Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/09/11 12:0 a.m.•3 views

Adobe Substance3D Modeler Memory Misreference Vulnerability

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. A code execution vulnerability exists in Adobe Substance3D Modeler, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.8AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•3 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-21392)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. Microsoft Excel Code Execution Vulnerability, the vulnerability is caused due to failure to free memory on the heap. An attacker can exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS7.6AI score0.0054EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•4 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-21394)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS7.8AI score0.0054EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•3 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-21398)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS7.8AI score0.0054EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•2 views

SAP NetWeaver Application Server Java Access Control Error Vulnerability (CNVD-2025-21204)

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An Access Control Error vulnerability exists in SAP NetWeaver Application Server Java, which stems...

5.3CVSS7AI score0.00281EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

Tenda G3 formDelPortMapping function stack buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda G3 formDelPortMapping function, which can be exploited by an attacker to cause a denial of service DoS via a specially crafted request...

7.5CVSS7.3AI score0.00456EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•2 views

Adobe Experience Manager Input Validation Error Vulnerability (CNVD-C-2025-521942)

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An input validation error vulnerability exists in Adobe...

7.7CVSS6.4AI score0.05247EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•4 views

Adobe Substance3D Viewer Heap Buffer Overflow Vulnerability

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS8AI score0.00243EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

Tenda W30E werlessAdvancedSet Function Buffer Overflow Vulnerability

Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability that originates from the failure of the countryCode parameter in the werlessAdvancedSet function to...

7.5CVSS7.4AI score0.00456EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•6 views

Tenda G3 formAddVpnUsers function buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which is caused by the vpnUsers parameter in the formAddVpnUsers function failing to correctly validate the length of the input data, and can be exploited by an attacker to execute...

7.5CVSS8.3AI score0.00456EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•3 views

Adobe Substance3D Viewer Out-of-Bounds Write Vulnerability (CNVD-2025-21423)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...

7.8CVSS7.8AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

Adobe Experience Manager misauthorization vulnerability (CNVD-2025-21153)

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. A misauthorization vulnerability exists in Adobe Experience...

6.5CVSS6.6AI score0.00379EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•7 views

Adobe After Effects Out-of-Bounds Read Vulnerability

Adobe After Effects AE for short is a professional film and television post-effects software launched by Adobe in 1993, support for Windows and MacOS dual-platform, mainly for film and television special effects, motion graphics design and video synthesis. Adobe After Effects has an out-of-bounds...

5.5CVSS6.5AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•7 views

Tenda G3 formSetStaticRoute function stack buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda G3 formSetStaticRoute function, which can be exploited by an attacker to cause a denial of service DoS via a specially crafted request...

7.5CVSS7.3AI score0.00456EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23471)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the sub415028 function in the goform/setsticleases file. An attacker can exploit the vulnerability to execute arbitrary commands on the system...

9.8CVSS8.3AI score0.03986EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•2 views

SAP NetWeaver Deserialization Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A deserialization vulnerability exists in SAP NetWeaver, which arises from unsafe deserialization of...

10CVSS7.5AI score0.02882EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•3 views

Ivanti Endpoint Manager Code Execution Vulnerability

Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from insufficient validation of filenames of uploaded...

8.8CVSS8.3AI score0.13471EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

Unspecified Vulnerability in SAP NetWeaver (CNVD-2025-21160)

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A security vulnerability exists in SAP NetWeaver, which can be exploited by an attacker to potentially...

5CVSS6.6AI score0.002EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•3 views

Adobe Experience Manager Input Validation Error Vulnerability (CNVD-2025-21156)

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An input validation error vulnerability exists in Adobe...

6.5CVSS6.4AI score0.00441EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•2 views

Adobe Substance3D Viewer Out-of-Bounds Write Vulnerability (CNVD-2025-21422)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...

7.8CVSS7.8AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

Adobe Experience ManagerXML Entity Injection Vulnerability

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An XML entity injection vulnerability exists in Adobe Experienc...

