Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/05/26 12:0 a.m.•2 views

Shanghai Lingdang Information Technology Co., Ltd.'s Lingdang CRM has a SQL injection vulnerability (CNVD-C-2026-242520).

Lingdang CRM is a CRM software developed by Shanghai Lingdang Information Technology Co., Ltd. It is suitable for small and medium-sized enterprises that primarily engage in sales and service businesses. Shanghai Lingdang Information Technology Co., Ltd.’s Lingdang CRM has a SQL injection...

6.1AI score
Exploits0
CNVD
CNVD
•added 2026/05/26 12:0 a.m.•2 views

Microsoft Office SharePoint code-related vulnerabilities

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a security vulnerability present in Microsoft Office SharePoint. Attackers can exploit this vulnerability to execute code via the network...

8.8CVSS7.2AI score0.03219EPSS
Exploits4
CNVD
CNVD
•added 2026/05/26 12:0 a.m.•2 views

Shenzhen Meikexing Communication Technology Co., Ltd.'s MW330R has a binary vulnerability

The MW330R is an 11N wireless broadband router. The MW330R from Shenzhen Meikexing Communication Technology Co., Ltd has a binary vulnerability that can be exploited by attackers to cause a denial-of-service attack...

6.1AI score
Exploits0
CNVD
CNVD
•added 2026/05/21 12:0 a.m.•2 views

Microsoft Malware Protection Engine heap buffer overflow vulnerability

The Microsoft Malware Protection Engine is a core component developed by Microsoft for malware protection, used to scan and detect malicious code. The Microsoft Malware Protection Engine has a heap buffer overflow vulnerability. This vulnerability arises from improper handling of input data,...

8.1CVSS6.4AI score0.00852EPSS
Exploits0
CNVD
CNVD
•added 2026/05/21 12:0 a.m.•3 views

Cisco Secure Workload Access Control Vulnerability

Cisco Secure Workload is a software product developed by Cisco, Inc., in the United States. It allows users to install software agents on their application workloads. Cisco Secure Workload has a security vulnerability related to access control. This vulnerability stems from insufficient access...

10CVSS7.4AI score0.00835EPSS
Exploits1
CNVD
CNVD
•added 2026/05/21 12:0 a.m.•6 views

Cisco ThousandEyes Enterprise Agent BrowserBot component has a command injection vulnerability

Cisco ThousandEyes Enterprise Agent is an enterprise network monitoring tool, primarily used for monitoring network performance and application experiences. The Cisco ThousandEyes Enterprise Agent has a command injection vulnerability. This vulnerability stems from insufficient validation of...

6.3CVSS6.9AI score0.00416EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•6 views

CouchCMS cross-site scripting vulnerability

CouchCMS is an open-source content management system CMS designed for designers. Version 2.2.1 of CouchCMS contains a cross-site scripting vulnerability. This vulnerability stems from the application’s lack of effective filtering and escaping of data provided by users. Attackers can exploit this...

5.4CVSS5.8AI score0.00172EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•13 views

Zyxel WRE6505 Access Control Vulnerability

The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains an access control vulnerability. This vulnerability stems from improper restrictions on the number of authentication attempts made by the web manageme...

6.5CVSS5.4AI score0.002EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•12 views

Siemens SIMATIC HMI Comfort Panels have undisclosed vulnerabilities

Siemens SIMATIC HMI Comfort Panels are touchscreen devices produced by the German company Siemens. Siemens SIMATIC HMI Comfort Panels have security vulnerabilities. These vulnerabilities stem from improper restrictions on access to web browsers through the control panel. Unauthorized attackers ca...

7.7CVSS5.5AI score0.00113EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•11 views

Siemens Teamcenter Cross-site Scripting Vulnerability

Siemens Teamcenter is a software application for product lifecycle management developed by the German company Siemens. Siemens Teamcenter has a cross-site scripting vulnerability. This vulnerability arises because the affected applications fail to properly encode or filter data provided by users...

