryptocurrency Price Comparison Widget Cross-site Script Vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance the functionality of the platform. The WordPress plugin...

6.4CVSS5.8AI score0.00187EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.9 views

Google Chrome Bluetooth module memory error and reference vulnerability

Google Chrome is a cross-platform web browser developed by Google. It primarily provides features for web browsing, extension support, and tab management. Google Chrome has a memory error reference vulnerability, which stems from improper management of object lifetimes by the Bluetooth module,...

8.1CVSS5.9AI score0.00233EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.5 views

WordPress plugin CM Ad Changer has a cross-site request fraud vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WordPress plugin CM Ad Changer has a cross-site...

4.3CVSS5.7AI score0.00128EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.5 views

WordPress plugin Dideo cross-site scripting vulnerability

WordPress is a blog platform developed using the PHP language. It allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WordPress plugin Dideo has a cross-site scripting vulnerability...

6.4CVSS5.8AI score0.00198EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.4 views

WordPress Plugins: Events In City Cross-Site Script Vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WordPress plugin “Events In City” contains a...

6.4CVSS5.8AI score0.00235EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.12 views

Google Chrome ANGLE component out-of-bounds write vulnerability (CNVD-2026-23393)

Google Chrome is a cross-platform web browser developed by Google. Google Chrome’s Angular components have a out-of-bounds write vulnerability. This vulnerability stems from improper boundary checking during the processing of HTML pages in versions prior to 148.0.7778.216. Attackers can exploit...

8.8CVSS5.5AI score0.00243EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.6 views

WordPress Plugin Formidable Kinetic Cross-site Scripting Vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The Formidable Kinetic plugin has a cross-site scriptin...

6.4CVSS5.8AI score0.00187EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.10 views

Google Chrome ANGLE Memory Error Reference Vulnerability (CNVD-2026-23395)

Google Chrome is a web browser developed by Google, primarily used for accessing the internet and running web applications. A vulnerability exists in Google Chrome related to memory references. This vulnerability stems from issues with memory references, and attackers can exploit it to achieve...

8.3CVSS5.3AI score0.00223EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.10 views

Google Chrome WebXR memory error reference vulnerability (CNVD-2026-23392)

Google Chrome is a web browser developed by Google. It supports multi-platform use and emphasizes security and performance. Google Chrome has a memory error reference vulnerability. This vulnerability stems from the WebXR component’s failure to properly handle object lifecycle, resulting in memor...

8.8CVSS6AI score0.00296EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.5 views

WordPress plugin Firebase Support and Chat Management has unknown vulnerabilities

This platform has the capability to set up personal blog websites on a server based on PHP and MySQL. A WordPress plugin is an application plugin. There is a security vulnerability in the WordPress plugin “Firebase Support and Chat Management.” This vulnerability stems from the fact that the...

8.8CVSS5.8AI score0.00283EPSS
Exploits0
CNVD
CNVD
added 2026/05/29 12:0 a.m.6 views

WordPress Plugin Content Slideshow Cross-site Scripting Vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The Content Slideshow plugin has a cross-site scripti...

6.4CVSS5.8AI score0.00187EPSS
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.12 views

IBM Aspera HSTS for CP4I certification bypass vulnerability

IBM Aspera HSTS for CP4I is a solution for high-speed and secure file transfer, primarily providing features for large-scale data transmission, encryption, and automated workflows. IBM Aspera HSTS for CP4I has a certification bypass vulnerability. This vulnerability arises due to the authenticati...

9.1CVSS5.4AI score0.00312EPSS
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.2 views

Beijing Anbo Tong Technology Co., Ltd.'s next-generation firewall has a command execution vulnerability

Beijing Anbotong Technology Co., Ltd. referred to as “Anbotong” is committed to becoming a leader in building a secure computing power ecosystem in the AI era. Its independently developed ABT SPOS visual network security system platform has become a widely adopted network security suite by many...

6.2AI score
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.2 views

MTGPU of Moore Threading Technologies (Beijing) Co., Ltd. has a permission escalation vulnerability (CNVD-2026-22916).

Mole Thready Intelligence Technology Beijing Co., Ltd. is a company whose business involves the development of full-featured GPU chips and AI computing solutions, serving organizations in the field of digital transformation. Mole Thready Intelligence Technology Beijing Co., Ltd. has a permission...

6AI score
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.2 views

Microsoft UFO Shell Action Replay operating system command injection vulnerability

Microsoft UFO is an open-source framework used for intelligent automation across devices and platforms. Microsoft UFO has a vulnerability related to operating system command injection. This vulnerability stems from ShellReceiver.runshell, which fails to properly handle the action parameter. It...