4.3CVSS7AI score0.01609EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

Tenda G3 dns_forward_rule_store function buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which originates from the failure of the rules parameter in the dnsforwardrulestore function to correctly validate the length of the input data, and can be exploited by an attacker...

7.5CVSS8.3AI score0.00456EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•4 views

Siemens SINAMICS G220, SINAMICS S210 and SINAMICS S200 Elevation of Privilege Vulnerability

SINAMICS G220 is a high-performance, single-axis variable-frequency drive from Siemens.SINAMICS S210 is a high-performance, single-axis servo drive from Siemens.SINAMICS S200 is a high-performance, cost-effective, single-axis AC servo drive from Siemens for standard automation applications...

9.8CVSS5.8AI score0.00201EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•7 views

UTT 750W Buffer Overflow Vulnerability

The UTT 750W is an enterprise-grade dual-band wireless router from the AiTai UTT brand that supports 2.4GHz and 5GHz bands with wireless transmission rates up to 750Mbps. The UTT 750W suffers from a buffer overflow vulnerability, which originates from the handling of the importpictureurl paramete...

9CVSS8.2AI score0.00995EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•6 views

Tenda W30E UploadCfg Function Buffer Overflow Vulnerability

Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability, which originates from the failure of the v17 parameter in the UploadCfg function to properly validat...

9.8CVSS8.3AI score0.00437EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•9 views

Rockwell Automation FactoryTalk Activation Manager Data Exposure Vulnerability

Rockwell Automation is a leading global provider of industrial automation and control solutions focused on helping companies achieve smart manufacturing and digital transformation. A data disclosure vulnerability exists in Rockwell Automation FactoryTalk Activation Manager, which can be exploited...

8.7CVSS6.4AI score0.00341EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•6 views

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2025-21150)

Adobe After Effects AE for short is a professional film and television post-effects software launched by Adobe in 1993, support for Windows and MacOS dual-platform, mainly for film and television special effects, motion graphics design and video synthesis. Adobe After Effects has an out-of-bounds...

5.5CVSS6.5AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

SAP Fiori App Manage Work Center Groups Cross-Site Request Forgery Vulnerability

SAP Fiori App Manage Work Center Groups is an enterprise application from SAP with the ability to manage and maintain work center groups. A cross-site request forgery vulnerability exists in SAP Fiori App Manage Work Center Groups, which stems from insufficient CSRF protection and can be exploite...

4.3CVSS6.8AI score0.00128EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•6 views

SAP Supplier Relationship Management Cross-Site Scripting Vulnerability (CNVD-2025-21206)

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•20 views

Rockwell Automation ThinManager Server-Side Request Forgery Vulnerability

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A server-side request forgery vulnerability exists in Rockwell Automation ThinManager, which stems from...

8.8CVSS7.2AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

Microsoft OfficePlus Spoofing Vulnerability

Microsoft Office is an office software suite product of Microsoft Corporation, USA.OfficePLUS is the official Office plug-in from Microsoft. A spoofing vulnerability exists in Microsoft OfficePlus, which can be exploited by attackers to spoof and obtain sensitive information over the network...

7.5CVSS6.5AI score0.01043EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•9 views

Unspecified Vulnerability in NVIDIA NVDebug (CNVD-2025-21177)

NVIDIA NVDebug is a debugging and diagnostic tool from NVIDIA. NVIDIA NVDebug contains a security vulnerability that can be exploited by attackers to potentially cause privileged account access, which could lead to code execution, denial of service, elevation of privilege, information disclosure,...

9.8CVSS6.8AI score0.00297EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•6 views

Fortinet FortiDDoS-F Operating System Command Injection Vulnerability

Fortinet FortiDDoS-F is a distributed denial-of-service protection system from the U.S. company Fiat Fortinet. Fortinet FortiDDoS-F suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements, which can be exploited by an attacker t...