8.5CVSS5.1AI score0.00192EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•9 views

Siemens RUGGEDCOM ROX parameter injection vulnerability

Siemens RUGGEDCOM ROX is a dedicated operating system developed by Siemens for its industrial communication devices. It primarily runs on RUGGEDCOM series of industrial Ethernet switches, routers, and multi-service platforms. Siemens RUGGEDCOM ROX has a parameter injection vulnerability; this...

6.8CVSS5.4AI score0.00286EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•3 views

Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco Catalyst SD-WAN Manager has an XML external entity injection vulnerability. This vulnerability stems from...

8.6CVSS7.4AI score0.00696EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•9 views

Zyxel NWA1100-N buffer overflow vulnerability

The Zyxel NWA1100-N is a wireless access point manufactured by the Chinese company Zyxel. The Zyxel NWA1100-N 1.00AACE.1C0 version contains a buffer overflow vulnerability. This vulnerability arises from insufficient validation of the length of input data in functions such as formWep, formWlAc,...

7.5CVSS5.8AI score0.00309EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•10 views

Siemens ROS# Path traversal vulnerability

Siemens ROS is a robot operating system communication framework based on C and .NET by the German company Siemens. Siemens ROS has a path traversal vulnerability, which arises from incorrect user input that leads to path traversal. Attackers can exploit this vulnerability to access any file on th...

9.3CVSS5.4AI score0.00487EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•3 views

Fortinet FortiNDR SQL injection vulnerability (CNVD-2026-25592)

Fortinet FortiNDR is a network detection and response solution provided by the American company Fortinet. Fortinet FortiNDR has a SQL injection vulnerability. This vulnerability stems from improper handling of special elements within SQL commands. Attackers can exploit this vulnerability to execu...

8.8CVSS6.2AI score0.00264EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•3 views

Fortinet FortiAP operating system command injection vulnerability (CNVD-2026-25589)

Fortinet FortiAP is a controller developed by the American company Fortinet, used for managing wireless access point devices. There are vulnerabilities related to operating system command injection in Fortinet FortiAP and FortiAP-W2. These vulnerabilities stem from improper neutralization of...

6.7CVSS6.8AI score0.00561EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•3 views

Fortinet FortiAuthenticator Access Control Vulnerability (CNVD-2026-25590)

Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. There is an access control vulnerability in Fortinet FortiAuthenticator. This vulnerability stems from improper access control; attackers can exploit this vulnerability to...

9.8CVSS7.5AI score0.00551EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•10 views

Siemens Teamcenter Trust Management Vulnerability

Siemens Teamcenter is a software application for product lifecycle management developed by the German company Siemens. Siemens Teamcenter has a vulnerability related to trust management. This vulnerability stems from the use of hardcoded keys for obfuscation. Attackers can exploit this...

8.7CVSS5.4AI score0.00287EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•9 views

Siemens Solid Edge stack buffer overflow vulnerability (CNVD-2026-23468)

Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Siemens Solid Edge has a stack buffer overflow vulnerability, which allows attackers to execute...

7.8CVSS6AI score0.00106EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•10 views

Siemens Solid Edge buffer overflow vulnerability (CNVD-2026-23467)

Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for part design, assembly design, sheet metal design, welding design, and other industries. Siemens Solid Edge has a buffer overflow vulnerability; this vulnerability stems from the lack of...

7.8CVSS6.1AI score0.00105EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•9 views

Kuicms PHP EE cross-site scripting vulnerability

Kuicms Php EE is a PHP enterprise website content management system developed by Kuicms Corporation. Version 2.0 of Kuicms Php EE contains a cross-site scripting vulnerability. This vulnerability stems from insufficient filtering and escaping of data provided by users. Attackers can exploit this...

7.2CVSS5.1AI score0.00311EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•9 views

Zyxel WRE6505 operating system command injection vulnerability

The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 has an operating system command injection vulnerability. This vulnerability arises from the CGI program’s failure to properly filter special characters and commands constructed in...

8.8CVSS5.7AI score0.01007EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•9 views

BloofoxCMS Cross-Site Request Forgery Vulnerability

BloofoxCMS is a PHP-based text content management system. The bloofoxCMS 0.5.2.1 version has a cross-site request forgeing vulnerability. This vulnerability arises from the WEB application not properly verifying whether the request comes from a trusted user. Attackers can exploit this vulnerabili...

