Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress Content Writer plugin information disclosure vulnerability

WordPress Content Writer plugin is a WordPress plugin mainly used to help users efficiently manage the website content creation, providing convenient content generation and publishing functions. WordPress Content Writer plugin has an information disclosure vulnerability that originates from...

5.3CVSS6.1AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress Theme Importer plugin cross-site request forgery vulnerability

WordPress Theme Importer plugin is mainly used to import website content such as pages, menus, images, etc. from other platforms or websites into WordPress for quick migration or rebuilding of websites. The WordPress Theme Importer plugin suffers from a cross-site request forgery vulnerability,...

4.3CVSS6.9AI score0.00124EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Newforma Project Center Server Code Execution Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...

9.8CVSS8AI score0.00861EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

WordPress DocoDoco Store Locator plugin Arbitrary File Upload Vulnerability

WordPress DocoDoco Store Locator plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. The WordPress DocoDoco Store Locator plugin suffers from an arbitrary file upload vulnerability that stems from a lack of...

7.2CVSS8.1AI score0.00648EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

WordPress External Login plugin Information Disclosure Vulnerability

The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. An information disclosure vulnerability exists in the WordPress External Login plugin, which...

4.3CVSS6.7AI score0.00251EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•8 views

LibreNMS Cross-Site Scripting Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A cross-site scripting vulnerability exists in LibreNMS that stems from insufficient...

5.5CVSS6.1AI score0.11896EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•15 views

D-Link DI-7100G C1 Command Injection Vulnerability

The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a command injection vulnerability that originates from the parameter iface in the file /mspinfo.htm?flag=qos that fails to correctly filter...

7.2CVSS7.7AI score0.04755EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•35 views

Adobe Animate Null Pointer Dereference Vulnerability (CNVD-2025-24422)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a memory information disclosure...

5.5CVSS6.6AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/20 12:0 a.m.•7 views

HCL AION code execution vulnerability (CNVD-2026-16411)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a code execution vulnerability that is caused due to a flaw in the content security policy. An attacker can exploit the vulnerability to execute arbitrary scripts inline...

8.2CVSS6.5AI score0.00219EPSS
Exploits0
CNVD
CNVD
•added 2025/10/20 12:0 a.m.•4 views

DataEase SQL Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase /de2api/datasetData/tableField processing tableName parameter...

8.8CVSS8AI score0.00474EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/20 12:0 a.m.•54 views

Samba OS Command Injection Vulnerability

Samba is Samba open source a standard Windows interoperability program suite for Linux and Unix. Samba suffers from an operating system command injection vulnerability that stems from a lack of proper validation or escaping of NetBIOS names in front-end WINS hook processing, which could lead to...

10CVSS7.8AI score0.39858EPSS
Exploits2References1
CNVD
CNVD
•added 2025/10/20 12:0 a.m.•4 views

DataEase H2 JDBC Injection Code Execution Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...

8.8CVSS8.1AI score0.00936EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/20 12:0 a.m.•4 views

DataEase DB2/MongoDB JNDI Code Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

8.2CVSS8.1AI score0.00402EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/20 12:0 a.m.•5 views

HCL AION Information Disclosure Vulnerability (CNVD-2026-16412)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to gain access to cached data information...

7.5CVSS5.7AI score0.00223EPSS
Exploits0
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

WordPress The Plus Addons for Elementor plugin cross-site scripting vulnerability

WordPress The Plus Addons for Elementor plugin is a plugin designed specifically for the Elementor page builder, offering over 120 custom widgets and extensions and more than 1000 pre-designed templates. A cross-site scripting vulnerability exists in WordPress The Plus Addons for Elementor plugin...

6.8CVSS6.3AI score0.00287EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Centreon Web SQL Injection Vulnerability (CNVD-2025-24418)

Centreon Web is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. A security vulnerability exists in Centreon Web, which originates from an SQL injection on the Meta...

7.2CVSS7.9AI score0.00381EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Fortinet FortiClientMac Code Injection Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code injection vulnerability exists in Fortinet FortiClientMac, which stems from the application's failure to properly filter special elements of constructed snippets, and can be exploited by an...

7.1CVSS9.6AI score0.00256EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24268)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.00768EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

ASUS Armoury Crate Stack Buffer Overflow Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a stack buffer overflow vulnerability that can be exploited by attackers to cause a system crash or other undefined execution...

6.8CVSS7.5AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

UTT Progressive 518G Buffer Overflow Vulnerability (CNVD-2026-00803)

The UTT Progress 518G is an enterprise-class router designed for small and medium-sized business office environments, focusing on multi-WAN port access and stable performance. UTT Enterprise 518G suffers from a buffer overflow vulnerability, which originates from the parameter txtMin2 in the file...

9CVSS8.2AI score0.00772EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Automated Voting System add_candidate_modal.php File SQL Injection Vulnerability

Automated Voting System is an automated voting system. Automated Voting System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter firstname in file /admin/addcandidatemodal.php for externally entered SQL statements. An attacker can exploit this...

