131179 matches found
Google Chrome WebCodecs Component Out-of-Bounds Read Vulnerability
Google Chrome is a web browser from Google, an American company. An out-of-bounds read vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the WebCodecs component to properly validate the boundaries of input data, which can be...
OpenClaw elevation of privilege vulnerability (CNVD-2026-17893)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an invoker with pairing privileges but no administrator privileges to approve pending device requests that request ...
OpenClaw Approval Bypass Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an approval bypass vulnerability that stems from variable script operands in system.run not being bound between the approval and execution phases, which can be exploited by an attacker to cause an...
OpenClaw has an unspecified vulnerability (CNVD-2026-17186)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a credential fallback issue that can be exploited by an attacker to bypass local authentication boundaries...
OpenClaw Sender Policy Bypass Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sender policy bypass vulnerability that can be exploited by an attacker to bypass sender restrictions and interact with the bot...
OpenClaw has an unspecified vulnerability (CNVD-2026-17184)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to write bytes under the attacker's control outside of the expected verification path before the final protected replacement step is...
OpenClaw has an unspecified vulnerability (CNVD-2026-17182)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that rate limiting is only applied after successful Webhook authentication, which can be exploited by an attacker to bypass the rate limiting and...
OpenClaw has an unspecified vulnerability (CNVD-2026-17185)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to redirect files outside of a container's mounted namespace using a contention condition...
OpenClaw has an unspecified vulnerability (CNVD-2026-17187)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to modify the configuration of a protected peer account...
TRENDnet TEW-713RE Command Injection Vulnerability
The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...
Google Chrome Compositing Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a mix-up in the instructions responsible for freeing memory in the Compositing component. An attacker can...
TRENDnet TEW-657BRM vpn_drop Function OS Command Injection Vulnerability
The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM vpndrop function, which originates from a misuse of the vpndrop function parameter policyname in file /setup.cgi, and can be exploited by an attacker to cause OS command...
Discourse Information Disclosure Vulnerability (CNVD-2026-17256)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that can be exploited by attackers to cause moderators to obtain informati...
OpenClaw has an unspecified vulnerability (CNVD-2026-20007)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a low-privileged operator to approve nodes with a wider scope...
NanoMQ Buffer Overflow Vulnerability (CNVD-2026-16831)
NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms. A buffer overflow vulnerability exists in NanoMQ versions prior to 0.24.8. The vulnerability stems from the MQTT-over-WebSocket transport failing to properly validate the receive buffer size when processing MQTT packets with...
Discourse Access Control Error Vulnerability (CNVD-2026-17476)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that can be exploited by an attacker to retrieve the content of posts, threa...
TRENDnet TEW-657BRM add_apcdb Function Stack Overflow Vulnerability
The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. A stack overflow vulnerability exists in the TRENDnet TEW-657BRM addapcdb function, which originates from a misuse of the addapcdb function parameter macpcdba in file /setup.cgi, for which no detailed vulnerability details are available...
Google Chrome WebCodecs Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the WebCodecs component. An attacker cou...
Google Chrome ANGLE heap buffer overflow vulnerability (CNVD-2026-16862)
Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the ANGLE heap to properly validate the length size of input data, which can be exploited by an...
Discourse Information Disclosure Vulnerability (CNVD-2026-17249)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . An information disclosure vulnerability exists in Discourse. The vulnerability stems from the fact that an authenticated user can send an...
Discourse Information Disclosure Vulnerability (CNVD-2026-17255)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the possibility of inferring the identity of a channel...
Discourse code issue vulnerability (CNVD-2026-17261)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a code issue vulnerability that can be exploited by an attacker to cause the server to initiate outbound connectio...
OpenClaw has an unspecified vulnerability (CNVD-2026-17895)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to cause network acquisition and disk writes to be forced by unauthorized senders...
Google Chrome ANGLE Component Integer Overflow Vulnerability
Google Chrome is a web browser from Google, an American company. An integer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the ANGLE component to properly validate the length size of input data, which can be exploited ...
Apple macOS Denial of Service Vulnerability (CNVD-2026-17907)
Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS, which can be exploited by an attacker to cause an application to terminate unexpectedly...
Discourse Cross-Site Scripting Vulnerability
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the API not cleaning up the description string when updating...
