Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/11/18 12:0 a.m.•7 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29239)

Google Chrome is Google's web browser. A security vulnerability exists in Google Chrome versions prior to 134.0.6998.35, which stems from an inadequate validation mechanism for the web application installation process. The vulnerability can be exploited by an attacker to conduct an interface...

4.3CVSS6.5AI score0.0018EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Linksys E1200 Command Injection Vulnerability

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

5.4CVSS8.3AI score0.0853EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•9 views

Rockwell Automation Arena Stack Buffer Overflow Vulnerability

Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. Rockwell Automation Arena suffers from a stack buffer overflow vulnerability that originates when the program fails to properly validate the length and size of input data, which could be...

7.3CVSS6.3AI score0.00153EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

Student Record System register.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of external input SQL statements for multiple parameters in register.php. An attacker can exploit this vulnerability to execute illegal SQL...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•9 views

Apache OpenOffice External File Loading Vulnerability

Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. A security vulnerability exists in Apache OpenOffice, which stems from improper authorization checking, and can be exploited by remote attackers to automatically load external files containing DD...

7.5CVSS7AI score0.01363EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

Student Record System admin-profile.php file cross-site scripting vulnerability

Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...

6.1CVSS6.3AI score0.0022EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•17 views

WordPress Survey Maker plugin unauthorized access vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. An unauthorized access vulnerability exists in the WordPress Survey Maker plugin, which stems from a lack...

5.3CVSS6.5AI score0.00233EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Inventory Management System PROID Parameter SQL Injection Vulnerability

Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from the PROID parameter in the /index.php?q=product file that does not securely filter user input. An attacker can exploit this vulnerability ...

9.8CVSS8.2AI score0.00316EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Google Chrome Buffer Overflow Vulnerability (CNVD-2025-29237)

Google Chrome is a web browser developed by Google. A security vulnerability exists in versions prior to Google Chrome 133.0.6943.141, which stems from the V8 engine mishandling malicious HTML pages. The vulnerability can be exploited by an attacker to trigger heap corruption via specially crafte...

4.3CVSS8AI score0.00191EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

DELL Alienware Command Center Improper Access Control Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. An improper access control vulnerability exists in DELL Alienware Command Center, which can be exploit...

6.6CVSS7AI score0.00097EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•8 views

DELL Alienware Command Center No Action Response Error Condition Detection Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. DELL Alienware Command Center suffers from a no action response error condition detection vulnerabilit...

7.8CVSS7.6AI score0.00132EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Desktop Alert PingAlert Cross-Site Scripting Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.5CVSS6.2AI score0.00165EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29240)

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 136.0.7103.59, which stems from a flaw in the security handling of the sandboxing mechanism. The vulnerability can be exploited by an attacker to achieve a sandbox escape via a...

5.4CVSS6.8AI score0.00159EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Student Record System change-password.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of the currentpassword parameter in change-password.php against an externally entered SQL statement. An attacker can exploit this vulnerability to...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•10 views

Student Record System admin-profile.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...

6.5CVSS8.3AI score0.00192EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/17 12:0 a.m.•8 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-859401)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/17 12:0 a.m.•2 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-859399)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

WordPress Easy Email Subscription plugin cross-site scripting vulnerability

The WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website, allowing users to receive new content updates via email. WordPress Easy Email Subscription plugin suffers from a cross-site scripting vulnerability that stems from the...

7.2CVSS6.1AI score0.00352EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29964)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information leakage vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...

7.8CVSS7.5AI score0.00509EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-29930)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

8CVSS8.4AI score0.02014EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-29961)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...

7.1CVSS6.1AI score0.00512EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

Adobe InDesign Memory Misreference Vulnerability (CNVD-2025-29699)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a memory misreference vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

7.8CVSS7.3AI score0.00265EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

Intel CIP Improper Access Control Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an Improper Access Control vulnerability that can be exploited by an attacker to cause information disclosure...

6.8CVSS6.7AI score0.00178EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•6 views

WordPress Team Members Showcase plugin cross-site scripting vulnerability

WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...

4.8CVSS6AI score0.00169EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•2 views

WordPress Payments Braintree For WooCommerce plugin authorization bypass vulnerability

WordPress Payments Braintree For WooCommerce plugin is a payment plugin designed specifically for WordPress websites, which supports payments done through both PayPal and credit cards. The WordPress Payments Braintree For WooCommerce plugin suffers from an authorization bypass vulnerability that...

7.5CVSS6.8AI score0.00448EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2025-28721)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability caused by an incorrect boundary condition in the Graphics:WebGPU component, which can be exploited by an attacker to execute arbitrary code ...

9.8CVSS8AI score0.00347EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•5 views

WordPress Plugin Chart Expert Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Chart Expert, which stems...

