Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability (CNVD-2025-26898)

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code on the system or cause a system crash...

7.8CVSS8AI score0.00173EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Unspecified Vulnerability in Wireshark (CNVD-2025-24785)

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark has a security vulnerability that can be exploited by an attacker to cause a denial of...

5.5CVSS6.8AI score0.00113EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25476)

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...

8.2CVSS6.2AI score0.00353EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•6 views

D-Link Nuclias Connect Cross-Site Scripting Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

5.4CVSS6.2AI score0.00501EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

WordPress Find And Replace content plugin cross-site scripting vulnerability

WordPress Find And Replace content plugin is a plugin used to batch find and replace the specified text in the website content, mainly used to solve the problem of batch modification in the website content update demand. A cross-site scripting vulnerability exists in the WordPress Find And Replac...

7.2CVSS6.2AI score0.00265EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

D-Link Nuclias Connect Observable Response Discrepancy Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. An observable response difference vulnerability exists in D-Link Nuclias Connect that stems from an...

6.9CVSS7AI score0.00954EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•6 views

Newforma Project Center Server Code Execution Vulnerability (CNVD-2025-25871)

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...

8.8CVSS7.5AI score0.00504EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Unspecified Vulnerability in IBM Aspera Faspex

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 that stems from a cross-domain policy file containing domains that shoul...

5.3CVSS6.8AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability (CNVD-2025-26899)

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code on the system or cause a system crash...

7.8CVSS8AI score0.00155EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

D-Link Nuclias Connect Directory Traversal Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. A directory traversal vulnerability exists in D-Link Nuclias Connect, which stems from improper cleanup ...

7.2CVSS7.1AI score0.00606EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•2 views

IBM Transformation Extender Advanced Logout Without Disabling Session Vulnerability

IBM Transformation Extender Advanced A data transformation, validation and standardization tool software from International Business Machines Corporation. IBM Transformation Extender Advanced suffers from a Logout Without Disabling Session vulnerability, which can be exploited by an attacker to...

8.8CVSS6.6AI score0.00204EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

D-Link DI-7100G C1 popupId parameter buffer overflow vulnerability

The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter popupId in the file /webchat/hiblock.asp failing to properly validate the length...

9CVSS8.2AI score0.00881EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

IBM Aspera Faspex Input Validation Error Vulnerability

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. IBM Aspera Faspex has an input validation error vulnerability that stems from improper API input validation, which can be exploited by an attacker to cause a...

4.9CVSS6.7AI score0.00299EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

SAMSUNG Notes Information Disclosure Vulnerability

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes has an information disclosure vulnerability that can be exploited by an attacker to access shared notes...

4CVSS6.3AI score0.00105EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24703)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...

7.1CVSS6.8AI score0.00115EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Mongoose Buffer Overflow Vulnerability

Mongoose is a MongoDB object modeling designed to work in an asynchronous environment. Mongoose suffers from a buffer overflow vulnerability that stems from a boundary error when the application processes untrusted input, which can be exploited by an attacker to cause an application crash or buff...

7.5CVSS7.5AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Opencast Cross-Site Scripting Vulnerability

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. Opencast suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

5.4CVSS6.2AI score0.00198EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Unspecified vulnerability in SAMSUNG Mobile devices (CNVD-2025-24784)

SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2025 Release 1, which can be exploited by attackers to cause...

7.8CVSS6.6AI score0.00118EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

DELL PowerScale OneFS License Bypass Vulnerability

DELL PowerScale OneFS is Dell's horizontally scalable clustered file system designed to manage unstructured data and support enterprise-class storage capabilities. An authorization bypass vulnerability exists in DELL PowerScale OneFS that originates from a user control key leading to authorizatio...

4.4CVSS6.8AI score0.00119EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•6 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29155)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from unrestricted resource allocation ...

10CVSS6.9AI score0.00345EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•6 views

Unspecified Vulnerability in Apache StreamPark (CNVD-2025-24728)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark has a security vulnerability that can be exploited by attackers to cause confidentiality, integrity and availability to be compromised...

7.3CVSS6.9AI score0.00517EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

IBM Transformation Extender Advanced Improper Access Control Vulnerability

IBM Transformation Extender Advanced A data transformation, validation and standardization tool software from International Business Machines Corporation. IBM Transformation Extender Advanced suffers from an Improper Access Control Vulnerability, no details of the vulnerability are available at...

6.2CVSS6.8AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•10 views

Apache Spark Encryption Problem Vulnerability (CNVD-2025-25376)

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...

6.5CVSS6.9AI score0.0022EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

D-Link DIR-816A2 Buffer Overflow Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-816A2 FWv1.10CNB05 version, which originates from the statuscheckpppoeuser parameter in the dirsetWanWifi function that fails to correctly validate the length and size of the input...

7.5CVSS8.1AI score0.05336EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•7 views

ZenML Input Validation Error Vulnerability

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. An input validation error vulnerability exists in ZenML version 0.83.1, which stems from the failure of the PathMaterializer class to effectively detect...

7.8CVSS7.4AI score0.00334EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

WordPress Library Management System plugin unauthorized data modification vulnerability

The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...

4.3CVSS6.7AI score0.00219EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•6 views

IBM Transformation Extender Advanced Log Message Disclosure Vulnerability

IBM Transformation Extender Advanced is a data transformation, validation and standardization tool software from International Business Machines IBM. IBM Transformation Extender Advanced suffers from a log information disclosure vulnerability that originates from storing sensitive information in ...