Dell Secure Connect Gateway Path Traversal Vulnerability
The Dell Secure Connect Gateway Dell SCG is a secure connectivity gateway from Dell, USA. A path traversal vulnerability exists in Dell Secure Connect Gateway. The vulnerability stems from the program failing to properly filter for specific elements in a resource or file path, which could be...
Unspecified Vulnerability in WordPress Plugin Listeo Core
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Listeo Core, which stems from a lack of...
TRENDnet TEW-657BRM add_wps_client function OS command injection vulnerability
The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM addwpsclient function, which originates from a misuse of the addwpsclient function parameter wlenroleepin in the file /setup.cgi, and can be exploited by an attacker to...
IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)
IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...
Google Chrome Dawn Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the Dawn component responsible for freeing memory. An attacker can...
WordPress Plugin ElementsKit Elementor Addons and Templates Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ElementsKit Elementor Addon...
Discourse Information Disclosure Vulnerability (CNVD-2026-17258)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from non-employee users having access to read receipt informati...
Apple macOS Denial of Service Vulnerability (CNVD-2026-17906)
Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS. An attacker could exploit this vulnerability to cause an application to unexpectedly terminate the system...
Unspecified vulnerability in Apple macOS Sequoia (CNVD-2026-17904)
Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia has a security vulnerability that can be exploited by attackers to cause an application to break out of its sandbox...
Discourse authorization issue vulnerability (CNVD-2026-17254)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that can be exploited by an attacker to cause a user to purchase a lower tier...
IBM Aspera Shares Access Control Error Vulnerability
IBM Aspera Shares is a Web application from International Business Machines IBM. An access control error vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from a password reset that does not disable the session and can be exploited by an attacker to...
IBM Aspera Shares Input Validation Error Vulnerability (CNVD-2026-16874)
IBM Aspera Shares is a Web application from International Business Machines IBM. An input validation error vulnerability exists in IBM Aspera Shares. The vulnerability stems from improper input validation of the HOST header and can be exploited by an attacker to cause cross-site scripting, cache...
OpenClaw has an unspecified vulnerability (CNVD-2026-17183)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from a plug-in subagent routing that executes a gateway method via a synthetic operator client with broad administrative scope, which can be exploited by an attacker to...
Discourse authorization issue vulnerability (CNVD-2026-17259)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that stems from a category group moderator being able to perform privileged...
Dell AppSync elevation of privilege vulnerability (CNVD-2026-17277)
Dell AppSync is a data replication management application from Dell USA. An elevation of privilege vulnerability exists in Dell AppSync version 4.6.0. The vulnerability stems from improper assignment of critical resource privileges and can be exploited by an attacker to cause elevation of privile...
Apple macOS Sequoia Security Bypass Vulnerability
Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia has a security bypass vulnerability that can be exploited by attackers to cause an application to break out of its sandbox...
TRENDnet TEW-657BRM update_pcdb function stack buffer overflow vulnerability
The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. A stack buffer overflow vulnerability exists in the TRENDnet TEW-657BRM updatepcdb function, which originates from incorrect manipulation of the updatepcdb function parameter, macpcdba, in the file /setup.cgi, for which no detailed...
Google Chrome Code Execution Vulnerability (CNVD-2026-17908)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that can be exploited by an attacker to execute arbitrary code in a sandbox via specially crafted HTML pages...
IBM Aspera Shares Encryption Problem Vulnerability (CNVD-2026-16873)
IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...
Linux kernel buffer overflow vulnerability (CNVD-2026-17161)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. The vulnerability stems from a lack of boundary checking of the DEFAULT table in the verifydfa function, which can b...
Discourse cross-site scripting vulnerability (CNVD-2026-17263)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the user and group display names not being HTML escaped in...
Google Chrome GPU Heap Buffer Overflow Vulnerability
Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from the GPU heap failing to properly validate the length size of input data, which can be exploited by an attacker...
Discourse Information Disclosure Vulnerability (CNVD-2026-17250)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has an information leakage vulnerability , the vulnerability stems from the discourse-subscriptions plugin leaks stripe API key...
Cisco Integrated Management Controller command injection vulnerability
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as starting, stopping, and restarting servers. The Cisco IMC has a...