99 matches found
CVE-2026-45322
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.runshell passes a command string...
CVE-2026-44166 Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...
CVE-2026-44110
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...
ROS-20260417-73-0041
Vulnerability in zabbix7-lts related to providing a data element for an erroneous session. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...
Microsoft Azure Functions 信息泄露漏洞
Microsoft Azure Functions is a hosted Platform-as-a-Service PaaS provider from Microsoft Corporation USA that delivers event-driven and scheduled compute resources for Azure cloud services. An information disclosure vulnerability exists in Microsoft Azure Functions, which can be exploited by an...
TeamViewer DEX Client 安全漏洞
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by free usage in ANGLE. An attacker can exploit the vulnerability to execute arbitrary code on a system...
NSecsoft NSecKrnl 安全漏洞
NSecsoft NSecKrnl is the underlying core module of a terminal protection software from China Anzai NSecsoft. A security vulnerability exists in NSecsoft NSecKrnl, which originates from a local attacker being able to terminate another user's process via a specially crafted IOCTL request...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are affected:Windows 10 Version 1809 for...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows that stems from an attacker's ability to elevate privileges by exploiting the vulnerability...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege authentication bypass vulnerability exists in the Huawei HarmonyOS Camera app, which can be exploited by an attacker to compromise service...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by a clickjacking/overwriting attack in the maybeShowDialog function in ControlsSettingsDialogManager.kt that results in ControlsSettingsTialog...
Google Android TV has an unspecified vulnerability
Google Android TV is a television operating system application from the American company Google Google. Google Android TV suffers from a security vulnerability that can be exploited by an attacker that may result in arbitrary activity being initiated...
The vulnerability of the Linux operating system’s kernel, related to insufficient locking of resources, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel is related to insufficient locking of resources. Exploiting this vulnerability can allow a perpetrator to cause service failures...
The vulnerability of the MacOS operating system, related to insufficient validation of input data, allows a hacker to gain access to and modify system files.
The vulnerability of the MacOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to and modify system files...
The vulnerability of the Siemens License Server (SLS) software, related to errors in the authentication process, allows a violator to increase their privileges.
The vulnerability of the Siemens License Server SLS software management tool is related to errors in the certificate authenticity verification process. Exploiting this vulnerability can allow attackers to increase their privileges...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML content of email notification settings. An attacker can inject malicious scripts by crafting malicious inputs that are rendered in the preview mode. Note: This is only exploitable if the attacker ha...
The vulnerability of the Linux operating system’s kernel, related to state management errors, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel is related to state management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s kernel, related to state management errors, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel is related to state management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...