Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/09/18 12:0 a.m.•7 views

BMC Control-M Stack Buffer Overflow Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that originates from formatting an error message when SSL/TLS communication is misconfigured, no...

6.3CVSS7.5AI score0.00308EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Apple Xcode Path Mishandling Vulnerability

Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from a path mishandling vulnerability that can be exploited by an attacker to cause a process crash...

4CVSS6.6AI score0.00321EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•4 views

Online Library Management System adminlogin.php Component Elevation of Privilege Vulnerability

Online Library Management System is an online library management system. An elevation of privilege vulnerability exists in the Online Library Management System, which is caused by a flaw in the adminlogin.php component and the Login function, and can be exploited by an attacker to cause an...

9.8CVSS7.1AI score0.00522EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Apple Xcode Denial of Service Vulnerability

Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from a denial of service vulnerability that originates from a process crash when handling too large a path value. An attacker can...

7.5CVSS6.5AI score0.00318EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Kubernetes Trust Management Issues Vulnerabilities

Kubernetes K8s is an open source system of Kubernetes open source for automating the deployment, scaling, and management of containerized applications. Kubernetes suffers from a trust management issue vulnerability that stems from the certificate validation logic not properly validating the chain...

6.8CVSS6.5AI score0.00288EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•4 views

Apple Xcode Sandbox Check Insufficiency Vulnerability

Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from an insufficient sandbox checking vulnerability that can be exploited by an attacker to read and write files outside the sandb...

7.1CVSS6.7AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•1 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22678)

Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in a number of Apple products that stems from insufficient checks when handling...

9.8CVSS6.5AI score0.00691EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22680)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is an operating system for smart TVs.Apple iPadOS is an operating system for iPad tablets.Apple iOS is an operating system for mobile devices.Apple tvOS is an operating system for smart TVs.Apple tvOS is an operating system...

5.5CVSS6.4AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•2 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22687)

Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in a number of Apple products that stems from a permissions issue that can be...

8.8CVSS6.5AI score0.00288EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Microsoft Edge is a web browser from Microsoft that comes with Windows 10 onwards. A spoofing vulnerability exists in Microsoft Edge Chromium-based for Android, which stems from insufficient user interface warnings of dangerous operations, and can be exploited by an attacker to cause a network...

4.7CVSS6.5AI score0.00341EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Multiple Mozilla Product Spoofing Vulnerabilities (CNVD-2025-26890)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A spoofing vulnerability exists in several Mozilla products and is caused by an...

6.5CVSS6.1AI score0.00275EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Mozilla Firefox and Mozilla Thunderbird Spoofing Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. Mozilla Firefox and Mozilla Thunderbird have a spoofing vulnerability that can be...

8.1CVSS6.5AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Unspecified Vulnerability in BMC Control-M

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that originates when an email address in a client certificate stops validating when it encounters a NULL byte, whi...

10CVSS6.8AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Apple macOS Tahoe Permission Issues Vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

5.5CVSS6.5AI score0.00183EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Apple macOS Tahoe Permission Issue Vulnerability (CNVD-2025-22598)

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

7.8CVSS6.8AI score0.00321EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Adobe Substance3D Stager Buffer Overflow Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager 3.1.3 and prior versions, which can be exploited by an attacker to cause code execution in the current user environment...

7.8CVSS7.2AI score0.0021EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•2 views

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24646)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

6.5CVSS6.7AI score0.00291EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•2 views

Unspecified Vulnerability in BMC Control-M (CNVD-2025-22541)

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...

6.9CVSS6.9AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Computer Laboratory System File Upload Vulnerability

Computer Laboratory System is a computer laboratory system. A file upload vulnerability exists in Computer Laboratory System that stems from the file upload feature not restricting file types, no details of the vulnerability are available at this time...

7.3CVSS7AI score0.00295EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

BMC Control-M Authentication Bypass Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. An authentication bypass vulnerability exists in BMC Control-M that stems from an authentication bypass when using an empty or default kdb keystore or a default...

9.5CVSS7.1AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•4 views

Apple macOS Tahoe state mismanagement vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

7.5CVSS6.6AI score0.00373EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•4 views

Apple macOS Tahoe sandbox under-limit vulnerability (CNVD-2025-22593)

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

5.5CVSS6.6AI score0.00178EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22682)

Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. Several Apple products contain security vulnerabilities that can be exploited by attackers to cause unexpected...

7.8CVSS6.7AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•1 views

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24636)

MMozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

7.3CVSS6.7AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•4 views

Apple macOS Tahoe Out-of-Bounds Read Vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

3.3CVSS6.6AI score0.00367EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2025-24635)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

7.5CVSS6AI score0.00293EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•7 views

ZTE T5400 License Issue Vulnerability

The ZTE T5400 is a router from China's ZTE Corporation ZTE. The ZTE T5400 suffers from an authorization issue vulnerability, which stems from improper control of web module interface privileges, and can be exploited by an attacker to obtain sensitive information...

