Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/09/28 12:0 a.m.•5 views

Cisco IOS XE Software Code Issue Vulnerability

Cisco IOS XE Software is a network operating system from the American company Cisco Cisco. Cisco IOS XE Software has a security vulnerability that can be exploited by attackers to cause a denial of service attack...

7.4CVSS5.8AI score0.00188EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/28 12:0 a.m.•7 views

Unspecified Vulnerability in PyTorch (CNVD-2025-23280)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from the bitwiserightshift function mishandling the boundary value of the OTHER parameter, which can be exploited by an attacker to cause an output error...

5.3CVSS6.5AI score0.00423EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/28 12:0 a.m.•4 views

Cisco IOS XE Software Cross-Site Scripting Vulnerability

Cisco IOS XE Software is a network operating system from the American company Cisco Cisco. A cross-site scripting vulnerability exists in Cisco IOS XE Software that originates from improper user input cleanup and can be exploited by an attacker to cause a reflective cross-site scripting attack...

6.1CVSS5.7AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/28 12:0 a.m.•5 views

Unspecified Vulnerability in PyTorch (CNVD-2025-23286)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from an inconsistency between the bernoullip decomposition function and the CPU implementation, no details of the vulnerability are provided at this time...

5.3CVSS6.6AI score0.00391EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/28 12:0 a.m.•4 views

IBM Cognos Controller and IBM Controller Encryption Issues Vulnerabilities

IBM Cognos Controller is an enterprise financial consolidation and reporting software from IBM. A security vulnerability exists in IBM Cognos Controller versions 11.0.0 through 11.0.1 and IBM Controller versions 11.1.0 through 11.1.1, which stems from the use of a hard-coded encryption key to sig...

7.5CVSS6.5AI score0.00213EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/28 12:0 a.m.•23 views

NVIDIA Megatron-LM Code Injection Vulnerability (CNVD-2025-23255)

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that can be exploited by attackers to cause code injection, elevation of privilege,...

7.8CVSS7.2AI score0.0022EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/28 12:0 a.m.•5 views

TOTOLINK N600R Null Pointer Dereference Vulnerability

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a null pointer dereference vulnerability that can be...

5.3CVSS6.7AI score0.00359EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/28 12:0 a.m.•5 views

PyTorch Information Disclosure Vulnerability

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from an information disclosure vulnerability that stems from FractionalMaxPool2d producing inconsistent results when using torch.compile, no details of the vulnerability are provided at this time...

5.3CVSS6.1AI score0.0036EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/26 12:0 a.m.•7 views

Google Chrome Information Disclosure Vulnerability

Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from an information disclosure vulnerability that originates from the V8 presence of side channel...

9.1CVSS6AI score0.00293EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/26 12:0 a.m.•2 views

IBM Watson Studio Cross-Site Scripting Vulnerability

IBM Watson Studio is a data science and machine learning platform from IBM, integrated into Cloud Pak for Data, for building, training and deploying AI models. A cross-site scripting vulnerability exists in IBM Watson Studio versions 4.0 through 5.2.0 that stems from not adequately filtering user...

4.4CVSS6.3AI score0.00162EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/26 12:0 a.m.•4 views

Microsoft Edge Remote Code Execution Vulnerability (CNVD-2025-23074)

Microsoft Edge is a web browser developed by Microsoft based on the Chromium kernel. A remote code execution vulnerability exists in Microsoft Edge. The vulnerability arises because the browser fails to properly handle objects in memory and can be exploited by an attacker to remotely execute code...

7.6CVSS8AI score0.00459EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/26 12:0 a.m.•3 views

Google Chrome Integer Overflow Vulnerability (CNVD-2025-22922)

Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from an integer overflow vulnerability that stems from the program's failure to properly handle numeri...

8.8CVSS7.2AI score0.06608EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/26 12:0 a.m.•5 views

Apache IoTDB Resource Management Error Vulnerability

Apache IoTDB is a time-series database management system from the Apache Software Foundation, designed for storing and analyzing massive time-series data in IoT scenarios. Apache IoTDB suffers from a security vulnerability that originates from an unauthorized access flaw in a system component. An...

7.5CVSS7AI score0.00562EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/26 12:0 a.m.•6 views

TOTOLINK X6000R OS Command Injection Vulnerability

TOTOLINK X6000R is a Wi-Fi 6 technology-enabled wireless router from China's Gion Electronics TOTOLINK, featuring high concurrent connections and dual-band transmission. The TOTOLINK X6000R suffers from an OS command injection vulnerability that stems from a failure to properly filter special...

