Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/04/10 12:0 a.m.•8 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17897)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to cause unauthorized senders to bypass authorization checks...

4.3CVSS5.3AI score0.00267EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•7 views

Google Chrome Web MIDI Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the Web MIDI component. An attacker coul...

8.8CVSS6.2AI score0.00407EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•7 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17257)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . An information disclosure vulnerability exists in Discourse, which can be exploited by attackers to cause sensitive operational data to b...

6.5CVSS5.7AI score0.00234EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•7 views

Discourse Input Validation Error Vulnerability (CNVD-2026-17260)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an input validation error vulnerability that originates when the enter operation in StaticController reads the...

6.1CVSS5.7AI score0.00193EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•6 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17487)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute native code after an operator approves misleading command text...

8CVSS5.9AI score0.00272EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•11 views

IBM Storage Protect Server SQL Injection Vulnerability

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

8.8CVSS5.8AI score0.00253EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

Google Chrome WebGL Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the WebGL component. An attacker can...

8.8CVSS6.1AI score0.00403EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•10 views

OpenClaw has an unspecified vulnerability (CNVD-2026-19641)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from automatically discovering and loading plugins from .OpenClaw/extensions/ without explicit trust validation, which can be exploited by an attacker to cause arbitrar...

8.8CVSS6.1AI score0.00331EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•11 views

OpenClaw OS Command Injection Vulnerability (CNVD-2026-19447)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from an uncleared remote attachment path in the iMessage attachment staging process that contains shell metacharacters and i...

9.8CVSS5.8AI score0.01973EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•23 views

OpenClaw Sandbox Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox bypass vulnerability that can be exploited by an attacker to read arbitrary local files using mediaUrl and fileUrl alias parameters that bypass localRoots validation...

8.6CVSS5.5AI score0.00555EPSS
Exploits0
CNVD
CNVD
•added 2026/04/10 12:0 a.m.•5 views

Google Chrome PDF Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the PDF component responsible for freeing memory. An attacker could...

8.8CVSS6.1AI score0.00417EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•5 views

OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-16689)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a data forgery issue vulnerability that can be exploited by an attacker to inject forged Feishu events and trigger execution by downstream tools...

9.8CVSS5.9AI score0.00247EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•6 views

Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability caused by incorrect boundary checking when parsing an incorrectly formatted .par file, which can be exploited by an attacker to execute...

8.4CVSS8.2AI score0.00339EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•5 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16686)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a local user to read the contents of a record containing sensitive information...

8.4CVSS5.7AI score0.0012EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•3 views

Fleet Denial of Service Vulnerability (CNVD-2026-16892)

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. A denial of service vulnerability exists in Fleet versions prior to...

8.7CVSS5.8AI score0.00434EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•3 views

OpenUI Cross-Site Scripting Vulnerability

OpenUI is an open source UI program. A cross-site scripting vulnerability exists in OpenUI 1.0 and earlier versions. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the file frontend/public/annotator/index.html, which can be exploited by an...

5.1CVSS5.8AI score0.00191EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•2 views

Adobe Substance3D Stager Resource Management Error Vulnerability (CNVD-2026-16826)

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager. The vulnerability stems from a mix-up in the instructions responsible for freeing memory, which can be exploited by attacker...

7.8CVSS6AI score0.0022EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•9 views

TOTOLINK A3600R setNoticeCfg function command injection vulnerability

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A3600R version 4.1.2cu.5182B20201102. The vulnerability stems from the failure of the function setNoticeCfg in the file /cgi-bin/cstecgi.cgi in the...

9.8CVSS6.7AI score0.02234EPSS
Exploits1
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•6 views

Fleet Access Control Error Vulnerability (CNVD-2026-16814)

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...

8.8CVSS5.7AI score0.00315EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•7 views

OpenClaw Input Validation Error Vulnerability (CNVD-2026-16690)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

7.1CVSS5.7AI score0.00239EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•4 views

Xenforo Authorization Issues Vulnerability (CNVD-2026-16832)

Xenforo is a forum software from Xenforo. XenForo suffers from an authorization issue vulnerability that originates from affecting Passkeys that have been added to a user's account, which can be exploited by an attacker to bypass the authentication process and take over the account of another web...

9.8CVSS5.8AI score0.00451EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•5 views

Fleet OS Command Injection Vulnerability

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An operating system command injection vulnerability exists in Fleet...

9.8CVSS6AI score0.01282EPSS
Exploits0
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•11 views

Tenda AC7 SetSysTimeCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the parameter Time in the file /goform/SetSysTimeCfg that fails to properly validate the length and size of the input data, which can...

9CVSS8.1AI score0.00632EPSS
Exploits1
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•5 views

Tenda AC6 goform/QuickIndex file buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.05.16. The vulnerability stems from the parameter PPPOEPassword in the file /goform/QuickIndex that fails to properly validate the length and size of the input data...

9CVSS8.1AI score0.00773EPSS
Exploits1
CNVD
CNVD
•added 2026/04/09 12:0 a.m.•3 views

OpenClaw Authorization Bypass Vulnerability (CNVD-2026-16685)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that can be exploited by an attacker to access administrator-specific session reset logic to reset the state of a target session...

6.9CVSS5.7AI score0.00096EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•4 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16691)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the direct embedding of long-term shared gateway credentials in the pairing setup code, which can be exploited by an attacker to recover and reuse credentials v...

8.6CVSS5.7AI score0.00246EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•4 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16694)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated operator with only operator.write privileges to access the administrator-specific browser profile management rout...

