Lucene search
+L

131179 matches found

cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28715)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Workers component. An attacker can exploit this...

8.1CVSS6.7AI score0.00251EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

Intel CIP elevation of privilege vulnerability (CNVD-2025-28672)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from improper external control of filenames or paths, and no details of the vulnerability are...

6.7CVSS7.3AI score0.00138EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.5 views

Adobe InDesign Desktop Heap Buffer Overflow Vulnerability

Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

7.8CVSS7.7AI score0.00303EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Unspecified Vulnerability in Rockwell Automation Verve Asset Manager

Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Verve Asset Manager that can be exploited by an attacker to read, update, and delete users via the API...

8.4CVSS5.9AI score0.00311EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

WordPress Plugin Auto Amazon Links - Amazon Associates Affiliate Arbitrary File Read Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in the WordPress plugin Auto Amazon Links - Amazon...

7.5CVSS6.7AI score0.00447EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

WordPress Plugin Authors List Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Authors List, which stem...

6.5CVSS6.1AI score0.00377EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

Rockwell Automation FactoryTalk DataMosaix Private Cloud Cross-Site Scripting Vulnerability

Rockwell Automation FactoryTalk DataMosaix Private Cloud is an industrial data platform product from Rockwell Automation USA. Rockwell Automation FactoryTalk DataMosaix Private Cloud suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering an...

8.6CVSS6.1AI score0.00338EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.5 views

WordPress Plugin Add Multiple Marker Has Unspecified Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Add Multiple Marker, which stems from a...

5.3CVSS6.5AI score0.00264EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Mozilla Firefox and Firefox ESR Spoofing Vulnerability (CNVD-2025-28714)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A spoofing vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to conduct spoofing attacks...

3.4CVSS6.7AI score0.00256EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28712)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

8.1CVSS6.8AI score0.00251EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Intel CIP Code Issue Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP has a code issue vulnerability that stems from an unrestricted upload of dangerous types of files, which can be exploited by attackers to cause data tampering...

2CVSS7.3AI score0.00199EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Intel CIP elevation of privilege vulnerability (CNVD-2025-28674)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from a protection mechanism failure, which can be exploited by an attacker to cause an elevation...

6.3CVSS7.2AI score0.0012EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Intel Gaudi Resource Management Error Vulnerability

Intel Gaudi is a family of AI gas pedal chips developed by Intel subsidiary HabanaLabs and designed for deep learning training and inference tasks. Intel Gaudi suffers from a resource management error vulnerability that stems from uncontrolled resource consumption, which can be exploited by an...

6.8CVSS6.8AI score0.00122EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-29965)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...

7.1CVSS6.1AI score0.00568EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29932)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00499EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29933)

Microsoft Excel is a powerful spreadsheet software developed by Microsoft. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...

7.8CVSS8.1AI score0.00474EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Unspecified Vulnerability in AXIS OS

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...

6CVSS6.9AI score0.00105EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

ZOHO ManageEngine OpManager Cross-Site Scripting Vulnerability (CNVD-2025-29925)

ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ZOHO ManageEngine OpManager, no detailed vulnerability details are available at this time...

6.5CVSS6.3AI score0.00413EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

ZOHO ManageEngine Applications Manager Command Injection Vulnerability

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A command injection...

8.8CVSS7.8AI score0.043EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

ZOHO ManageEngine Exchange reporter Plus cross-site scripting vulnerability (CNVD-2025-29920)

ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in Zoho ManageEngine Exchange Reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...

7.3CVSS6.2AI score0.00478EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

SAP Business Connector Cross-Site Scripting Vulnerability (CNVD-2025-29169)

SAP Business Connector is a middleware from SAP, Germany. A cross-site scripting vulnerability exists in SAP Business Connector due to improper validation of user-supplied input in the PRTG Web Monitor web interface. An attacker could exploit the vulnerability to access or modify information with...

6.1CVSS5.9AI score0.00237EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Adobe InCopy Memory Misreference Vulnerability (CNVD-2025-28654)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe InCopy, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

7.8CVSS7.3AI score0.00226EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.6 views

ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. A SQL injection vulnerability exists in ZOHO ManageEngine Analytics Plus. An attacker can use this vulnerability to view, add, modify, or...

9.8CVSS7.8AI score0.01706EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

WordPress Plugin Document Pro Elementor Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Document Pro Elementor has an information disclosure vulnerability, the...

