Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/04/21 12:0 a.m.•23 views

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2026-20171)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows Kernel, which can be exploited by attackers to obtain sensitive information...

5.5CVSS5.8AI score0.00421EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•40 views

Microsoft Windows SSDP Elevation of Privilege Vulnerability

Microsoft Windows SSDP is a simple service discovery provider program from Microsoft USA. Microsoft Windows SSDP suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

7CVSS5.8AI score0.00164EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•10 views

Microsoft Desktop Windows Manager Resource Management Error Vulnerability (CNVD-2026-18596)

Microsoft Desktop Windows Manager is a desktop window manager from Microsoft USA. A security vulnerability exists in Microsoft Desktop Windows Manager. An attacker could exploit the vulnerability to elevate privileges...

7.8CVSS5.3AI score0.00458EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•8 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2026-19432)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

6.5CVSS5.8AI score0.22808EPSS
Exploits1
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•13 views

Microsoft Office Code Execution Vulnerability (CNVD-2026-19434)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

8.4CVSS6.5AI score0.00328EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•14 views

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2026-20170)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to elevate privileges...

7CVSS5.8AI score0.00243EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•17 views

Microsoft Windows Shell Information Disclosure Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft USA.Easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. On some versions of Windows, featur...

6.5CVSS5.8AI score0.00747EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•5 views

Microsoft Excel Buffer Overflow Vulnerability (CNVD-2026-18600)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to obtain sensitive information...

7.1CVSS5.3AI score0.00411EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•4 views

Fortinet FortiOS Access Control Vulnerability (CNVD-2026-25594)

Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering, and anti-spam...

8.8CVSS6.8AI score0.00283EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•12 views

Microsoft Word Code Execution Vulnerability (CNVD-2026-19751)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS6.5AI score0.00411EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•8 views

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2026-20168)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to elevate privileges...

7.8CVSS7.1AI score0.0044EPSS
Exploits1
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•6 views

Microsoft Azure Monitor Agent Code Issue Vulnerability (CNVD-2026-18594)

Microsoft Azure Monitor Agent is a monitoring agent program from Microsoft USA. A security vulnerability exists in Microsoft Azure Monitor Agent. An attacker can exploit the vulnerability to elevate privileges...

7.8CVSS5.4AI score0.01925EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•9 views

Microsoft Windows Shell Elevation of Privilege Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...

7CVSS5.8AI score0.00252EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•14 views

Microsoft Excel Code Execution Vulnerability (CNVD-2026-19429)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS6.5AI score0.00292EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•10 views

Microsoft Windows Shell Security Feature Bypass Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A security feature bypass...

8.8CVSS5.8AI score0.00908EPSS
Exploits0
CNVD
CNVD
•added 2026/04/21 12:0 a.m.•10 views

Microsoft Windows Shell Spoofing Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A spoofing vulnerability exists in...

4.3CVSS6AI score0.64095EPSS
Exploits3
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•8 views

Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability

Dell PowerProtect Data Domain is a data protection specialized storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain...

7.2CVSS5.6AI score0.0114EPSS
Exploits0
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•8 views

Dell PowerProtect Data Domain Parameter Injection Vulnerability (CNVD-2026-18540)

Dell PowerProtect Data Domain is a data protection and de-duplication storage appliance. A parameter injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize parameter separators in commands and can be exploited by an attacker ...

6.7CVSS5.8AI score0.00215EPSS
Exploits0
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•7 views

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18582)

Dell PowerProtect Data Domain is a data protection and backup storage product for enterprise-class data backup, deduplication and disaster recovery. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly hand...

6.7CVSS5.9AI score0.00571EPSS
Exploits0
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•14 views

PraisonAI OS Command Injection Vulnerability (CNVD-2026-18145)

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the fact that SubprocessSandbox relies on string pattern matching to block dangerous commands in all modes and the block list does not...