6.9CVSS5.3AI score0.00146EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•6 views

Fortinet FortiOS buffer overflow vulnerability (CNVD-2026-25593)

Fortinet FortiOS is a security operating system developed by Fortinet, a US-based company, and specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content...

8.8CVSS7.6AI score0.00564EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•12 views

Siemens RUGGEDCOM operating system command injection vulnerability (CNVD-2026-23336)

Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...

9.1CVSS6AI score0.00543EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•9 views

Siemens RUGGEDCOM operating system command injection vulnerability

Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...

7.7CVSS6.2AI score0.00442EPSS
Exploits0
CNVD
CNVD
•added 2026/05/20 12:0 a.m.•5 views

Fortinet FortiMail SQL injection vulnerability (CNVD-2026-25591)

Fortinet FortiMail is a set of email security gateway products developed by the American company Fortinet. This product provides features such as email security protection and data protection. Fortinet FortiMail has a SQL injection vulnerability. This vulnerability stems from improper...

7.2CVSS6.2AI score0.00359EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•2 views

Microsoft SharePoint code vulnerability (CNVD-2026-26519)

Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...

8CVSS7.1AI score0.01977EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•2 views

Microsoft SharePoint code vulnerability (CNVD-2026-26520)

Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...

8.8CVSS7.1AI score0.01698EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•2 views

Microsoft Data Formulator code injection vulnerability

Microsoft Data Formulator is an AI data visualization and analysis tool developed by Microsoft Corporation in the United States, powered by large language models. There is a security vulnerability in Microsoft Data Formulator. Attackers can exploit this vulnerability to execute code remotely...

8.8CVSS7.2AI score0.00842EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•3 views

Textpattern CMS file upload vulnerability

Textpattern CMS is a content management system based on PHP. Version 4.8.7 of Textpattern CMS has a file upload vulnerability. This vulnerability arises from the lack of strict validation or filtering during file uploads by users. Attackers can exploit this vulnerability to execute arbitrary...

8.8CVSS6AI score0.00617EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•10 views

Mozilla Firefox Code Execution Vulnerability (CNVD-2026-23637)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a code execution vulnerability, which stems from errors in the JavaScript Engine’s JIT compilation process. Attackers can exploit this vulnerability to execute arbitrary cod...

8.8CVSS6.4AI score0.00331EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•7 views

Mozilla Firefox Memory Error Reference Vulnerability (CNVD-2026-23638)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a memory corruption vulnerability, which stems from JavaScript: the WebAssembly component responsible for releasing memory experiences confusion in its instructions. Attacke...

7.3CVSS6.1AI score0.0026EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•9 views

Mozilla Firefox has an unknown vulnerability (CNVD-2026-23639)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. There are security vulnerabilities in Mozilla Firefox, which stem from issues with the JavaScript Engine component. Currently, no detailed information about these vulnerabilities is available...

5.3CVSS5.3AI score0.00298EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•9 views

Microsoft M365 Copilot for Desktop has a deception vulnerability

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot for Desktop has a deception vulnerability, and attackers can exploit this vulnerability to carry out deceptive attacks...

6.2CVSS5.4AI score0.00363EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•10 views

Microsoft Office Exploitation Vulnerability (CNVD-2026-23631)

Microsoft Office is a suite of office software products developed by the American company Microsoft. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a deception vulnerability that attackers can exploit to carry out deceptive attacks...

7.7CVSS5.8AI score0.00222EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•9 views

Mozilla Firefox has an unknown vulnerability (CNVD-2026-23640)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. There is a security vulnerability in Mozilla Firefox, which stems from a sandbox escape in the Profile Backup component. Currently, no detailed details about this vulnerability are available...

9.8CVSS5.3AI score0.00313EPSS
Exploits0
CNVD
CNVD
•added 2026/05/18 12:0 a.m.•11 views

Microsoft Office Code Execution Vulnerability (CNVD-2026-23632)

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a code execution vulnerability, which allows attackers to execute arbitra...

