Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Adobe Animate Out-of-Bounds Read Vulnerability (CNVD-2025-24423)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a memory information leak...

5.5CVSS6.6AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Unspecified Vulnerability in Adobe Creative Cloud Desktop

Adobe Creative Cloud Desktop is a suite of applications for managing applications and services in the Creative Cloud Member Management Center from the American company Audobee Adobe. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...

5.6CVSS6.9AI score0.00133EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Adobe Animate Memory Misreference Vulnerability (CNVD-2025-24424)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Animate, which can be exploited by an attacker to cause arbitrary code to be executed in the current user environment...

7.8CVSS7.2AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•2 views

WordPress Ova Advent plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ova Advent plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

6.4CVSS6AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress Lisfinity Core plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...

7.3CVSS7.2AI score0.00213EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Adobe Animate heap buffer overflow vulnerability (CNVD-2025-24421)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution in the current user environment...

7.8CVSS8.1AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

WordPress Outdoor plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Outdoor plugin suffers from a SQL injection vulnerability that stems from a lack of validation of the edit parameter. An attacker can exploit this vulnerability to...

7.5CVSS8.2AI score0.0035EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress Task Scheduler plugin server-side request forgery vulnerability

WordPress Task Scheduler plugin is mainly used to manage and optimize the timed tasks in WordPress such as update checking, cache cleaning, etc., common plugins include WP-Crontrol and WPCron. WordPress Task Scheduler plugin has a server-side request forgery vulnerability, the vulnerability stems...

4.4CVSS7AI score0.00222EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress Binary MLM Plan plugin elevation of privilege vulnerability

WordPress Binary MLM Plan plugin is a WordPress plugin designed for network marketing, mainly used to simplify the operational process of multi-level marketing MLM business. WordPress Binary MLM Plan plugin suffers from an elevation of privilege vulnerability that stems from the bmpuser role...

6.5CVSS7AI score0.00317EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress Quick Social Login plugin cross-site scripting vulnerability

WordPress Quick Social Login plugin is a plugin that allows users to quickly log in or sign up through social media accounts such as Facebook, Google, Twitter, LinkedIn, Slack and WordPress.com. The WordPress Quick Social Login plugin suffers from a cross-site scripting vulnerability that stems...

6.4CVSS6.1AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•2 views

WordPress Digiseller plugin cross-site scripting vulnerability

WordPress Digiseller plugin is a plugin that is mainly used to help users integrate digital merchandising features in their websites. A cross-site scripting vulnerability exists in the WordPress Digiseller plugin, which stems from a lack of effective filtering and escaping of the ds shortcode, an...

6.4CVSS6.1AI score0.0028EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•2 views

WordPress Keyy Two Factor Authentication plugin Privilege Escalation Vulnerability

WordPress Keyy Two Factor Authentication plugin is a plugin for enhancing the login security of your website. A privilege escalation vulnerability exists in the WordPress Keyy Two Factor Authentication plugin, which can be exploited by an attacker to cause an elevation of privilege, due to a...

8.8CVSS7AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•2 views

WordPress Dynamically Display Posts plugin SQL Injection Vulnerability

WordPress Dynamically Display Posts plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. WordPress Dynamically Display Posts plugin suffers from a SQL injection vulnerability that stems from a lack of...

7.5CVSS8AI score0.004EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

WordPress TARIFFUXX plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...

6.5CVSS8.3AI score0.00287EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

WordPress TopBar plugin cross-site request forgery vulnerability

WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...

4.3CVSS6.8AI score0.00156EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress onOffice for WP-Websites plugin SQL Injection Vulnerability

WordPress onOffice for WP-Websites plugin is a WordPress plugin developed by onOfficeGmbH that is mainly used to integrate listings, addresses or forms from real estate management software such as onOffice into a WordPress website, supports shortcode flexible design and allows for Generate...

4.9CVSS8.2AI score0.00344EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•2 views

WordPress Dhivehi Text plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Dhivehi Text plugin, which stems from a lack of effective filtering and escaping of dhivehi short code, and can be...

6.4CVSS6.1AI score0.00219EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Adobe Bridge heap buffer overflow vulnerability (CNVD-2025-24426)

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

7.8CVSS7.7AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

D-Link DI-7100G C1 openid parameter buffer overflow vulnerability

The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter openid in the file /webchat/login.cgi failing to properly validate the length an...

9.8CVSS8.2AI score0.00919EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress Demo Import Kit plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress Demo Import Kit plugin, which stems from a lack of file type validation in the import function and can be exploite...

7.2CVSS8.2AI score0.00648EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•20 views

WordPress External Login plugin SQL Injection Vulnerability

The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. WordPress External Login plugin is prone to SQL injection vulnerability, which is caused by...

7.5CVSS8.2AI score0.00373EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•20 views

IBM Planning Analytics Local Cross-Site Scripting Vulnerability

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. IBM Planning Analytics Local suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

5.4CVSS4.6AI score0.00175EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

WordPress OwnID Passwordless Login plugin authentication bypass vulnerability

WordPress OwnID Passwordless Login plugin is a WordPress plugin for passwordless login function, by sending a one-time authorization code to the user's email or cell phone to complete the verification. An authentication bypass vulnerability exists in the WordPress OwnID Passwordless Login plugin,...

9.8CVSS7.3AI score0.00765EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

IBM Transformation Extender Advanced Weak Password Vulnerability

IBM Transformation Extender Advanced A data transformation, validation and standardization tool software from International Business Machines Corporation. IBM Transformation Extender Advanced suffers from a weak password vulnerability that stems from not requiring users to use strong passwords by...