8.8CVSS8.3AI score0.00386EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Automated Voting System update_user.php File SQL Injection Vulnerability

Automated Voting System is an automated voting system. Automated Voting System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Password in the file /admin/updateuser.php. An attacker can exploit this...

7.2CVSS8.3AI score0.00401EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2025-26722)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An elevation of privilege vulnerability exists in Microsoft Exchange Server, which can be exploit...

8.4CVSS7.1AI score0.0033EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

Microsoft Inbox COM Objects Code Execution Vulnerability (CNVD-2025-25713)

Microsoft Inbox COM Objects is a built-in COM component of the Windows operating system from the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Inbox COM Objects, which can be exploited by an attacker to execute arbitrary code...

7CVSS7.9AI score0.00327EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24267)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.00774EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

F5 BIG-IP SSL/TLS Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial of service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when the...

8.7CVSS6.7AI score0.00414EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Rockwell Automation Comms-1783-NATR Cross-Site Scripting Vulnerability

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR is vulnerable to a cross-site scripting vulnerability that is caused by improper validation of user-supplied input. An attacker could exploit...

8.5CVSS6.2AI score0.00244EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Mozilla Firefox and Mozilla Thunderbird Memory Misreference Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A memory misreference vulnerability exists in Mozilla Firefox and Mozilla...

9.8CVSS6.5AI score0.00331EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Adobe Connect Open Redirect Vulnerability

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect has an open redirection vulnerability that can be exploited by an attacker to cause users to be redirected to a malicious website...

6.1CVSS6.8AI score0.00268EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24448)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00355EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Microsoft Inbox COM Objects Code Execution Vulnerability

Microsoft Inbox COM Objects is a built-in COM component of the Windows operating system from the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Inbox COM Objects, which can be exploited by an attacker to execute arbitrary code on a system...

7CVSS8AI score0.00327EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•55 views

Microsoft Excel Resource Management Error Vulnerability

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel, which can be exploited by an attacker to remotely execute code...

7.8CVSS6.9AI score0.00355EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•9 views

Unspecified Vulnerability in Adobe Substance3D Viewer (CNVD-2025-24166)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. A security vulnerability exists in Adobe Substance3D Viewer 0.25.2 and earlier versions, which can be exploited by an attacker to cause arbitrary code execution in the current us...

7.8CVSS7.7AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24263)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.00774EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Unspecified Vulnerability in Microsoft Windows (CNVD-2025-24420)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by an attacker to gain elevated privileges...

7.8CVSS7AI score0.00393EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

WordPress SureForms plugin information disclosure vulnerability

WordPress SureForms plugin is a visual form builder plugin designed for WordPress , support drag and drop operation , no programming foundation to quickly build responsive forms . An information disclosure vulnerability exists in the WordPress SureForms plugin, which stems from improper access...

4.3CVSS6.2AI score0.00237EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Out-of-bounds write vulnerability in multiple Mozilla products (CNVD-2025-24625)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. An...

9.8CVSS7.7AI score0.00394EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Mozilla Firefox Spoofing Vulnerability (CNVD-2025-24624)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a spoofing vulnerability, which is caused due to an error in the Customization tab. An attacker can exploit this vulnerability to conduct spoofing attacks...

8.1CVSS6.6AI score0.0025EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Mozilla Firefox Spoofing Vulnerability (CNVD-2025-24623)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a spoofing vulnerability, which is caused by a response to a visibilitychange event. An attacker can exploit this vulnerability to conduct spoofing attacks...

6.5CVSS6.6AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-24633)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to bypass security restrictions...

9.1CVSS6.6AI score0.0025EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Mozilla Firefox and Mozilla Thunderbird Security Bypass Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security bypass vulnerability exists in Mozilla Firefox and Mozilla Thunderbird,...

6.5CVSS6.5AI score0.00219EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Code execution vulnerability in multiple Mozilla products (CNVD-2025-24621)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

8.8CVSS7.8AI score0.00306EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24631)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

6.5CVSS6.7AI score0.00215EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24261)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.00769EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24450)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

8.8CVSS8.4AI score0.02296EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•7 views

Microsoft Windows Server Remote Code Execution Vulnerability (CNVD-2025-26108)

Microsoft Windows Server is a set of server operating systems from the American company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows Server, which can be exploited by an attacker to execute arbitrary code on a target system by sending a specially crafted...

9.8CVSS9.7AI score0.99962EPSS
Exploits24References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

Centreon Command Injection Vulnerability (CNVD-2025-24650)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon suffers from a command injection vulnerability that stems from the application's failure to...

7.2CVSS7.8AI score0.13843EPSS
Exploits2References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•8 views

F5 BIG-IP SSL/TLS Profile Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when configuring a...

8.7CVSS6.7AI score0.00429EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Microsoft Exchange Server Spoofing Vulnerability (CNVD-2025-26718)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers...

7.5CVSS6.7AI score0.00943EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•9 views

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-24163)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

8.1CVSS6AI score0.00564EPSS
Exploits0References1
Total number of security vulnerabilities131179