Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Microsoft Windows SMB Client Authorization Issues Vulnerability

Microsoft Windows SMB Client is a Microsoft application. An SMB client. Microsoft Windows SMB Client has a security vulnerability that can be exploited by attackers to tamper with information...

3.1CVSS6.8AI score0.00424EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2025-29351)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by attackers to elevate privileges...

7.8CVSS6.8AI score0.00255EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Ivanti Endpoint Manager SQL Injection Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a SQL injection...

6.5CVSS8.1AI score0.0162EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

ASUS Armoury Crate Null Pointer Dereference Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a null pointer dereference vulnerability that can be exploited by attackers to cause a system crash...

6.8CVSS6.8AI score0.00124EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

WordPress Simple SEO plugin cross-site scripting vulnerability

WordPress Simple SEO plugin is an SEO optimization tool designed based on the SimpleTags plugin, which is mainly used to help users simplify search engine optimization SEO operations. WordPress Simple SEO plugin suffers from a cross-site scripting vulnerability that stems from the application's...

6.1CVSS6.2AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

D-Link DAP-2695 Operating System Command Injection Vulnerability

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. The D-Link DAP-2695 version 2.00RC131 suffers from an operating system command injection vulnerability, which originates from the failure of the function fwupdatermain of the component Firmware Upda...

9.8CVSS7.8AI score0.06812EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Rockwell Automation Comms-1783-NATR Cross-Site Request Forgery Vulnerability

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to cause a specially crafted link to trick a...

7CVSS6.9AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2025-24630)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. An...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

F5 BIG-IP iHealth Tool Privilege Bypass Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A privilege bypass vulnerability exists in the BIG-IP's iHealth tool a module of the TMOS Shell. The vulnerability occurs...

9.1CVSS6.9AI score0.00367EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

Unspecified Vulnerability in Microsoft Windows (CNVD-2025-24644)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by attackers to remotely execute code...

8.8CVSS6.9AI score0.01832EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

F5 BIG-IP IPsec Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the IPsec module of BIG-IP, which can be exploited to cause the termination of the...

8.7CVSS6.7AI score0.00348EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A memory corruption vulnerability exists in the Explicit Forward Proxy module of the BIG-IP SSL Orchestrator. The vulnerabilit...

8.7CVSS6.9AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•8 views

IBM MQ Denial of Service Vulnerability (CNVD-2026-19183)

IBM MQ is a leading enterprise-class messaging middleware designed for cross-platform asynchronous communication. It uses a queuing mechanism to ensure reliable and secure data transfer between applications and supports integration in heterogeneous environments. A denial of service vulnerability...

7.5CVSS5.8AI score0.00506EPSS
Exploits0
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•14 views

Code execution vulnerability in multiple Mozilla products (CNVD-2025-24628)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

8.1CVSS7.8AI score0.00334EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2025-24205)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

7.8CVSS7.3AI score0.00206EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Ivanti Endpoint Manager SQL Injection Vulnerability

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.00768EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Mozilla Firefox and Mozilla Thunderbird Code Execution Vulnerability (CNVD-2025-24627)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A code execution vulnerability exists in Mozilla Firefox and Mozilla Thunderbird,...

9.8CVSS7.8AI score0.0034EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Fortinet FortiClientMAC Resource Management Error Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. Fortinet FortiClientMAC has a resource management error vulnerability that stems from improper allocation of critical resource permissions, which can be exploited by an attacker to cause a local...

7.8CVSS7.2AI score0.00119EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-24395)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...

7.1CVSS6.1AI score0.00612EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Microsoft Word Code Execution Vulnerability (CNVD-2025-26721)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

7CVSS8AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

Microsoft Graphics Component Elevation of Privilege Vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component that can be exploited by an attacker to elevate privileges...

7CVSS6.8AI score0.00178EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24262)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.00775EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24447)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00419EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24269)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.00768EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2025-24622)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A memor...

9.8CVSS7.5AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•2 views

Code execution vulnerability in multiple Mozilla products (CNVD-2025-24626)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

8.8CVSS7.8AI score0.00313EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•7 views

Microsoft Office Denial of Service Vulnerability (CNVD-2025-24415)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A denial of service vulnerability exists in Microsoft Office, which can be exploited by attackers to cause...

5.5CVSS6.6AI score0.00391EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

WordPress Felan Framework Improper Authentication Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...

9.8CVSS6.8AI score0.00572EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24264)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.00769EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24265)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.01618EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Cross-site scripting vulnerability in multiple Mozilla products (CNVD-2025-24632)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

6.1CVSS6.2AI score0.00256EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Rockwell Automation 1715-AENTR EtherNet/IP Adapter Denial of Service Vulnerability

The Rockwell Automation 1715-AENTR EtherNet/IP Adapter is a redundant Ethernet adapter module from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation 1715-AENTR EtherNet/IP Adapter, which stems from improper handling of specially crafted payloads by CIP...

7.7CVSS6.8AI score0.003EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•3 views

Adobe Connects Cross-Site Scripting Vulnerability (CNVD-2025-24428)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in a victim's browser...