5.7CVSS5.7AI score0.00249EPSS
Exploits0
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•7 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22673)

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple macOS Tahoe is an operating system.... A security vulnerability exists in several Apple products that stems from improper handling of sensitive information and can be exploited...

5.5CVSS6.3AI score0.00215EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•3 views

Apple macOS Tahoe Permission Issues Vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

3.3CVSS6.6AI score0.00154EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•4 views

Apple macOS Tahoe Permission Issue Vulnerability (CNVD-2025-22393)

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

5.5CVSS6.8AI score0.00183EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•4 views

Apple macOS Sonoma Logic Issue Vulnerability

Apple macOS Sonoma is an operating system launched on June 5, 2023 by Apple. Apple macOS Sonoma has a logic problem vulnerability that can be exploited by an attacker to cause an application to access sensitive user data...

5.5CVSS6.5AI score0.00211EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Apple macOS Tahoe Boundary Check Insufficiency Vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

5.5CVSS6.6AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Student Result Management System Using PHP Cross-Site Request Forgery Vulnerability

Student Result Management System Using PHP is a student result management system. A cross-site request forgery vulnerability exists in Student Result Management System Using PHP, which stems from a Profile Page that does not adequately validate that a request is coming from a trusted user, no...

7.3CVSS6.6AI score0.00183EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•2 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22677)

Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in a number of Apple products that stems from improper memory handling when...

9.8CVSS6.5AI score0.00718EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•9 views

Code execution vulnerability in multiple Mozilla products (CNVD-2025-26891)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

8.8CVSS7.9AI score0.00687EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•4 views

Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2025-24653)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. An information disclosure vulnerability exists in several Mozilla products and is...

6.2CVSS5.9AI score0.00154EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•16 views

Mattermost Input Validation Error Vulnerability (CNVD-2025-22091)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an input validation error vulnerability that stems from an unvalidated redirectto parameter, which can be exploited by an attacker to cause theft of a user's cookie via a...

7.6CVSS6.4AI score0.00161EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•7 views

Apple macOS Tahoe Permission Issues Vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

5.1CVSS6.6AI score0.00183EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•11 views

Apple macOS Tahoe environment variable mishandling vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

3.3CVSS6.5AI score0.00169EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/18 12:0 a.m.•5 views

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22683)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating...

3.3CVSS6.5AI score0.00301EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•4 views

Unspecified vulnerability in curl (CNVD-2025-21413)

curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...

5.3CVSS6.5AI score0.00466EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•4 views

Online Shopping Portal Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store. A cross-site scripting vulnerability exists in Online Shopping Portal, which can be exploited by an attacker to cause a cross-site scripting attack, due to a failure to clean inputs to the quantity parameter when adding items to the shopping cart...

6.1CVSS6.2AI score0.00213EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•2 views

Unspecified Vulnerability in AXIS BANK Axis Mobile App

AXIS BANK Axis Mobile App is a mobile banking application by AXIS BANK India. AXIS BANK Axis Mobile App version 9.9 has a security vulnerability that can be exploited by an attacker that may lead to the disclosure of account information, balances, transaction history and other data...

6.5CVSS6.7AI score0.00275EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•3 views

D-Link DIR-823x Command Injection Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...

8.8CVSS7AI score0.0815EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•4 views

Wavlink WL-WN578W2 sub_404DBC Function OS Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. The Wavlink WL-WN578W2 221110 version has an operating system command injection vulnerability, which originates from the parameter macAddr in the sub404DBC function of the file /cgi-bin/wireless.cgi that fails to correctly filter...

9.8CVSS7.8AI score0.06072EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•3 views

Wavlink WL-WN578W2 sub_404850 function OS Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An operating system command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter deletelist in the function sub404850 in the file /cgi-bin/wireless.cgi that fails to correctly...

9.8CVSS7.8AI score0.06072EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•3 views

Wavlink WL-WN578W2 sub_409184 Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter selEncrypTyp of the function sub409184 in the file /wizardrep.shtml that fails to correctly filter the constructor...

9.8CVSS7.8AI score0.08082EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•3 views

Wavlink WL-WN578W2 Access Control Error Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An access control error vulnerability exists in the Wavlink WL-WN578W2 version 221110, which originates from an incorrect access control in the file /liveonline.shtml, which can be exploited by an attacker to cause information...

6.9CVSS5.3AI score0.0049EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•5 views

Wavlink WL-WN578W2 sub_401C5C function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. Wavlink WL-WN578W2 221110 version exists a command injection vulnerability, the vulnerability stems from the parameter pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled of the function...

9.8CVSS7.8AI score0.08082EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/16 12:0 a.m.•5 views

Flowise Access Control Error Vulnerability

Flowise is a FlowiseAI open source tool for easily building LLM applications. An Access Control Error vulnerability exists in Flowise 3.0.5 and prior versions, which stems from the forgot-password endpoint returning a password reset token without authentication, and can be exploited by an attacke...

9.8CVSS6.9AI score0.50118EPSS
Exploits14References1
Total number of security vulnerabilities131179