OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14841)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that is due to an authorization bypass vulnerability in the WebSocket connection path. An attacker can exploit the vulnerability to perform administrator-only...

OpenClaw has an unspecified vulnerability (CNVD-2026-14838)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to enforce sender authorization checks on interactive callbacks in shared workspace deployments, which can be exploited by an attacker to cause...

OpenClaw Denial of Service Vulnerability (CNVD-2026-14825)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that stems from its BlueBubbles and Google Chat webhook handlers parsing request bodies before performing authentication and signature verification. An attacker could...

Unspecified vulnerability in Discourse (CNVD-2026-17480)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from improper privilege authentication, which can be exploited by an attacker ...

OpenClaw has an unspecified vulnerability (CNVD-2026-14834)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from not enforcing dmPolicy and allowFrom authorization checks on Discord direct message response notifications, which can be exploited by an attacker to bypass DM...

Discourse Information Disclosure Vulnerability (CNVD-2026-17477)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the /private-posts endpoint not applying post type...

OpenClaw code issue vulnerability (CNVD-2026-14860)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that can be exploited by an attacker to bypass the allow list check and execute a trojan binary...

Unspecified vulnerability in Discourse (CNVD-2026-17483)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a user with tag editing privileges being able to edit and create synonyms...

Discourse Information Disclosure Vulnerability (CNVD-2026-17478)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that originates from the disclosure of a user's hidden profile information...

Discourse Information Disclosure Vulnerability (CNVD-2026-17479)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from insufficient authorization checks on user-operated...

Unspecified vulnerability in Discourse (CNVD-2026-17482)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has a security vulnerability that can be exploited by an attacker to cause a legitimate Discourse authorization page to display...

Discourse Information Disclosure Vulnerability (CNVD-2026-17272)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from a post edit management report disclosing the first 40...

Discourse Information Disclosure Vulnerability (CNVD-2026-17271)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that originates when the ipaddress of a tagged user is exposed to any user...

OpenClaw Metadata Spoofing Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a metadata forgery vulnerability that stems from client-submitted reconnect platform and device family fields not being bound to a device authentication signature. An attacker could use this...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-15060)

OpenClaw is an automation tool for executing system commands. A security vulnerability exists in versions of OpenClaw prior to 2026.2.22, which stems from a flaw in the security configuration of the sort tool after it is manually added to the tools.exec.safeBins configuration. An attacker can...

OpenClaw path traversal vulnerability (CNVD-2026-14856)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to bypass group message access control...

OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-14827)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Data Forgery Issue vulnerability that stems from improperly parsing the X-Forwarded-For header value, which can be exploited by an attacker to spoof a client's IP address and influence security...

OpenClaw code issue vulnerability (CNVD-2026-14849)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that is caused by an arbitrary shell execution flaw in the shell environment fallback. An attacker can exploit the vulnerability to execute arbitrary commands on the system...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-15059)

OpenClaw is an automation tool for executing system commands. An authentication bypass vulnerability exists in versions prior to OpenClaw 2026.2.21 that stems from the system failing to enforce secure authentication when the allowInsecureAuth setting is explicitly enabled and the gateway is expos...

OpenClaw has an unspecified vulnerability (CNVD-2026-14830)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from not consistently applying sender policy checks to reaction and pin non-message events, which can be exploited by an attacker to cause the injection of...

Unspecified vulnerability in Discourse (CNVD-2026-17481)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability due to an overly broad authorization check on the deleted post index endpoint, which can ...

Google Chrome memory misreference vulnerability (CNVD-2026-16151)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that can be exploited by attackers to cause heap corruption...

Google Chrome heap buffer overflow vulnerability (CNVD-2026-19448)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause heap corruption...

StudioCMS Information Disclosure Vulnerability

StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an information disclosure vulnerability that stems from the use of an attacker-controlled rank query parameter in the REST API getUsers endpoint, which can be exploited by an attacker to cause an administrator...