9.3CVSS6.3AI score0.00557EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Rockwell Automation 1715-AENTR EtherNet/IP Adapter Denial of Service Vulnerability (CNVD-2025-24581)

The Rockwell Automation 1715-AENTR EtherNet/IP Adapter is a redundant Ethernet adapter module from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation 1715-AENTR EtherNet/IP Adapter, which can be exploited by an attacker to cause a web server to crash...

7.7CVSS6.8AI score0.0031EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

F5 BIG-IP TMM Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in BIG-IP's TMM Traffic Management Microkernel module, which arises because specific...

8.2CVSS6.8AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Adobe Dimension Memory Misreference Vulnerability (CNVD-2025-24255)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. A memory misreference vulnerability exists in Adobe Dimension, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

7.8CVSS7.7AI score0.00215EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•8 views

F5 BIG-IP TMM Data Tampering Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A data tampering vulnerability exists in the TMM module of BIG-IP, which arises because undisclosed traffic can lead to data...

6.3CVSS7AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•6 views

Rockwell Automation PanelView Plus 7 Performance Series B Authentication Bypass Vulnerability

Rockwell Automation PanelView Plus 7 Performance Series B is a versatile HMI application from Rockwell Automation. An authentication bypass vulnerability exists in Rockwell Automation PanelView Plus 7 Performance Series B, which can be exploited by an attacker to cause unauthorized access,...

9.8CVSS5.9AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•4 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24266)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

6.5CVSS8.4AI score0.0162EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Microsoft Word Code Execution Vulnerability (CNVD-2025-26720)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute code...

7.8CVSS7.6AI score0.00436EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•5 views

Microsoft Windows SMB Server Access Control Error Vulnerability

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A security vulnerability exists in Microsoft Windows SMB Server that can be exploited by an...

7.5CVSS9AI score0.00978EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/17 12:0 a.m.•41 views

Fortinet FortiClient MacOS installer data forgery issue vulnerability

Fortinet FortiClient MacOS installer is a client installer from Fortinet. The Fortinet FortiClient MacOS installer suffers from a data forgery issue vulnerability that stems from improper cryptographic signature validation, which can be exploited by an attacker to cause elevation of privilege for...

7.8CVSS6.9AI score0.00077EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/16 12:0 a.m.•4 views

fortinet FortiVoice Operating System Command Injection Vulnerability

FortiVoice is Fortinet's all-in-one enterprise voice over IP communications system. A command injection vulnerability exists in the Fortinet FortiVoice operating system that stems from improper neutralization of specific elements. An attacker could exploit this vulnerability to construct a...

7.2CVSS8.2AI score0.01358EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/16 12:0 a.m.•3 views

Fortinet FortiPAM OS Command Injection Vulnerability (CNVD-2025-24146)

FortiPAM is Fortinet's privileged access management solution for centralized management of sensitive enterprise credentials. A security vulnerability exists in Fortinet FortiPAM that stems from an insufficiently strong authentication mechanism. An attacker could exploit the vulnerability to execu...

9.8CVSS7.5AI score0.00578EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/16 12:0 a.m.•2 views

fortinet FortiAnalyzer License Issues Vulnerability

FortiAnalyzer is Fortinet's centralized security analysis and reporting platform. A security vulnerability exists in FortiAnalyzer that stems from a flaw in the authentication mechanism for OFTP requests. An attacker can exploit this vulnerability to obtain device operational status information o...

6.5CVSS6.7AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/16 12:0 a.m.•20 views

fortinet FortiAnalyzer Competitive Conditions Issue Vulnerability

FortiAnalyzer is Fortinet's centralized security log management and analysis platform. FortiAnalyzer suffers from a competitive condition vulnerability that stems from an improper synchronization mechanism for shared resources. An attacker can exploit this vulnerability to bypass the FortiCloud...

5.3CVSS6.8AI score0.00294EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/16 12:0 a.m.•3 views

fortinet FortiOS Resource Management Error Vulnerability (CNVD-2025-24143)

FortiOS is Fortinet's network operating system that provides firewall, VPN and network security features. A security vulnerability exists in Fortinet FortiOS that stems from an API interface that does not validate return values. An attacker could use this vulnerability to trigger a null pointer...

4.9CVSS6.8AI score0.00576EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/16 12:0 a.m.•9 views

fortinet FortiADC Information Disclosure Vulnerability

FortiADC is an application delivery controller from Fortinet designed to optimize application performance, provide load balancing and enhance security. FortiADC suffers from a security vulnerability that stems from the program's failure to provide adequate access control for sensitive data access...

6.5CVSS6.7AI score0.00282EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/16 12:0 a.m.•5 views

Fortinet FortiOS Access Control Error Vulnerability (CNVD-2025-24145)

Fortinet FortiOS is a network operating system developed by Fortinet for use in its firewall and network security appliances. A security vulnerability exists in Fortinet FortiOS that stems from a flaw in the authorization mechanism. An attacker could exploit the vulnerability to access static fil...

4.3CVSS6.8AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Huawei HarmonyOS device management module buffer overflow vulnerability vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS device management module and can be exploited by an attacker to affect availability...

6.2CVSS7.2AI score0.00086EPSS
Exploits0References1
Total number of security vulnerabilities131179