MailEnable SelectedIndex Parameter Cross-Site Scripting Vulnerability

MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable SelectedIndex parameter. The vulnerability stems from improper cleanup of the SelectedIndex parameter of the ManageShares.aspx form in the Webmail interface, which can be exploited b...

Dell Integrated Dell Remote Access Controller Information Disclosure Vulnerability

Dell Integrated Dell Remote Access Controller is an embedded controller for remote management and monitoring of servers from Dell USA. An information disclosure vulnerability exists in Dell Integrated Dell Remote Access Controller. The vulnerability stems from the failure to clear debugging...

Dell Integrated Dell Remote Access Controller Code Execution Vulnerability

Dell Integrated Dell Remote Access Controller is an embedded controller for remote management and monitoring of servers from Dell USA. A code execution vulnerability exists in Dell Integrated Dell Remote Access Controller. The vulnerability stems from the application failing to properly filter...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15854)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

Unspecified Vulnerability in OpenClaw (CVE-2026-32913)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause custom authorization headers to be forwarded during cross-origin redirection, thereby intercepting sensitive information...

OpenClaw Code Execution Vulnerability (CNVD-2026-16047)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code execution vulnerability that can be exploited by an attacker to cause code execution at startup...

Canva Affinity Type Obfuscation Vulnerability

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. A type confusion vulnerability exists in Canva Affinity, which can be exploited by an attacker to cause a specially crafted EMF file to trigger memory corruption and execute arbitrary code...

OpenClaw Sandbox Escape Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox escape vulnerability that can be exploited by an attacker to cause a bypass of sandbox restrictions...

OpenClaw has an unspecified vulnerability (CNVD-2026-16384)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a bypass of the allowed list...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15860)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

OpenClaw Denial of Service Vulnerability (CNVD-2026-16390)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

OpenClaw has an unspecified vulnerability (CNVD-2026-16385)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause reuse of pairing approvals across multiple accounts...

MailEnable Attendees Parameter Cross-Site Scripting Vulnerability

MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable Attendees parameter, which stems from improper cleanup of the Attendees parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...

Google Chrome Out-of-Bounds Read Vulnerability (CNVD-2026-15402)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause an out-of-bounds memory read to be performed via a specially crafted HTML page...

OpenClaw has an unspecified vulnerability (CNVD-2026-16387)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated caller with operator.write scope to invoke the owner-only tool interface...

OpenClaw Path Restriction Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path restriction bypass vulnerability that can be exploited by an attacker to write a file to an arbitrary location...

OpenClaw Security Bypass Vulnerability (CNVD-2026-16045)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security bypass vulnerability that can be exploited by attackers to bypass command gate restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15411)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability caused by an incorrect security UI in PictureInPicture, which can be exploited by an attacker to perform UI spoofing via specially crafted HTML pages...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15399)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from the presence of incorrect security UI in LookalikeChecks, which can be exploited by an attacker to perform UI spoofing via specially crafted HTML pages...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15397)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused by insufficient policy enforcement in ChromeDriver. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15398)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability caused by insufficient policy enforcement in DevTools, which can be exploited by an attacker to bypass navigation restrictions via specially crafted HTML pages...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15396)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused due to insufficient policy enforcement in PDF. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15409)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which is caused due to insufficient policy enforcement in PDF, and can be exploited by attackers to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15408)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome due to insufficient policy enforcement in DevTools, which can be exploited by attackers to bypass security restrictions...

Microsoft Office Code Execution Vulnerability (CNVD-2026-16159)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Google Chrome Security Bypass Vulnerability (CNVD-2026-15410)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused by insufficient policy enforcement in the Extensions program. An attacker can exploit the vulnerability to conduct UI spoofing via a specially crafted Chrome...

Google Chrome Information Disclosure Vulnerability (CNVD-2026-16150)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability that can be exploited by attackers to disclose cross-domain data via specially crafted HTML pages...

Google Chrome Security Bypass Vulnerability (CNVD-2026-16148)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to disclose cross-domain data via specially crafted HTML pages...

