131179 matches found
OpenClaw has an unspecified vulnerability (CNVD-2026-17897)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to cause unauthorized senders to bypass authorization checks...
Google Chrome Web MIDI Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the Web MIDI component. An attacker coul...
Discourse Information Disclosure Vulnerability (CNVD-2026-17257)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . An information disclosure vulnerability exists in Discourse, which can be exploited by attackers to cause sensitive operational data to b...
Discourse Input Validation Error Vulnerability (CNVD-2026-17260)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an input validation error vulnerability that originates when the enter operation in StaticController reads the...
OpenClaw has an unspecified vulnerability (CNVD-2026-17487)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute native code after an operator approves misleading command text...
IBM Storage Protect Server SQL Injection Vulnerability
IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...
Google Chrome WebGL Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the WebGL component. An attacker can...
OpenClaw has an unspecified vulnerability (CNVD-2026-19641)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from automatically discovering and loading plugins from .OpenClaw/extensions/ without explicit trust validation, which can be exploited by an attacker to cause arbitrar...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-19447)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from an uncleared remote attachment path in the iMessage attachment staging process that contains shell metacharacters and i...
OpenClaw Sandbox Bypass Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox bypass vulnerability that can be exploited by an attacker to read arbitrary local files using mediaUrl and fileUrl alias parameters that bypass localRoots validation...
Google Chrome PDF Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the PDF component responsible for freeing memory. An attacker could...
OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-16689)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a data forgery issue vulnerability that can be exploited by an attacker to inject forged Feishu events and trigger execution by downstream tools...
Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability
Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability caused by incorrect boundary checking when parsing an incorrectly formatted .par file, which can be exploited by an attacker to execute...
OpenClaw has an unspecified vulnerability (CNVD-2026-16686)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a local user to read the contents of a record containing sensitive information...
Fleet Denial of Service Vulnerability (CNVD-2026-16892)
Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. A denial of service vulnerability exists in Fleet versions prior to...
OpenUI Cross-Site Scripting Vulnerability
OpenUI is an open source UI program. A cross-site scripting vulnerability exists in OpenUI 1.0 and earlier versions. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the file frontend/public/annotator/index.html, which can be exploited by an...
Adobe Substance3D Stager Resource Management Error Vulnerability (CNVD-2026-16826)
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager. The vulnerability stems from a mix-up in the instructions responsible for freeing memory, which can be exploited by attacker...
TOTOLINK A3600R setNoticeCfg function command injection vulnerability
TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A3600R version 4.1.2cu.5182B20201102. The vulnerability stems from the failure of the function setNoticeCfg in the file /cgi-bin/cstecgi.cgi in the...
Fleet Access Control Error Vulnerability (CNVD-2026-16814)
Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...
OpenClaw Input Validation Error Vulnerability (CNVD-2026-16690)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...
Xenforo Authorization Issues Vulnerability (CNVD-2026-16832)
Xenforo is a forum software from Xenforo. XenForo suffers from an authorization issue vulnerability that originates from affecting Passkeys that have been added to a user's account, which can be exploited by an attacker to bypass the authentication process and take over the account of another web...
Fleet OS Command Injection Vulnerability
Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An operating system command injection vulnerability exists in Fleet...
Tenda AC7 SetSysTimeCfg File Buffer Overflow Vulnerability
Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the parameter Time in the file /goform/SetSysTimeCfg that fails to properly validate the length and size of the input data, which can...
Tenda AC6 goform/QuickIndex file buffer overflow vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.05.16. The vulnerability stems from the parameter PPPOEPassword in the file /goform/QuickIndex that fails to properly validate the length and size of the input data...
OpenClaw Authorization Bypass Vulnerability (CNVD-2026-16685)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that can be exploited by an attacker to access administrator-specific session reset logic to reset the state of a target session...
OpenClaw has an unspecified vulnerability (CNVD-2026-16691)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the direct embedding of long-term shared gateway credentials in the pairing setup code, which can be exploited by an attacker to recover and reuse credentials v...
OpenClaw has an unspecified vulnerability (CNVD-2026-16694)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated operator with only operator.write privileges to access the administrator-specific browser profile management rout...
OpenClaw has an unspecified vulnerability (CNVD-2026-16696)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause non-whitelisted guild members to trigger reactive events and inject reactive text into downstream session environments...
Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-16993)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...