9.8CVSS7.6AI score0.13164EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/26 12:0 a.m.•4 views

Google Chrome Integer Overflow Vulnerability

Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from an integer overflow vulnerability that stems from the program failing to properly check for integ...

8.8CVSS7.2AI score0.00266EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/26 12:0 a.m.•2 views

TOTOLINK X6000R Improper Input Validation Vulnerability

TOTOLINK X6000R is a Wi-Fi 6 technology-enabled wireless router from China's Gion Electronics TOTOLINK, featuring high concurrent connections and dual-band transmission. The TOTOLINK X6000R suffers from an improper input validation vulnerability that originates from the program's failure to...

8.8CVSS7.4AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•4 views

Artifex Ghostscript pdf_write_cmap function stack buffer overflow vulnerability

Artifex Ghostscript is the United States Artifex company's set of Adobe-based, PostScript and portable document format page description language and compiled into the free software. Artifex Ghostscript pdfwritecmap function has a stack buffer overflow vulnerability, there is no detailed...

5.5CVSS6.5AI score0.00188EPSS
Exploits0
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

Artifex Ghostscript ocr_begin_page function heap buffer overflow vulnerability

Artifex Ghostscript is the United States Artifex company's set of Adobe-based, PostScript and portable document format page description language and compiled into the free software. A heap buffer overflow vulnerability exists in the Artifex Ghostscript ocrbeginpage function, which can be exploite...

5.5CVSS6.5AI score0.00166EPSS
Exploits0
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•6 views

E-Commerce Website Website /pages/admin_account_delete.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /pages/adminaccountdelete.php for externally entered SQL statements. An attacker can exploit this vulnerabilit...

9.8CVSS8.2AI score0.00543EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•0 views

WordPress Plugin CP Multi View Event Calendar Authorization Missing Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization missing vulnerability exists in the WordPress plugin CP Multi View Event...

3.8CVSS6.5AI score0.00287EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•4 views

D-Link DI-7100G Buffer Overflow Vulnerability

D-Link DI-7100G is an Internet Behavior Management router for SMBs, supporting Gigabit network transfer rate some models are labeled as 100 Gigabit, equipped with 4 WAN interfaces and 1 LAN interface, built-in USB2.0 ports, and compliant with IEEE802.11n/g/b wireless standard and IEEE802.3 wired...

7.5CVSS7.2AI score0.00609EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

WordPress Plugin Accordion Missing Authorization Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress plugin Accordion, which can be...

6.5CVSS6.5AI score0.00294EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

UTT 1200GW Buffer Overflow Vulnerability (CNVD-2026-00811)

The UTT 1200GW is an enterprise-grade wireless router from Atech Technology UTT designed to meet the networking needs of small to medium-sized businesses or large space office environments. The UTT 1200GW suffers from a buffer overflow vulnerability that originates from the failure of the paramet...

9CVSS8.2AI score0.0099EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•2 views

Unspecified Vulnerability in WordPress Plugin Advanced Views

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Advanced Views, which can be exploited ...

8.8CVSS7.2AI score0.00408EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•4 views

Tenda AC23 SetPptpServerCfg File sscanf Function Buffer Overflow Vulnerability

Tenda AC23 is a dual-band wireless router from Tenda that supports 802.11acWave2 technology with dual-band concurrent transmission rates up to 2033Mbps, including up to 1733Mbps in the 5GHz band, which is suitable for high-bandwidth applications such as 4K video and online live streaming. Tenda...

9CVSS8.3AI score0.00736EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•5 views

Hostel Management System log_email Parameter SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter logemail in the file /justines/index.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•2 views

WordPress Plugin Advance Portfolio Grid Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Advance Portfolio Grid has a cross-site scripting vulnerability that stems fro...

5.9CVSS6AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

D-Link DI-7100G OS Command Injection Vulnerability

D-Link DI-7100G is an Internet Behavior Management router for SMBs, supporting Gigabit network transfer rate some models are labeled as 100 Gigabit, equipped with 4 WAN interfaces and 1 LAN interface, built-in USB2.0 ports, and compliant with IEEE802.11n/g/b wireless standard and IEEE802.3 wired...

6.5CVSS7.7AI score0.0112EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•1 views

Online Bidding System remove.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /administrator/remove.php. An attacker can exploit this vulnerability ...