7.1CVSS5.7AI score0.00288EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•5 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16696)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause non-whitelisted guild members to trigger reactive events and inject reactive text into downstream session environments...

5.4CVSS5.7AI score0.00151EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•5 views

Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-16993)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

8.8CVSS6.2AI score0.0035EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•18 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-16623)

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the gateway proxy RPC interface failing to effectively restrict the spawnedBy and workspaceDir parameters when verifying permissions. The vulnerability...

8.8CVSS5.9AI score0.00297EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•3 views

OpenClaw License Issue Vulnerability (CNVD-2026-16679)

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11 that stems from insufficient authorization checking of subagent control requests, resulting in a leaf child agent being able to access the subagent control plane and...

9.3CVSS5.9AI score0.00142EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•12 views

Memory Corruption Vulnerability in Multiple Mozilla Products (CNVD-2026-16994)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory corruption vulnerability exists in multiple Mozilla products,...

9.8CVSS6.2AI score0.0034EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•7 views

Apache ActiveMQ Broker Jolokia MBeans Remote Code Execution Vulnerability

Apache ActiveMQ Broker is an open source message broker and integration pattern server . A security vulnerability exists in Apache ActiveMQ Broker. The vulnerability stems from the Jolokia JMX-HTTP bridge default policy that allows exec operations on MBeans, which can be exploited by an attacker ...

8.8CVSS7.8AI score0.96666EPSS
Exploits13
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•7 views

OpenClaw Authorization Problem Vulnerability (CNVD-2026-16622)

OpenClaw is a command line tool for rights management. An improper access control vulnerability exists in OpenClaw versions prior to 2026.3.12, which stems from a lack of owner-level permission checking in the /config and /debug command handlers. An attacker can use this vulnerability to read or...

8.8CVSS5.8AI score0.00251EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•2 views

Totolink A3300R Command Injection Vulnerability

The Totolink A3300R is a wireless router from Totolink. A command injection vulnerability exists in Totolink A3300R version 17.0.0cu.557b20221024, which originates from improper handling of the pptpPassThru parameter by the setVpnPassCfg function in the /cgi-bin/cstecgi.cgi file in the component...

8.8CVSS6.8AI score0.03674EPSS
Exploits1
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•5 views

OpenClaw Authorization Problem Vulnerability (CNVD-2026-16621)

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11, which stems from the failure of the system.run approval function to properly bind variable file operands for specific script runners such as tsx, jiti, and others. An...

9.4CVSS5.8AI score0.00179EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•2 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16695)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to bypass groupAllowFrom and requireMention protections in group chats...

9.8CVSS5.7AI score0.00309EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•6 views

OpenClaw Resource Management Error Vulnerability (CNVD-2026-16893)

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.13 that stems from the software reading and caching Webhook request bodies before validating the x-telegram-bot-api-secret-token request header. An attacker could use thi...

8.7CVSS5.8AI score0.00531EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•5 views

OpenClaw Input Validation Error Vulnerability

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the matchesExecAllowlistPattern function performing lowercase conversions and wildcard matching on POSIX paths when normalizing patterns, resulting in a...

9.8CVSS5.9AI score0.00406EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•4 views

Totolink A3300R Command Injection Vulnerability (CNVD-2026-16680)

Totolink A3300R is a wireless router product from Totolink. A command injection vulnerability exists in the Totolink A3300R version 17.0.0cu.557b20221024, which stems from improper handling of the qosupbw parameter in the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file in its parameter...

8.8CVSS6.8AI score0.02164EPSS
Exploits1
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•5 views

Mozilla Firefox and Mozilla Thunderbird Buffer Overflow Vulnerability (CNVD-2026-16992)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...

8.8CVSS6.4AI score0.00304EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•8 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-16624)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in versions prior to OpenClaw 2026.3.12 that stems from a weak authorization issue in the Zalouser whitelisting schema that matches variable group display names instead of stable group...

9.8CVSS5.8AI score0.00335EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•8 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16697)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause a sandboxed agent to access the state of a parent or sibling session to read or modify session data outside the scope of the sandb...

9.2CVSS5.7AI score0.00101EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•6 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16698)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an attacker with operator.pairing privileges to cast tokens with broader privileges to obtain an operator.admin token and execute...

9.9CVSS7.7AI score0.0054EPSS
Exploits0
CNVD
CNVD
•added 2026/04/08 12:0 a.m.•5 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16699)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to rebind the tool root path between validation and final write...

6.2CVSS5.7AI score0.00087EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•3 views

IBM Aspera Shares Stored Cross-Site Scripting Vulnerability

IBM Aspera Shares is an enterprise-class file sharing and collaboration platform that provides a Web user interface and content management capabilities. A stored cross-site scripting vulnerability exists in IBM Aspera Shares. The vulnerability occurs due to a failure of the system to effectively...

5.5CVSS5.8AI score0.00193EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•7 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dhcp/fixedleases/, and can be exploited by an attacker to...

6.4CVSS5AI score0.00205EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•3 views

Endian Firewall name parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall name parameter, which stems from improper cleanup of the name parameter input in /manage/qos/classes/, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•6 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18411)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/dnat.cgi, and can be exploited by an attacker to inject malicious JavaScri...

6.4CVSS5AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which originates from improperly cleaning up the input of the remark parameter in /cgi-bin/routing.cgi, and can be exploited by an attacker to...

6.4CVSS5AI score0.00172EPSS
Exploits0
Total number of security vulnerabilities131179