OpenClaw Command Injection Vulnerability (CNVD-2026-15058)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A command injection vulnerability exists in versions of OpenClaw prior to 2026.2.24. The vulnerability stems from a failure to properly filter construct command special characters, commands, etc. in the system.run...

OpenClaw Denial of Service Vulnerability (CNVD-2026-15152)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a denial of service hole that can be exploited by attackers to cause regular expression injection and denial of service...

Unspecified Vulnerability in Google Chrome (CNVD-2026-15407)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that is due to an object lifecycle issue in PowerVR. An attacker can exploit the vulnerability to execute arbitrary code on the system...

WordPress Plugin King Addons for Elementor Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin King Addons for Elemento...

OpenClaw Security Bypass Vulnerability (CNVD-2026-16056)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security bypass vulnerability that can be exploited by an attacker to cause replay events to bypass duplicate checks...

WordPress Plugin Download Manager Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin Download Manager information disclosure vulnerability, which stems from a...

OpenClaw Command Execution Vulnerability (CNVD-2026-16054)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a command execution vulnerability that can be exploited by an attacker to bypass expected execution limits...

OpenClaw path traversal vulnerability (CNVD-2026-16057)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to weaken bound source isolation by symbolically linking the parent directory to bypass the allowed root directory and prevent path...

OpenClaw Access Control Error Vulnerability (CNVD-2026-16052)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that can be exploited by an attacker to cause a local process to capture a gateway authentication token...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-16050)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

OpenClaw Command Execution Vulnerability (CNVD-2026-16046)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a command execution vulnerability that can be exploited by an attacker to cause an authenticated operator to execute arbitrary parameters...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-16044)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability is caused by failing to filter the shell startup environment variables HOME and ZDOTDIR in the system.run function. An attacker ca...

OpenClaw has an unspecified vulnerability (CNVD-2026-16049)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute arbitrary code without sandbox escape...

OpenClaw has an unspecified vulnerability (CNVD-2026-16048)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a bypass of token and password requirements...

OpenClaw path traversal vulnerability (CNVD-2026-16042)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu media download process failing to properly filter special elements in the path of a resource or file, which can be exploited by a...

Google Chrome heap buffer overflow vulnerability (CNVD-2026-15406)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that is caused by improper boundary checking in WebAudio. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to...

Google Chrome integer overflow vulnerability (CNVD-2026-15405)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an integer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

Google Chrome memory misreference vulnerability (CNVD-2026-15404)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

Google Chrome heap buffer overflow vulnerability (CNVD-2026-15403)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that is caused by incorrect boundary checking in WebGL. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to...

Google Chrome Resource Management Error Vulnerability (CNVD-2026-15395)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the sandbox via specially crafted HTML pages...

GNU BinUtils Buffer Overflow Vulnerability (CNVD-2026-16063)

GNU BinUtils is a collection of programming tools for working with binaries from the American GNU community. A buffer overflow vulnerability exists in GNU BinUtils, which arises from processing specially crafted XCOFF object files without properly validating the relocation type value, and can be...

Google Chrome Out-of-Bounds Read Vulnerability (CNVD-2026-15401)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause out-of-bounds memory access to be performed via specially crafted HTML pages...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15858)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to disclose sensitive information when using specially crafted EMF files...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15859)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15856)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15853)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Canva Affinity Out-of-Bounds Write Vulnerability

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code using a specially crafted EMF file...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15851)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15850)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15849)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15847)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Canva Affinity Out-of-Bounds Read Vulnerability

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to disclose sensitive information when using specially crafted EMF files...

Google Chrome FedCM Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome FedCM, which can be exploited by an attacker to execute arbitrary code on a system...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-16043)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from the safeBins configuration failing to properly filter constructed command special characters, commands, etc., which can...

OpenClaw Denial of Service Vulnerability (CNVD-2026-16053)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that can be exploited by attackers to cause increased memory usage and process instability...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15848)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

OpenClaw has an unspecified vulnerability (CNVD-2026-16389)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to bypass SSRF protection...

Discourse cross-site scripting vulnerability (CNVD-2026-17264)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the onebox method in the SharedAiConversation model rendering...

OpenClaw Access Control Error Vulnerability (CNVD-2026-16041)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the BlueBubbles webhook handler containing a passwordless fallback authentication path, which can be exploited by an attacker to cause an...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15845)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

OpenClaw Encryption Problem Vulnerability (CNVD-2026-15057)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A cryptographic issue vulnerability exists in versions prior to OpenClaw 2026.2.22. The vulnerability stems from the double use of authentication keys across security domains and can be exploited by an attacker to cause a...

OpenClaw Security Bypass Vulnerability (CNVD-2026-16055)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause bypassing of interactive approval prompts...

OpenClaw Security Bypass Vulnerability (CNVD-2026-16051)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security bypass vulnerability that can be exploited by an attacker to cause a remote attacker to bypass sender authorization checks...

OpenClaw Arbitrary Code Execution Vulnerability (CNVD-2026-16394)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an arbitrary code execution vulnerability that can be exploited by an attacker to execute an attacker-controlled binary...

OpenClaw Security Bypass Vulnerability (CNVD-2026-16045)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security bypass vulnerability that can be exploited by attackers to bypass command gate restrictions...

OpenClaw elevation of privilege vulnerability (CNVD-2026-16395)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher operator range before pairing approval...

OpenClaw has an unspecified vulnerability (CNVD-2026-16391)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to skip approval requirements...

OpenClaw has an unspecified vulnerability (CNVD-2026-16386)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to cause bypassing of runtime restrictions...

OpenClaw has an unspecified vulnerability (CNVD-2026-16383)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to reuse previously approved requests and bypass enforcement of integrity controls...

OpenClaw Approves Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an approval bypass vulnerability that can be exploited by an attacker to execute commands from an unexpected file system location by rebinding a writable parent symbolic link...