WordPress Plugin Calculated Fields Form Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Calculated Fields Form, whi...

WordPress Plugin Astra Bulk Edit Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Astra Bulk Edit, which stem...

OpenClaw Access Control Error Vulnerability (CNVD-2026-14390)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from a browser-initiated WebSocket connection that can bypass origin authentication under certain configurations, which can be exploited by an attacker ...

Apache Livy Input Validation Error Vulnerability

Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...

WordPress Plugin WpEvently Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WpEvently has an information disclosure vulnerability that can be exploited by...

Belkin F9K1122 Stack Buffer Overflow Vulnerability (CNVD-2026-14686)

The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a stack buffer overflow vulnerability, which originates from a misbehavior of the webpage parameter of the function formReboot in the file /goform/formReboot, that can be exploited by an attacker to execute arbitrary co...

WordPress Plugin wpDiscuz Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin wpDiscuz, which stems fr...

TRENDnet TEW-632BRP Buffer Overflow Vulnerability

The TRENDnet TEW-632BRP is a wireless router from TRENDnet. A buffer overflow vulnerability exists in the TRENDnet TEW-632BRP. The vulnerability is caused due to a lack of bounds checking in the user-controlled pingipadder parameter in the HTTP POST request handler of the /pingresponse.cgi...

HCL AION Security Bypass Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security bypass vulnerability that is caused by a container base image not being properly authenticated. An attacker can exploit the vulnerability to cause the use of an untrusted container image...

Unspecified Vulnerability in HCL AION (CNVD-2026-15153)

HCL AION is an AI lifecycle management platform. HCL AION suffers from a security vulnerability that originates from an internal file system path being exposed via an application response, which can be exploited by an attacker to cause information disclosure...

Unspecified Vulnerability in HCL AION (CNVD-2026-15151)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by attackers to affect the traceability of user activities...

Unspecified Vulnerability in HCL AION (CNVD-2026-15150)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause the use of unvalidated or modified model artifacts...

Unspecified Vulnerability in HCL AION (CNVD-2026-15148)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from untrusted file parsing operations not being performed in an isolated sandboxed environment, which can be exploited by an attacker to cause unexpected behavior when...

Unspecified Vulnerability in HCL AION (CNVD-2026-15147)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a lack of validation or restriction on SQL query execution, which can be exploited by an attacker to cause unexpected database interactions or information leakage...

HCL AION SQL Injection Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15159)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

Apache Airflow Security Bypass Vulnerability (CNVD-2026-15157)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from a security bypass vulnerability that stems...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15156)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has an information disclosure vulnerability that stems...

HCL AION SQL Injection Vulnerability (CNVD-2026-15146)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from a misconfiguration that may allow execution of harmful SQL queries, which can be exploited by an attacker to cause unexpected database interactions or limited...

WordPress Plugin Active Products Tables for WooCommerce Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Active Products Tables for WooCommerce has a cross-site scripting vulnerabilit...

Open5GS Denial of Service Vulnerability (CNVD-2026-14249)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.7.6 and earlier. The vulnerability stems from the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of t...

HCL AION Information Disclosure Vulnerability (CNVD-2026-15145)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that stems from the predictability of certain identifiers, which can be exploited by an attacker to cause the attacker to infer or guess system-generated values, triggerin...

HCL AION Denial of Service Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a denial of service vulnerability that stems from improper handling of upload size limits, which can be exploited by an attacker to cause excessive resource consumption or denial of service...

AnythingLLM SQL Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM SQL injection vulnerability , the vulnerability stems from the built-in SQL proxy plug-in getTableSchemaSql method of the tablename parameter lack of validation of external input SQL statements , an attacker can use...

Unspecified Vulnerability in WordPress Plugin Atarim

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Atarim, which can be exploited by an...

IBM Aspera Console Information Disclosure Vulnerability (CNVD-2026-17491)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. An information disclosure vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to enumera...