OpenClaw Access Control Error Vulnerability (CNVD-2026-16623)
OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the gateway proxy RPC interface failing to effectively restrict the spawnedBy and workspaceDir parameters when verifying permissions. The vulnerability...
OpenClaw License Issue Vulnerability (CNVD-2026-16679)
OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11 that stems from insufficient authorization checking of subagent control requests, resulting in a leaf child agent being able to access the subagent control plane and...
Memory Corruption Vulnerability in Multiple Mozilla Products (CNVD-2026-16994)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory corruption vulnerability exists in multiple Mozilla products,...
Apache ActiveMQ Broker Jolokia MBeans Remote Code Execution Vulnerability
Apache ActiveMQ Broker is an open source message broker and integration pattern server . A security vulnerability exists in Apache ActiveMQ Broker. The vulnerability stems from the Jolokia JMX-HTTP bridge default policy that allows exec operations on MBeans, which can be exploited by an attacker ...
OpenClaw Authorization Problem Vulnerability (CNVD-2026-16622)
OpenClaw is a command line tool for rights management. An improper access control vulnerability exists in OpenClaw versions prior to 2026.3.12, which stems from a lack of owner-level permission checking in the /config and /debug command handlers. An attacker can use this vulnerability to read or...
Totolink A3300R Command Injection Vulnerability
The Totolink A3300R is a wireless router from Totolink. A command injection vulnerability exists in Totolink A3300R version 17.0.0cu.557b20221024, which originates from improper handling of the pptpPassThru parameter by the setVpnPassCfg function in the /cgi-bin/cstecgi.cgi file in the component...
OpenClaw Authorization Problem Vulnerability (CNVD-2026-16621)
OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11, which stems from the failure of the system.run approval function to properly bind variable file operands for specific script runners such as tsx, jiti, and others. An...
OpenClaw has an unspecified vulnerability (CNVD-2026-16695)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to bypass groupAllowFrom and requireMention protections in group chats...
OpenClaw Resource Management Error Vulnerability (CNVD-2026-16893)
OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.13 that stems from the software reading and caching Webhook request bodies before validating the x-telegram-bot-api-secret-token request header. An attacker could use thi...
OpenClaw Input Validation Error Vulnerability
OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the matchesExecAllowlistPattern function performing lowercase conversions and wildcard matching on POSIX paths when normalizing patterns, resulting in a...
Totolink A3300R Command Injection Vulnerability (CNVD-2026-16680)
Totolink A3300R is a wireless router product from Totolink. A command injection vulnerability exists in the Totolink A3300R version 17.0.0cu.557b20221024, which stems from improper handling of the qosupbw parameter in the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file in its parameter...
Mozilla Firefox and Mozilla Thunderbird Buffer Overflow Vulnerability (CNVD-2026-16992)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...
OpenClaw Access Control Error Vulnerability (CNVD-2026-16624)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in versions prior to OpenClaw 2026.3.12 that stems from a weak authorization issue in the Zalouser whitelisting schema that matches variable group display names instead of stable group...
OpenClaw has an unspecified vulnerability (CNVD-2026-16697)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause a sandboxed agent to access the state of a parent or sibling session to read or modify session data outside the scope of the sandb...
OpenClaw has an unspecified vulnerability (CNVD-2026-16698)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an attacker with operator.pairing privileges to cast tokens with broader privileges to obtain an operator.admin token and execute...
OpenClaw has an unspecified vulnerability (CNVD-2026-16699)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to rebind the tool root path between validation and final write...
IBM Aspera Shares Stored Cross-Site Scripting Vulnerability
IBM Aspera Shares is an enterprise-class file sharing and collaboration platform that provides a Web user interface and content management capabilities. A stored cross-site scripting vulnerability exists in IBM Aspera Shares. The vulnerability occurs due to a failure of the system to effectively...
Endian Firewall remark parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dhcp/fixedleases/, and can be exploited by an attacker to...
Endian Firewall name parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall name parameter, which stems from improper cleanup of the name parameter input in /manage/qos/classes/, and can be exploited by an attacker to inject malicious...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18411)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/dnat.cgi, and can be exploited by an attacker to inject malicious JavaScri...
Endian Firewall remark parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which originates from improperly cleaning up the input of the remark parameter in /cgi-bin/routing.cgi, and can be exploited by an attacker to...