7.5CVSS6.9AI score0.00255EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

OpenEXR has an unspecified vulnerability (CNVD-2025-24791)

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in OpenEXR that can be exploited by attackers to cause a buffer overflow...

8.7CVSS7.1AI score0.00171EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•2 views

ChurchCRM Authentication Error Vulnerability

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions have an authentication error vulnerability that stems from a lack of authentication in the AuthMiddleware function in the API Endpoint component, which can be exploited by an attacker ...

9.8CVSS7AI score0.00555EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•7 views

OpenEXR has an unspecified vulnerability (CNVD-2025-24790)

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in versions prior to OpenEXR 8.0, which can be exploited by an attacker to cause heap memory corruption...

8.7CVSS6.8AI score0.00155EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability (CNVD-2025-26897)

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code on the system or cause a system crash...

7.8CVSS8AI score0.00155EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Opencast Information Disclosure Vulnerability (CNVD-2025-24789)

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. A security vulnerability exists in Opencast versions prior to 17.8 and prior to 18.2, which can be exploited by attackers to cause accidental distribution...

4.3CVSS6.7AI score0.00274EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24706)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...

7.1CVSS6.8AI score0.00115EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

NVIDIA Display Driver Code Issue Vulnerability

NVIDIA Display Driver is a graphics card driver from NVIDIA. A security vulnerability exists in NVIDIA Display Driver, which can be exploited by attackers to cause denial of service, elevation of privilege, code execution, and data manipulation...

8.2CVSS6.9AI score0.00167EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•41 views

Unspecified Vulnerability in HCL AION (CNVD-2025-25409)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a script whitelist configuration bypass and a misconfigured Content-Security-Policy header, which can be exploited by an attacker to cause cross-site scripting and other...

6.1CVSS6.7AI score0.00188EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

WordPress Oceanpayment CreditCard Gateway plugin Access Control Error Vulnerability

WordPress Oceanpayment CreditCard Gateway plugin is a plugin for integrating credit card payments in your WordPress website, which enables transactions through the payment gateway provided by Oceanpayment. The WordPress Oceanpayment CreditCard Gateway plugin suffers from an Access Control Error...

5.3CVSS7AI score0.00316EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Unspecified Vulnerability in HCL AION

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...

7.5CVSS6.8AI score0.0014EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25886)

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center Server suffers from an information...

6.3CVSS6.1AI score0.00347EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Newforma Project Center Server Directory Traversal Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A directory traversal vulnerability exists in Newforma Project...

6.4CVSS6.8AI score0.00378EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25888)

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...

8.2CVSS6.3AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Newforma Project Center Server Open Redirect Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An open redirection vulnerability exists in Newforma Project...

6.1CVSS6.6AI score0.00198EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Newforma Project Center Server Information Disclosure Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...

6CVSS6.1AI score0.00305EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Microsoft Azure Cache for Redis Enterprise Elevation of Privilege Vulnerability

Microsoft Azure Cache for Redis Enterprise is an in-memory caching service from Microsoft Corporation, USA. An elevation of privilege vulnerability exists in Microsoft Azure Cache for Redis Enterprise, which can be exploited by an attacker to gain elevated privileges on the system...

8.7CVSS7.3AI score0.00613EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Microsoft 365 Copilot Business Chat Spoofing Vulnerability (CNVD-2025-25468)

Microsoft 365 Copilot Business Chat is an AI chat software from Microsoft Corporation, USA. Microsoft 365 Copilot Business Chat has a spoofing vulnerability that can be exploited by attackers to cause spoofing attacks...

9.3CVSS6.8AI score0.00529EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

SAMSUNG Notes Out-of-Bounds Write Vulnerability

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to write to out-of-bounds memory...

5.5CVSS7.1AI score0.00113EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•6 views

IBM Standards Processing Engine Deserialization Vulnerability

IBM Standards Processing Engine Ibm Transformation Extender Advanced is a document conversion software from International Business Machines IBM. Used to automatically convert and validate large amounts of data. IBM Standards Processing Engine suffers from a deserialization vulnerability that stem...

9.8CVSS6.9AI score0.00633EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

OpenEXR has an unspecified vulnerability (CNVD-2025-24792)

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in versions prior to OpenEXR 8.0, which can be exploited by an attacker to cause an out-of-bounds write...

6.9CVSS6.8AI score0.0016EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability (CNVD-2025-26898)

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code on the system or cause a system crash...

7.8CVSS8AI score0.00173EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Unspecified Vulnerability in Wireshark (CNVD-2025-24785)

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark has a security vulnerability that can be exploited by an attacker to cause a denial of...

5.5CVSS6.8AI score0.00113EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25476)

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...

8.2CVSS6.2AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•6 views

D-Link Nuclias Connect Cross-Site Scripting Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

5.4CVSS6.2AI score0.00501EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

WordPress Find And Replace content plugin cross-site scripting vulnerability

WordPress Find And Replace content plugin is a plugin used to batch find and replace the specified text in the website content, mainly used to solve the problem of batch modification in the website content update demand. A cross-site scripting vulnerability exists in the WordPress Find And Replac...

7.2CVSS6.2AI score0.00265EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25862)

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information IELTS vulnerability exists in Newforma Project...

5.3CVSS6.8AI score0.00074EPSS
Exploits0References1
Total number of security vulnerabilities131179