Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

Google Chrome WebCodecs Component Out-of-Bounds Read Vulnerability

Google Chrome is a web browser from Google, an American company. An out-of-bounds read vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the WebCodecs component to properly validate the boundaries of input data, which can be...

8.8CVSS5.7AI score0.00248EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

OpenClaw elevation of privilege vulnerability (CNVD-2026-17893)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an invoker with pairing privileges but no administrator privileges to approve pending device requests that request ...

9.9CVSS7.5AI score0.00624EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

OpenClaw Approval Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an approval bypass vulnerability that stems from variable script operands in system.run not being bound between the approval and execution phases, which can be exploited by an attacker to cause an...

6.3CVSS5.6AI score0.002EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17186)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a credential fallback issue that can be exploited by an attacker to bypass local authentication boundaries...

3.3CVSS5.7AI score0.00104EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

OpenClaw Sender Policy Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sender policy bypass vulnerability that can be exploited by an attacker to bypass sender restrictions and interact with the bot...

5.3CVSS5.4AI score0.00297EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17184)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to write bytes under the attacker's control outside of the expected verification path before the final protected replacement step is...

7.5CVSS5.7AI score0.0008EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•7 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17182)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that rate limiting is only applied after successful Webhook authentication, which can be exploited by an attacker to bypass the rate limiting and...

6.9CVSS5.7AI score0.00272EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•3 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17185)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to redirect files outside of a container's mounted namespace using a contention condition...

6.3CVSS5.7AI score0.00078EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•3 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17187)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to modify the configuration of a protected peer account...

7.1CVSS5.7AI score0.00194EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•6 views

TRENDnet TEW-713RE Command Injection Vulnerability

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

9.8CVSS6.5AI score0.05126EPSS
Exploits1
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•7 views

Google Chrome Compositing Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a mix-up in the instructions responsible for freeing memory in the Compositing component. An attacker can...

9.6CVSS5.8AI score0.00248EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

TRENDnet TEW-657BRM vpn_drop Function OS Command Injection Vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM vpndrop function, which originates from a misuse of the vpndrop function parameter policyname in file /setup.cgi, and can be exploited by an attacker to cause OS command...

8.8CVSS6.4AI score0.04778EPSS
Exploits1
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•8 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17256)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that can be exploited by attackers to cause moderators to obtain informati...

6.5CVSS5.8AI score0.00234EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•10 views

OpenClaw has an unspecified vulnerability (CNVD-2026-20007)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a low-privileged operator to approve nodes with a wider scope...

8.6CVSS5.8AI score0.00379EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•6 views

NanoMQ Buffer Overflow Vulnerability (CNVD-2026-16831)

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms. A buffer overflow vulnerability exists in NanoMQ versions prior to 0.24.8. The vulnerability stems from the MQTT-over-WebSocket transport failing to properly validate the receive buffer size when processing MQTT packets with...

7.5CVSS6AI score0.00472EPSS
Exploits1
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•2 views

Discourse Access Control Error Vulnerability (CNVD-2026-17476)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that can be exploited by an attacker to retrieve the content of posts, threa...

5.1CVSS5.7AI score0.00188EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•8 views

TRENDnet TEW-657BRM add_apcdb Function Stack Overflow Vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. A stack overflow vulnerability exists in the TRENDnet TEW-657BRM addapcdb function, which originates from a misuse of the addapcdb function parameter macpcdba in file /setup.cgi, for which no detailed vulnerability details are available...

9CVSS8.1AI score0.00772EPSS
Exploits1
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

Google Chrome WebCodecs Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the WebCodecs component. An attacker cou...

8.8CVSS6.2AI score0.00395EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•3 views

Google Chrome ANGLE heap buffer overflow vulnerability (CNVD-2026-16862)

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the ANGLE heap to properly validate the length size of input data, which can be exploited by an...

8.8CVSS6.4AI score0.0035EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•12 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17249)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . An information disclosure vulnerability exists in Discourse. The vulnerability stems from the fact that an authenticated user can send an...

4.3CVSS5.7AI score0.00201EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•6 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17255)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the possibility of inferring the identity of a channel...

4.3CVSS5.7AI score0.00201EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•6 views

Discourse code issue vulnerability (CNVD-2026-17261)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a code issue vulnerability that can be exploited by an attacker to cause the server to initiate outbound connectio...

5.3CVSS5.9AI score0.0019EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•15 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17895)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to cause network acquisition and disk writes to be forced by unauthorized senders...

6.9CVSS5.3AI score0.00355EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

Google Chrome ANGLE Component Integer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. An integer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the ANGLE component to properly validate the length size of input data, which can be exploited ...

7.5CVSS5.8AI score0.00255EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•8 views

Apple macOS Denial of Service Vulnerability (CNVD-2026-17907)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS, which can be exploited by an attacker to cause an application to terminate unexpectedly...

3.3CVSS5.3AI score0.00173EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•3 views

Discourse Cross-Site Scripting Vulnerability

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the API not cleaning up the description string when updating...