6.4CVSS6AI score0.00211EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•2 views

Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

8.9CVSS5.9AI score0.00167EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

Rockwell Automation Studio 5000 Simulation Interface Code Execution Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. A code execution vulnerability exists in Rockwell Automation Studio 5000 Simulation Interface, which can be exploited by an attacker to cause scripts to be executed with administrator...

8.9CVSS6.3AI score0.00141EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2025-28722)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability caused by an incorrect boundary condition in the Graphics:WebGPU component, which can be exploited by an attacker to execute arbitrary code ...

9.8CVSS8AI score0.00347EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

Mozilla Firefox and Firefox ESR Code Execution Vulnerability (CNVD-2025-28713)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR, which is caused by a WebRTC Audio/Video component reuse after release issue, and can be exploited by a...

8.8CVSS8.1AI score0.00279EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•6 views

Mozilla Firefox Code Execution Vulnerability (CNVD-2025-28723)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A code execution vulnerability exists in Mozilla Firefox, which stems from a memory security issue and can be exploited by an attacker to execute arbitrary code on a system...

8.1CVSS7.8AI score0.00324EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

WordPress Plugin Astra Security Suite - Firewall & Malware Scan Authorization Issues Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization issue vulnerability exists in the WordPress plugin Astra Security Suite -...

8.1CVSS8.1AI score0.00472EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

WordPress CTL Arcade Lite plugin cross-site request forgery vulnerability

WordPress CTL Arcade Lite plugin is a WordPress plugin for creating professional-grade arcade game websites with support for ad management, social sharing, leaderboards and more. The WordPress CTL Arcade Lite plugin suffers from a cross-site request forgery vulnerability, which originates from a...

4.3CVSS6.8AI score0.00133EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•1 views

Adobe Substance3D Stager Memory Misreference Vulnerability (CNVD-2025-29692)

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance3D Stager, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.3AI score0.00226EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

SAP Business Connector Input Validation Error Vulnerability

SAP Business Connector is a middleware from SAP, Germany. An input validation error vulnerability exists in SAP Business Connector, which can be exploited by an attacker to disclose sensitive information and cause unauthorized operations...

6.1CVSS6.3AI score0.00223EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-29963)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which is caused by an untrusted pointer dereference. An attacker could exploit the vulnerability to obtain sensitive information...

4.3CVSS6AI score0.00703EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

Adobe Illustrator on iPad Out-of-Bounds Write Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

7.8CVSS7.9AI score0.00202EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

Microsoft Office Code Execution Vulnerability (CNVD-2026-00027)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

7.8CVSS8.1AI score0.00405EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•2 views

Microsoft Office Code Execution Vulnerability (CNVD-2025-29929)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

7.8CVSS8.1AI score0.00405EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

Microsoft Configuration Manager Elevation of Privilege Vulnerability

Microsoft Configuration Manager is a Microsoft solution for managing computers and servers within an organization that helps IT departments keep software up-to-date, set configuration and security policies, and monitor system status. An elevation of privilege vulnerability exists in Microsoft...

6.7CVSS7.1AI score0.0034EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•2 views

Adobe Substance3D Stager Integer Underflow Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an integer underflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.3AI score0.00216EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

ZOHO ManageEngine Exchange reporter Plus cross-site scripting vulnerability (CNVD-2025-29921)

ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts within the...

7.3CVSS6.2AI score0.00478EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

ZOHO ManageEngine Exchange reporter Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...

7.3CVSS6.2AI score0.00483EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•2 views

Adobe Illustrator on iPad Heap Buffer Overflow Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

7.8CVSS8AI score0.00275EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•4 views

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28644)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

5.5CVSS6.4AI score0.00194EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

Tenda AX3 fromSetWifiGusetBasic function stack buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the shareSpeed parameter...

7.5CVSS7.4AI score0.00375EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•5 views

ZOHO ManageEngine Exchange reporter Plus cross-site scripting vulnerability (CNVD-2025-29922)

ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...

7.3CVSS6.2AI score0.00478EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•3 views

Mozilla Firefox and Firefox ESR Buffer Overflow Vulnerability (CNVD-2025-28717)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. Mozilla Firefox and Firefox ESR suffer from a buffer overflow vulnerability that stems from an incorrect boundary condition in a JavaScript WebAssembly component, which can be...

7.5CVSS8AI score0.00449EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/14 12:0 a.m.•1 views

Mozilla Firefox and Firefox ESR Code Execution Vulnerability (CNVD-2025-28718)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR due to a race condition in the Graphics component that can be exploited by an attacker to execute...

7.5CVSS8AI score0.00229EPSS
Exploits0References1
Total number of security vulnerabilities131179