7.8CVSS6.2AI score0.01722EPSS
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.2 views

Changsha Metinfo Information Technology Co., Ltd. has a SQL injection vulnerability

MetInfo is an open-source CMS enterprise website building system that can be used for commercial websites without violating licensing agreements. Changsha Mitop Information Technology Co., Ltd.'s MetInfo has a SQL injection vulnerability, and attackers can exploit this vulnerability to access...

6.1AI score
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.2 views

MTGPU of Moore Threading Technologies (Beijing) Co., Ltd. has a permission escalation vulnerability (CNVD-2026-22915).

Mole Thready Intelligence Technology Beijing Co., Ltd. is a company whose business involves the development of full-featured GPU chips and AI computing solutions, serving organizations in the field of digital transformation. Mole Thready Intelligence Technology Beijing Co., Ltd. has a permission...

6AI score
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.12 views

IBM Db2 Denial-of-Service Vulnerability (CNVD-2026-23403)

IBM Db2 is a relational database management system, primarily used for data storage, querying, and management. IBM Db2 has a denial-of-service vulnerability. This vulnerability arises from improper handling of specially crafted heap queries. Attackers can exploit this vulnerability to cause the...

7.5CVSS5.4AI score0.00177EPSS
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.11 views

ZTE ZXUniPOS NDS-LTE access control vulnerability

ZTE ZXUniPOS NDS-LTE is a modular baseband unit designed for wireless communication networks. It primarily provides multi-mode and multi-frequency signal processing as well as data aggregation functions. ZTE ZXUniPOS NDS-LTE has an access control vulnerability. This vulnerability arises from the...

9.1CVSS5.4AI score0.00293EPSS
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.11 views

IBM Langflow OSS file processing component path traversal vulnerability

IBM Langflow OSS is an open-source low-code tool primarily used for building and deploying applications based on Large Language Models LLMs. IBM Langflow OSS has a path traversal vulnerability. This vulnerability stems from the failure to properly validate symbolic links during the decompression ...

9.8CVSS5.9AI score0.00624EPSS
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.12 views

IBM Db2 range partitioned tables denial-of-service vulnerability (CNVD-2026-23402)

IBM Db2 is a relational database management system developed by IBM. It is primarily used for data storage, querying, and analysis. IBM Db2 has a denial-of-service vulnerability that arises from improper handling of specially crafted queries involving range partition tables during execution...

5.5CVSS5.4AI score0.00098EPSS
Exploits0
CNVD
CNVD
added 2026/05/28 12:0 a.m.15 views

IBM OPENBMC Denial-of-Service Vulnerability

IBM OpenBMC is an open-based board management controller firmware, primarily used for server hardware monitoring and management. IBM OpenBMC has a denial-of-service vulnerability. The vulnerability arises from the failure to properly validate requests from unauthenticated network users. Attackers...

5.3CVSS5.4AI score0.00238EPSS
Exploits0
CNVD
CNVD
added 2026/05/27 12:0 a.m.2 views

Beijing YishengERP

Diankeyun ERP is an inventory management system developed using thinkPHP + LAYUI. Beijing Yisheng Internet Technology Co., Ltd.'s Diankeyun ERP has a directory traversal vulnerability, allowing attackers to obtain sensitive information through this vulnerability...

6.1AI score
Exploits0
CNVD
CNVD
added 2026/05/27 12:0 a.m.2 views

Beijing YishengERP

Diankeyun ERP is an inventory management system developed using thinkPHP and LAYUI. Beijing Yisheng Internet Technology Co., Ltd.'s Diankeyun ERP has logical defects and vulnerabilities. Attackers can exploit these vulnerabilities to add users...

6.1AI score
Exploits0
CNVD
CNVD
added 2026/05/27 12:0 a.m.2 views

Beijing YishengERPSQL

Diankeyun ERP is an inventory management system developed using thinkPHP and LAYUI. Beijing Yisheng Internet Technology Co., Ltd.'s Diankeyun ERP has a SQL injection vulnerability, allowing attackers to obtain sensitive database information...

6.1AI score
Exploits0
CNVD
CNVD
added 2026/05/26 12:0 a.m.12 views

ZTE MU5250 Access Control Vulnerability

The ZTE MU5250 is a 5G mobile Wi-Fi device produced by ZTE Corporation. The ZTE MU5250 has a vulnerability related to access control. This vulnerability stems from improper configuration of the access control mechanism. Attackers can exploit this vulnerability to obtain information without proper...

7.5CVSS5.4AI score0.00216EPSS
Exploits0
Total number of security vulnerabilities131179