4.4CVSS6.1AI score0.00108EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that is caused by incorrect boundary checking. An attacker could exploit the vulnerability to execute arbitrary code on the system or...

7.8CVSS8.2AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Fortinet FortiDLP Path Traversal Vulnerability

Fortinet FortiDLP is a data leakage prevention software from the American company Fita Fortinet. Fortinet FortiDLP suffers from a path traversal vulnerability, which stems from the program failing to properly filter special elements in the path of a resource or file, and can be exploited by an...

7.8CVSS7.1AI score0.002EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability (CNVD-2025-26912)

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...

7.8CVSS8.2AI score0.00195EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Flowise File Upload Vulnerability (CNVD-2025-24788)

Flowise is a FlowiseAI open source tool for easily building LLM applications. A file upload vulnerability exists in Flowise version 3.0.7, which stems from a file upload process that does not validate the file extension, MIME type, or file content, and can be exploited by an attacker to cause...

8.8CVSS8.1AI score0.10036EPSS
Exploits2References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Unspecified vulnerability in SAMSUNG Mobile devices (CNVD-2025-24783)

SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2025 Release 1, which can be exploited by attackers to cause...

7.5CVSS6.6AI score0.00274EPSS
Exploits2References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

HCL AION Information Disclosure Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability due to a missing or insecure "X-Content-Type-Options" header flaw. An attacker could exploit this vulnerability to obtain credentials or system information...

7.5CVSS6.2AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Fortinet FortiDLP Log Information Disclosure Vulnerability

Fortinet FortiDLP is a data leakage prevention software from the American company Fita Fortinet. Fortinet FortiDLP suffers from a log information disclosure vulnerability that originates from the insertion of sensitive information into a log file, which can be exploited by an attacker to cause...

4.4CVSS6.2AI score0.00149EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

HCL AION Information Disclosure Vulnerability (CNVD-2025-25461)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has an information disclosure vulnerability that can be exploited by attackers to cause unauthorized access...

7.5CVSS6.4AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24704)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...

7.1CVSS6.8AI score0.00115EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

D-Link DI-7001 MINI OS Command Injection Vulnerability

D-Link DI-7001 MINI is a multi-functional intelligent gateway from China AUO D-Link. The D-Link DI-7001 MINI suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

9.8CVSS8.5AI score0.04033EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•6 views

Newforma Project Center Server Code Execution Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...

9.8CVSS7.9AI score0.00789EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Emlog Cross-Site Scripting Vulnerability (CNVD-2025-24787)

Emlog is a PHP and MySQL based CMS builder. Emlog 2.5.21 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the email template settings, an attacker can exploit this vulnerability by...

7.6CVSS6.5AI score0.00227EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress BlindMatrix e-Commerce plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...

5.5CVSS6.7AI score0.00243EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Unspecified Vulnerability in Newforma Project Center Server

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A security vulnerability exists in Newforma Project Center Serve...

5.3CVSS6.8AI score0.0033EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•2 views

WordPress plugin WP BookWidgets cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP BookWidgets cross-site scripting vulnerability , the vulnerability stems fr...

6.4CVSS6.3AI score0.00283EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•25 views

Unspecified Vulnerability in HCL MyXalytics

HCL MyXalytics is an analytics software product from HCL India. It is used for performing data analysis and other related tasks. A security vulnerability exists in HCL MyXalytics, which arises from loading third-party scripts without integrity checking or validation, and can be exploited by an...

3.1CVSS7AI score0.00175EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•7 views

Microsoft 365 Copilot Business Chat Spoofing Vulnerability

Microsoft 365 Copilot Business Chat is an AI chat software from Microsoft Corporation, USA. Microsoft 365 Copilot Business Chat has a spoofing vulnerability that can be exploited by attackers to cause spoofing attacks...

9.3CVSS6.8AI score0.00533EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

WordPress Felan Framework plugin unauthorized data modification vulnerability

The WordPress Felan Framework plugin is a plugin with security vulnerabilities, mainly related to authentication issues. WordPress Felan Framework plugin has an unauthorized data modification vulnerability that stems from a lack of permission checking in the processpluginactions function, which c...

5.3CVSS7AI score0.00295EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

Unspecified Vulnerability in Mattermost (CNVD-2025-24795)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that can be exploited by an attacker to cause guest users to add arbitrary team members to their private channels via the...

4.3CVSS7AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

WordPress Classified Pro plugin Unauthorized Plugin Installation Vulnerability

WordPress Classified Pro plugin is a plugin for quickly creating a classified ad section on a WordPress website, supporting different scenarios of listings management such as automotive, second-hand trading, etc., and providing features such as searching, ad space configuration, and text...

8.8CVSS7.9AI score0.00597EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

IBM Aspera Information Disclosure Vulnerability (CNVD-2025-25473)

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera that stems from an observable difference in the returned data, which can be exploited by an...

4.3CVSS6.2AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Adobe Bridge heap buffer overflow vulnerability (CNVD-2025-24425)

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

5.5CVSS6.9AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Newforma Project Center Server Cross-Site Scripting Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center suffers from a cross-site scripting...

5.5CVSS6.2AI score0.00201EPSS
Exploits0References1
Total number of security vulnerabilities131179