5.3CVSS5.8AI score0.0036EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

Mozilla Firefox and Firefox ESR Code Execution Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR, which stems from a post-release reuse issue in the Audio/Video component, and can be exploited by an...

8.8CVSS8.1AI score0.00288EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Unspecified Vulnerability in WordPress Plugin TNC Toolbox Web Performance

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin TNC Toolbox Web Performance, which stem...

10CVSS6.1AI score0.01041EPSS
Exploits1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28719)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Notifications component. An attacker can exploit this...

8.1CVSS6.7AI score0.00251EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

Adobe Substance3D Stager Memory Misreference Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance3D Stager, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.3AI score0.00197EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29962)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00474EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.5 views

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28668)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

6.1CVSS6.8AI score0.00198EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Tenda AX3 get_parentControl_list_Info function stack buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the urls parameter in th...

7.5CVSS7.4AI score0.00362EPSS
Exploits1References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Adobe Pass Authentication Android SDK Incorrect Authorization Vulnerability

Adobe Pass Authentication Android SDK is a Java library for Android applications from the American company Audobee Adobe. The Adobe Pass Authentication Android SDK suffers from an incorrect authorization vulnerability that can be exploited by attackers to bypass security measures and gain...

7.1CVSS6.8AI score0.00228EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.6 views

Intel QAT Windows software out-of-bounds read vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. The Intel QAT Windows software has an out-of-bounds read vulnerability that originates from an...

5.7CVSS6.7AI score0.00099EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.5 views

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28642)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

5.5CVSS6.4AI score0.00194EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Intel QAT Windows software code issue vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A code issue vulnerability exists in Intel QAT Windows software that originates from an improper conditi...

4.8CVSS7AI score0.00112EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Intel QAT Windows software out-of-bounds write vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. An out-of-bounds write vulnerability exists in Intel QAT Windows software that originates from an...

7.8CVSS7AI score0.00116EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Intel QAT Windows software untrustworthy pointer dereference vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. An untrusted pointer dereference vulnerability exists in Intel QAT Windows software, which can be...

6.8CVSS6.7AI score0.00134EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Intel QAT Windows software buffer overflow vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. The Intel QAT Windows software has a buffer overflow vulnerability that originates from a buffer overflo...

6.8CVSS7.3AI score0.00126EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.12 views

Microsoft Office Code Execution Vulnerability (CNVD-2026-00028)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

7.8CVSS8.1AI score0.00743EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Tenda AC18 guestSsid Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the /goform/WifiGuestSet interface guestSsid parameter fails to correctly...

8.8CVSS8.4AI score0.00632EPSS
Exploits1References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Intel QAT Windows software null pointer dereference vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A null pointer dereference vulnerability exists in Intel QAT Windows software, which can be exploited by...

6.8CVSS6.7AI score0.00122EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

Adobe Substance3D Stager Out-of-Bounds Read Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

7.8CVSS7.2AI score0.00216EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.2 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-851224)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Intel CIP Elevation of Privilege Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from improper privilege management and can be exploited by an attacker to cause elevation of...

8.8CVSS7.2AI score0.00269EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.3 views

Adobe Format Plugins Memory Misreference Vulnerability

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from a memory misreference vulnerability that can be exploited by attackers to cause memory exposure and information disclosure...

5.5CVSS6.6AI score0.00198EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.7 views

Intel CIP elevation of privilege vulnerability (CNVD-2025-28465)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from mismanagement of privileges and can be exploited by an attacker to cause elevation of...

2.3CVSS7.2AI score0.00182EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.6 views

Tenda AX3 wlSetExternParameter function stack buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the wpapskcrypto paramet...

7.5CVSS7.4AI score0.00362EPSS
Exploits1References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.5 views

Adobe Format Plugins Out-of-Bounds Read Vulnerability

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that could be exploited by an attacker to cause code execution in the current user's environment...

7.8CVSS7.5AI score0.00241EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.4 views

Intel QAT Windows software buffer overflow vulnerability (CNVD-2025-30759)

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A buffer overflow vulnerability exists in the Intel QAT Windows software, which originates from a buffer...

6.6CVSS7.2AI score0.00117EPSS
Exploits0References1
cnvd
cnvd
added 2025/11/14 12:0 a.m.10 views

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28643)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

5.5CVSS6.4AI score0.00194EPSS
Exploits0References1
Total number of security vulnerabilities131179