5.4CVSS5.5AI score0.00167EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

Dell Secure Connect Gateway Path Traversal Vulnerability

The Dell Secure Connect Gateway Dell SCG is a secure connectivity gateway from Dell, USA. A path traversal vulnerability exists in Dell Secure Connect Gateway. The vulnerability stems from the program failing to properly filter for specific elements in a resource or file path, which could be...

7.2CVSS5.4AI score0.00381EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

Unspecified Vulnerability in WordPress Plugin Listeo Core

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Listeo Core, which stems from a lack of...

5.3CVSS5.5AI score0.00304EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

TRENDnet TEW-657BRM add_wps_client function OS command injection vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM addwpsclient function, which originates from a misuse of the addwpsclient function parameter wlenroleepin in the file /setup.cgi, and can be exploited by an attacker to...

8.8CVSS6.4AI score0.04457EPSS
Exploits1
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•10 views

IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

6.8CVSS5.8AI score0.00252EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•7 views

Google Chrome Dawn Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the Dawn component responsible for freeing memory. An attacker can...

8.8CVSS6.2AI score0.00313EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•6 views

WordPress Plugin ElementsKit Elementor Addons and Templates Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ElementsKit Elementor Addon...

6.4CVSS5.2AI score0.00293EPSS
Exploits1
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17258)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from non-employee users having access to read receipt informati...

5.3CVSS5.7AI score0.00201EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

Apple macOS Denial of Service Vulnerability (CNVD-2026-17906)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS. An attacker could exploit this vulnerability to cause an application to unexpectedly terminate the system...

6.2CVSS5.4AI score0.00196EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

Unspecified vulnerability in Apple macOS Sequoia (CNVD-2026-17904)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia has a security vulnerability that can be exploited by attackers to cause an application to break out of its sandbox...

7.5CVSS5.4AI score0.00232EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

Discourse authorization issue vulnerability (CNVD-2026-17254)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that can be exploited by an attacker to cause a user to purchase a lower tier...

6.3CVSS5.7AI score0.00171EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•7 views

IBM Aspera Shares Access Control Error Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. An access control error vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from a password reset that does not disable the session and can be exploited by an attacker to...

6.5CVSS5.8AI score0.00176EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

IBM Aspera Shares Input Validation Error Vulnerability (CNVD-2026-16874)

IBM Aspera Shares is a Web application from International Business Machines IBM. An input validation error vulnerability exists in IBM Aspera Shares. The vulnerability stems from improper input validation of the HOST header and can be exploited by an attacker to cause cross-site scripting, cache...

5.4CVSS5.6AI score0.002EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17183)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from a plug-in subagent routing that executes a gateway method via a synthetic operator client with broad administrative scope, which can be exploited by an attacker to...

9.8CVSS5.7AI score0.00461EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•3 views

Discourse authorization issue vulnerability (CNVD-2026-17259)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that stems from a category group moderator being able to perform privileged...

5.4CVSS5.8AI score0.00153EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•3 views

Dell AppSync elevation of privilege vulnerability (CNVD-2026-17277)

Dell AppSync is a data replication management application from Dell USA. An elevation of privilege vulnerability exists in Dell AppSync version 4.6.0. The vulnerability stems from improper assignment of critical resource privileges and can be exploited by an attacker to cause elevation of privile...

7.3CVSS5.8AI score0.00127EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

Apple macOS Sequoia Security Bypass Vulnerability

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia has a security bypass vulnerability that can be exploited by attackers to cause an application to break out of its sandbox...

8.7CVSS5.3AI score0.00181EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•6 views

TRENDnet TEW-657BRM update_pcdb function stack buffer overflow vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. A stack buffer overflow vulnerability exists in the TRENDnet TEW-657BRM updatepcdb function, which originates from incorrect manipulation of the updatepcdb function parameter, macpcdba, in the file /setup.cgi, for which no detailed...

9CVSS8.2AI score0.00815EPSS
Exploits1
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•8 views

Google Chrome Code Execution Vulnerability (CNVD-2026-17908)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that can be exploited by an attacker to execute arbitrary code in a sandbox via specially crafted HTML pages...

8.8CVSS6.6AI score0.0034EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•9 views

IBM Aspera Shares Encryption Problem Vulnerability (CNVD-2026-16873)

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

7.5CVSS5.7AI score0.00203EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

Linux kernel buffer overflow vulnerability (CNVD-2026-17161)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. The vulnerability stems from a lack of boundary checking of the DEFAULT table in the verifydfa function, which can b...

7.8CVSS6AI score0.00181EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

Discourse cross-site scripting vulnerability (CNVD-2026-17263)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the user and group display names not being HTML escaped in...

5.4CVSS5.7AI score0.00167EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•8 views

Google Chrome GPU Heap Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from the GPU heap failing to properly validate the length size of input data, which can be exploited by an attacker...

8.8CVSS6.4AI score0.0045EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•8 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17250)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has an information leakage vulnerability , the vulnerability stems from the discourse-subscriptions plugin leaks stripe API key...

5.3CVSS5.6AI score0.00175EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•4 views

Cisco Integrated Management Controller command injection vulnerability

The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as starting, stopping, and restarting servers. The Cisco IMC has a...

6.5CVSS6.8AI score0.00719EPSS
Exploits0
Total number of security vulnerabilities131179