7.8CVSS6.4AI score0.00437EPSS
Exploits0
CNVD
CNVD
•added 2026/05/14 12:0 a.m.•3 views

uBidAuction cross-site scripting vulnerability (CNVD-2026-26093)

uBidAuction is an auction website system operated by the uBidAuction company, which supports online auctions and product transaction management. uBidAuction has a cross-site scripting vulnerability. This vulnerability arises due to the incorrect handling of the datecreated, datefrom, dateto, and...

6.1CVSS5.9AI score0.00252EPSS
Exploits0
CNVD
CNVD
•added 2026/05/12 12:0 a.m.•3 views

Multiple Apple products have service denial vulnerabilities (CNVD-2026-26102)

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have service denial vulnerabilities;...

8.8CVSS6.2AI score0.00399EPSS
Exploits0
CNVD
CNVD
•added 2026/05/12 12:0 a.m.•3 views

Apple iOS and Apple iPadOS denial-of-service vulnerabilities

Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Both Apple iOS and Apple iPadOS have denial-of-service vulnerabilities, and attackers can exploit these vulnerabilities to cause denial of service...

7.5CVSS6AI score0.00461EPSS
Exploits0
CNVD
CNVD
•added 2026/05/12 12:0 a.m.•3 views

Apple iOS and Apple iPadOS security bypass vulnerabilities

Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Both Apple iOS and Apple iPadOS have security vulnerabilities that allow attackers to bypass application privacy report logging mechanisms...

7.5CVSS6AI score0.00308EPSS
Exploits0
CNVD
CNVD
•added 2026/05/11 12:0 a.m.•10 views

Linux kernel x25_queue_rx_frame function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a call to kfreeskb when allocskb fails in x25queuerxframe, which can be exploited b...

9.8CVSS5.8AI score0.00514EPSS
Exploits0
CNVD
CNVD
•added 2026/05/11 12:0 a.m.•10 views

Linux kernel smb_check_perm_dacl function out-of-bounds read vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability. The vulnerability stems from insufficient ACE size validation in the smbcheckpermdacl function of ksmbd, whic...

8.3CVSS5.8AI score0.00315EPSS
Exploits0
CNVD
CNVD
•added 2026/05/11 12:0 a.m.•8 views

Linux kernel netfilter nf_conntrack_helper function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from passing a NULL pointer when expecting cleanup in netfilter nfconntrackhelper, which...

7.8CVSS5.8AI score0.00126EPSS
Exploits0
CNVD
CNVD
•added 2026/05/11 12:0 a.m.•11 views

D-Link M60 License Issue Vulnerability

The D-Link M60 is a wireless routing device from China-based D-Link. An authorization issue vulnerability exists in D-Link M60 version 1.20B02 and prior versions, which stems from a weak password recovery issue in the file /usr/bin/httpd, and can be exploited by an attacker to cause...

8.1CVSS6.2AI score0.01097EPSS
Exploits1
CNVD
CNVD
•added 2026/05/11 12:0 a.m.•9 views

Linux kernel set_cig_params_sync function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from the setcigparamssync function in Bluetooth hciconn not locking hciconn, which can b...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
CNVD
CNVD
•added 2026/05/11 12:0 a.m.•11 views

Linux kernel sco_sock_connect function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a confusion in the instruction responsible for freeing memory in the scosockconnect...

7.8CVSS6.1AI score0.00097EPSS
Exploits0
CNVD
CNVD
•added 2026/05/11 12:0 a.m.•9 views

Linux kernel fuse_add_dirent_to_cache function buffer overflow vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. The vulnerability stems from the fuseadddirenttocache function not checking if the dirent size exceeds PAGESIZE, whi...

7.8CVSS6AI score0.00127EPSS
Exploits1
CNVD
CNVD
•added 2026/05/09 12:0 a.m.•9 views

Linux Kernel wilc1000 Integer Overflow Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a heap buffer overflow due to a u8 overflow in the wilc1000 wireless driver, which could lead to memory...

7.8CVSS6AI score0.00143EPSS
Exploits0
Total number of security vulnerabilities131179