10CVSS5.5AI score0.00383EPSS
Exploits1
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•6 views

Dell PowerProtect Data Domain OS Command Injection Vulnerability

Dell PowerProtect Data Domain is a data protection and deduplication storage appliance. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize a specific element used for OS command injection, whic...

6.7CVSS5.9AI score0.00571EPSS
Exploits0
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•5 views

Dell PowerProtect Data Domain Cross-Site Scripting Vulnerability (CNVD-2026-18583)

The Dell PowerProtect Data Domain is a data protection-specific storage device designed for efficient backup, archiving and disaster recovery. A cross-site scripting vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly handle user input and can...

5.9CVSS5AI score0.00204EPSS
Exploits0
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•3 views

Dell PowerProtect Data Domain Information Disclosure Vulnerability (CNVD-2026-18586)

The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for backup, archiving and disaster recovery. An information disclosure vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from the system exposing sensitive information to...

4.3CVSS5.5AI score0.003EPSS
Exploits0
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•5 views

PraisonAI SQL Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...

9.8CVSS5.7AI score0.00533EPSS
Exploits1
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•7 views

PraisonAI Operating System Command Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...

9.8CVSS5.7AI score0.00824EPSS
Exploits1
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•3 views

Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability (CNVD-2026-18584)

Dell PowerProtect Data Domain is a data protection storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain Operating...

6.7CVSS5.4AI score0.00524EPSS
Exploits0
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•7 views

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18581)

The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for enterprise-class backup, archiving, and disaster recovery. An OS command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutrali...

6.7CVSS5.9AI score0.00571EPSS
Exploits0
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•5 views

Unspecified Vulnerability in PraisonAI (CNVD-2026-18147)

PraisonAI is a low-code multi-intelligence body collaboration framework by the individual developer Mervin Praison. PraisonAI suffers from a security vulnerability that stems from the OAuthManager.validatetoken function returning True for any token not found in its internal storage, which can be...

9.1CVSS5.5AI score0.00375EPSS
Exploits1
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•7 views

PraisonAI has an unspecified vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

10CVSS5.9AI score0.00707EPSS
Exploits1
CNVD
CNVD
•added 2026/04/20 12:0 a.m.•14 views

PraisonAI Code Issue Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a code issue vulnerability that stems from the FileTools.downloadfile function validating the target path but not validating the url parameter, which can be exploited by an attacker to cause the attacke...

8.6CVSS5.4AI score0.00405EPSS
Exploits1
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•8 views

Google Chrome FileSystem Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome FileSystem component, which can be exploited by an attacker to leverage object corruption via specially crafted HTML pages...

8.8CVSS5.5AI score0.00253EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•4 views

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17632)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the tggl.asp script, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.1AI score0.00516EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•13 views

IBM Langflow Desktop Deserialization Vulnerability

IBM Langflow Desktop is an AI process orchestration desktop application from International Business Machines IBM. A deserialization vulnerability exists in IBM Langflow Desktop versions 1.8.2 and earlier. The vulnerability stems from an insecure default setting that allows deserialization of...

8.8CVSS6.2AI score0.00466EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•5 views

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17656)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability caused by incorrect bounds checking of parameters in the /xwglref.asp endpoint, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.1AI score0.00492EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•3 views

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17633)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the thdgroup.asp script and can be exploited by an attacker to cause a denial of service...

7.5CVSS6AI score0.00516EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•7 views

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17650)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the usergroup.asp script and can be exploited by an attacker to cause a denial of service...

7.5CVSS6AI score0.00605EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•5 views

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17698)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the user.asp script and can be exploited by an attacker to cause a denial of service...

7.5CVSS5.7AI score0.00516EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•4 views

IBM Tivoli Netcool Impact Log Information Disclosure Vulnerability

IBM Tivoli Netcool Impact is a suite of network management software from International Business Machines IBM. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. IBM Tivoli Netcool Impac...