6.7CVSS8.2AI score0.00479EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/11 12:0 a.m.•5 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-21155)

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. A cross-site scripting vulnerability exists in Adobe Experience...

5.4CVSS5.9AI score0.0462EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/10 12:0 a.m.•3 views

Online Event Judging System index.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. The Online Event Judging System suffers from a SQL injection vulnerability that originates from the /index.php file not securely filtering the Username parameter. An attacker can exploit this vulnerability by constructing a malicious...

9.8CVSS8.4AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/10 12:0 a.m.•3 views

Small CRM /get-quote.php File SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from the /get-quote.php file, which does not perform security filtering on the Contact parameter. An attacker can exploit this vulnerability to illegally manipulate the...

9.8CVSS7.8AI score0.00379EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/10 12:0 a.m.•5 views

Command Injection Vulnerability in RAISECOM DR5374 at RISECOM Technology Development Co.

The RAISECOM DR5374 is a router for home scenarios. A command injection vulnerability exists in the RAISECOM DR5374, which can be exploited by an attacker to execute arbitrary commands as root...

6.2AI score
Exploits0
CNVD
CNVD
•added 2025/09/10 12:0 a.m.•3 views

Online Event Judging System /review_search.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability, which originates from the /reviewsearch.php file not securely filtering the txtsearch parameter. An attacker can exploit this vulnerability to remotely execute...

9.8CVSS8.2AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/10 12:0 a.m.•2 views

IBM Concert Software Buffer Overflow Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a buffer overflow vulnerability that originate...

7.5CVSS6.8AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/10 12:0 a.m.•2 views

Dell PowerScale OneFS Privilege Permission and Access Control Issues Vulnerability

Dell PowerScale OneFS is an enterprise-class distributed file system from Dell. A privilege mismanagement vulnerability exists in Dell PowerScale OneFS versions prior to 9.12.0.0, which stems from the system failing to properly implement a privilege control mechanism. An attacker could exploit th...

6.7CVSS6.6AI score0.00125EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•4 views

POS Point of Sale System dom_data_two_headers.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability, which originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...

6.1CVSS6.1AI score0.00364EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•4 views

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

Cisco Integrated Management Controller IMC is a set of software used by Cisco to manage UCS Unified Computing System, which supports HTTP, SSH access, etc., and allows operations such as powering up, shutting down and restarting the server. A cross-site scripting vulnerability exists in Cisco...

5.4CVSS5.9AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•4 views

POS Point of Sale System /-complex_header.php file cross-site scripting vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

6.1CVSS6.1AI score0.00264EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•1 views

Google Android Information Disclosure Vulnerability (CNVD-2025-21349)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

3.3CVSS6.1AI score0.00076EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•3 views

Google Android heap buffer overflow vulnerability (CNVD-2025-21351)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

8.8CVSS7.3AI score0.00278EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•3 views

POS Point of Sale System /dymanic_table.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...

6.1CVSS6.1AI score0.00364EPSS
Exploits1References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•4 views

Google Android Out-of-Bounds Write Vulnerability (CNVD-2025-21352)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause local information disclosure...

5.5CVSS6.5AI score0.00074EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•4 views

Huawei HarmonyOS device standby module competitive conditions loophole

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS device standby module, which can be exploited by an attacker to cause the system device...

5.1CVSS6.7AI score0.00064EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•3 views

Google Android Information Disclosure Vulnerability (CNVD-2025-21366)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

5.5CVSS6.1AI score0.0007EPSS
Exploits0References1
CNVD
CNVD
•added 2025/09/09 12:0 a.m.•6 views

Huawei HarmonyOS runtime interpreter module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds read vulnerability exists in the Huawei HarmonyOS runtime interpreter module, which can be exploited by an attacker to cause an availability...

8.4CVSS6.7AI score0.0009EPSS
Exploits0References1
Total number of security vulnerabilities131179