Google Chrome Security Bypass Vulnerability (CNVD-2026-16149)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass navigation restrictions via specially crafted HTML pages...

OpenClaw path traversal vulnerability (CNVD-2026-14848)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read files outside of the workspace...

OpenClaw has an unspecified vulnerability (CNVD-2026-14828)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from a standard input-only policy bypass issue in the grep tool in tools.exec.safeBins, which can be exploited by an attacker to read arbitrary files...

OpenClaw OS Command Injection Vulnerability

OpenClaw is an automation tool for executing system commands. A security vulnerability exists in the system.run function in versions of OpenClaw prior to 2026.2.22, which stems from not effectively filtering environment variables such as SHELLOPTS and PS4. An attacker can exploit this vulnerabili...

OpenClaw Backlink Vulnerability (CNVD-2026-14858)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read arbitrary files outside the boundaries of the configuration workspace...

OpenClaw backlink vulnerability (CNVD-2026-14861)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read and write files outside the agent's workspace, which in turn can be used to execute code via a file overwrite attack...

OpenClaw backlink vulnerability (CNVD-2026-14859)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability, which is caused by a flaw in the static file handler following a symbolic link. An attacker can exploit the vulnerability to read arbitrary files outside the root directory...

OpenClaw path traversal vulnerability (CNVD-2026-14857)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Path Validation Improperity vulnerability, which is caused by an incorrect path validation flaw in sandboxed media handling. An attacker can exploit the vulnerability to traverse a directory on a...

OpenClaw path traversal vulnerability (CNVD-2026-14850)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that stems from the function accepting an arbitrary absolute path when the iMessage remote attachment fetch function is enabled. An attacker could use this vulnerability ...

OpenClaw code issue vulnerability (CNVD-2026-14844)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability caused by a path validation bypass flaw in the exec approval distribution list pattern on macOS. An attacker can exploit the vulnerability to execute arbitrary commands on th...

OpenClaw Backlink Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to cause arbitrary file overwrites...

OpenClaw Authentication Strengthening Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication hardening vulnerability that is due to an authentication hardening vulnerability in the browser-sourced WebSocket client in a loopback deployment. An attacker can exploit the...

OpenClaw Access Control Error Vulnerability (CNVD-2026-14842)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that is caused by a failure to properly handle authentication boot errors during startup. An attacker can exploit the vulnerability to cause a local process or...

OpenClaw Authentication Bypass Vulnerability (CNVD-2026-14840)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability that originates from allowing clients authenticated with a shared gateway token to connect as a role=node without device authentication. An attacker could use thi...

OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14835)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that stems from the system accepting variable sender display names instead of forcing an ID-only match. An attacker could use this vulnerability to bypass...

OpenClaw Authentication Bypass Vulnerability (CNVD-2026-14839)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability caused by a /api/channels route classification flaw due to a mismatch in the depth of normalization between authentication path classification and route path...

OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14837)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that stems from the system incorrectly treating DM paired stored identities as group allowlist identities when dmPolicy is set to pairing and groupPolicy is set to...

OpenClaw Authentication Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw there is an authentication bypass vulnerability , the vulnerability stems from the gateway authentication there is a path normalization mismatch problem , an attacker can use the vulnerability to bypass...

OpenClaw Authorization Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that can be exploited by an attacker to attack inherited elevated tool privileges via identifier conflict...

OpenClaw has an unspecified vulnerability (CNVD-2026-14832)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that is caused by failing to pass the senderIsOwner flag when processing Discord voice transcription in agentCommand. An attacker could exploit the vulnerability to cause a voi...

OpenClaw has an unspecified vulnerability (CNVD-2026-14829)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from an allowable list bypass issue with the exec safeBins policy, which can be exploited by an attacker to write to arbitrary files using a short option payload...

OpenClaw Information Disclosure Vulnerability (CNVD-2026-14826)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that stems from the failure of a sandbox mirroring tool to enforce the tools.fs.workspaceOnly restriction on mounted sandbox paths, which can be exploited by an...