8.4CVSS5.4AI score0.00116EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•5 views

Unspecified Vulnerability in Google Chrome (CNVD-2026-17821)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from insufficient policy enforcement in the Passwords component, which can be exploited by an attacker to disclose cross-domain data via specially crafted HTML pages...

3.1CVSS5.2AI score0.00219EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•5 views

Cisco Webex Contact Center Desktop Agent Cross-Site Scripting Vulnerability

Cisco Webex Contact Center is a cloud contact center solution for customer service and call center management. A cross-site scripting vulnerability exists in Cisco Webex Contact Center. The vulnerability stems from a failure of the Desktop Agent feature to properly handle HTML and scripted conten...

6.1CVSS5.6AI score0.00222EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•9 views

Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2026-19167)

Google Chrome is a web browser developed by Google with a V8 engine for executing JavaScript code. A type confusion vulnerability exists in Google Chrome's V8 engine. The vulnerability stems from the engine's failure to properly handle object types and can be exploited by an attacker to perform...

8.8CVSS5.8AI score0.00275EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•8 views

Google Chrome XR Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google. Google Chrome suffers from a memory misreference vulnerability. The vulnerability stems from a memory object misreference in the XR component of the Android version and can be exploited by an attacker to perform an out-of-bounds memory read via ...

8.8CVSS5.8AI score0.00269EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•7 views

Google Chrome Cast Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google. Google Chrome suffers from a memory misreference vulnerability. The vulnerability stems from a failure of the Cast component to properly handle memory objects and can be exploited by an attacker to execute arbitrary code via a specially crafted...

8.8CVSS6.2AI score0.00341EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•7 views

Google Chrome GPU out-of-bounds write vulnerability (CNVD-2026-19171)

Google Chrome is a web browser developed by Google. Google Chrome suffers from a GPU out-of-bounds write vulnerability. The vulnerability stems from a failure of the GPU component to properly handle boundary checks and can be exploited by an attacker to achieve sandbox escape via specially crafte...

8.3CVSS5.8AI score0.00269EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•11 views

Google Chrome Media Component Out-of-Bounds Read Vulnerability

Google Chrome is a web browser developed by Google. An out-of-bounds read vulnerability exists in the Media component of Google Chrome. The vulnerability stems from a failure of the Media component to properly handle certain UI gestures and can be exploited by an attacker to execute arbitrary cod...

7.5CVSS6.2AI score0.00293EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•3 views

Google Chrome Skia Component Out-of-Bounds Read Vulnerability

Google Chrome is a web browser from Google, an American company. An out-of-bounds read vulnerability exists in the Google Chrome Skia component, which can be exploited by attackers to obtain sensitive information...

6.5CVSS5.3AI score0.00234EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•6 views

Google Chrome Codecs Component Memory Misreference Vulnerability (CNVD-2026-17817)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome Codecs component, which can be exploited by an attacker to execute arbitrary code in a sandbox via specially crafted HTML pages...

8.8CVSS6AI score0.00334EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•6 views

Google Chrome on Windows Uninitialized Usage Vulnerability

Google Chrome is a web browser from Google, an American company. An uninitialized use vulnerability exists in Google Chrome on Windows, which can be exploited by an attacker to perform a sandbox escape via a specially crafted HTML page...

8.3CVSS5.3AI score0.00273EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•10 views

Google Chrome Payments Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google. A memory misreference vulnerability exists in Google Chrome. The vulnerability stems from a failure of the Payments component for Android to properly handle memory objects, which can be exploited by an attacker to execute arbitrary code by...

7.5CVSS6.2AI score0.00293EPSS
Exploits0
CNVD
CNVD
•added 2026/04/16 12:0 a.m.•8 views

Google Chrome Viz Component Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google. A memory misreference vulnerability exists in the Viz component of Google Chrome. The vulnerability stems from a failure of the Viz component to properly handle memory objects, which can be exploited by an attacker to potentially sandbox escape ...

8.3CVSS5.8AI score0.00251EPSS
Exploits0
Total number of security vulnerabilities131179