9.8CVSS8.2AI score0.0055EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•5 views

Car Rental Project carrental/search.php file cross-site scripting vulnerability

Car Rental Project is a car rental program. Car Rental Project suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter autofocus in the file /carrental/search.php, which can be exploited by an attacker t...

6.1CVSS4.9AI score0.00412EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•5 views

UTT HiPER 840G Buffer Overflow Vulnerability (CNVD-2026-00808)

The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...

9CVSS8.1AI score0.00799EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•6 views

Hostel Management System mod_comments/index.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modcomments/index.php. An attacker can use this...

9.8CVSS8.3AI score0.00629EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•5 views

Hostel Management System index.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modamenities/index.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

Hostel Management System mod_roomtype/index.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modroomtype/index.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•4 views

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23469)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the /usr/sbin/goahead file. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

8.8CVSS8.2AI score0.06115EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•7 views

TOTOLINK X6000R Improper Input Validation Vulnerability

TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from an improper input validation vulnerability, which can be exploited by...

7.5CVSS6.8AI score0.07767EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

Online Bidding System wew.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID in the file /administrator/wew.php. An attacker can exploit this vulnerability to...

9.8CVSS8.2AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•7 views

Flowise Cross-Site Scripting Vulnerability

Flowise is a FlowiseAI open source tool for easily building LLM applications. A cross-site scripting vulnerability exists in Flowise version 3.0.5, which originates from a CustomMCP node directly executing user-entered JavaScript code and can be exploited by an attacker to cause remote code...

10CVSS7.2AI score0.90183EPSS
Exploits21References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•8 views

Artifex Ghostscript pdfmark_coerce_dest function stack buffer overflow vulnerability

Artifex Ghostscript is the United States Artifex company's set of Adobe-based, PostScript and portable document format page description language and compiled into the free software. Artifex Ghostscript pdfmarkcoercedest function has a stack buffer overflow vulnerability, there is no detailed...

5.5CVSS6.5AI score0.00188EPSS
Exploits0
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•4 views

D-Link DIR-513 Buffer Overflow Vulnerability (CNVD-2025-23468)

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a buffer overflow vulnerability due to incorrect manipulation of the parameter webpage in the file /goform/formWPS, no details of the vulnerability are provided at this time...

9CVSS7.3AI score0.02994EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

Online Bidding System index.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aduser in the file /administrator/index.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00543EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•4 views

Online Bidding System bidupdate.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of file /administrator/bidupdate.php. An attacker can exploit this vulnerability t...

9.8CVSS8.3AI score0.00543EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•6 views

Unspecified Vulnerability in WordPress Plugin Academy LMS

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Academy LMS, which can be exploited by ...

5.5CVSS6.5AI score0.00335EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

Park Ticketing Management System normal-bwdates-reports-details.php file SQL injection vulnerability

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter fromdate in the file normal-bwdates-reports-details.php. A...

5.4CVSS8.2AI score0.00243EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•4 views

Hostel Management System login.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter email in the file /justines/admin/login.php. An attacker can use this...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•5 views

Hostel Management System Home Parameter SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Home in the file /justines/admin/modreports/index.php. An attacker can...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•6 views

Tenda AC6 formSetIptv Function Command Injection Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps. The Tenda AC6 suffers from a command injection vulnerability that stems from the formSetIptv function not validating or cleaning up special characters when handlin...

6.5CVSS7.9AI score0.03316EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•38 views

Tenda AC6 Improper Input Validation Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps. The Tenda AC6 suffers from an improper input validation vulnerability that stems from improper handling of the funcname, funcpara1, and funcpara2 parameters in the...

7.7CVSS7.2AI score0.00414EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•2 views

Tenda AC20 strcpy function buffer overflow vulnerability

Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from the failure of startIp, a parameter in the strcpy function of the /goform/SetPptpServerCfg file in the HTTP POST request processing component, to correctly validate the length ...

9CVSS8.4AI score0.00767EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/25 12:0 a.m.•3 views

D-Link DCS-935L Buffer Overflow Vulnerability

The D-Link DCS-935L is a router from China's AUO D-Link. A buffer overflow vulnerability exists in D-Link DCS-935L version 1.13.01 and earlier, which originates from the parameter HNAPAUTH/SOAPAction in file /HNAP1/ that fails to correctly validate the length and size of the input data, and can b...

9.8CVSS8.1AI score0.00815EPSS
Exploits1References1
Total number of security vulnerabilities131179