Dell ThinOS 10 Command Injection Vulnerability

Dell ThinOS 10 is an operating system from the American company Dell Dell. A command injection vulnerability exists in versions prior to Dell ThinOS 10 260210.0573. The vulnerability stems from improper neutralization of special elements in commands and can be exploited by an attacker to achieve...

WordPress Plugin Avada Core Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Avada Core, which stems fro...

IBM Aspera Console Denial of Service Vulnerability (CNVD-2026-19449)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

OpenClaw Information Disclosure Vulnerability (CNVD-2026-14389)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability, the vulnerability stems from the component File Existence Handler's function tools.exec.safeBins for the protection of sensitive information is insufficient, an attacker can...

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability (CNVD-2026-17493)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based for Android, which can be exploited by attackers to perform spoofing attacks...

IBM Aspera Console Denial of Service Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

ImageMagick Buffer Overflow Vulnerability (CNVD-2026-16617)

ImageMagick is ImageMagick open source set of open source image processing software. Can read, convert or write images in a variety of formats. ImageMagick suffers from a buffer overflow vulnerability that originates beyond the end of the write stack buffer when a memory allocation failure occurs...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15158)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has an information disclosure vulnerability that stems...

Unspecified Vulnerability in HCL AION (CNVD-2026-15149)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause the use of an unauthenticated or tampered image, triggering security risks such as integrity breaches or unexpected system behavior...

Apache Spark Deserialization Vulnerability

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...

Zephyr Buffer Overflow Vulnerability

Zephyr is Zephyr open source a scalable real-time operating system RTOS. Zephyr suffers from a buffer overflow vulnerability. The vulnerability stems from ATAES132A response parsing that fails to properly validate the length size of input data, which can be exploited by an attacker to cause kerne...

Unspecified vulnerability in AnythingLLM (CNVD-2026-17191)

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from two common system preferences endpoints that allow administrator role access, which can be exploited by an attacker to cause the administrator to read plaintext...

Unspecified Vulnerability in AnythingLLM

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from a suspended user not being blocked on the browser extension API key path in multi-user mode, which can be exploited by an attacker to cause the suspended user to...

AnythingLLM Code Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...

WordPress Plugin Classified Listing Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Classified Listing, whic...

WordPress Plugin NextScripts: Social Networks Auto-Poster Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin NextScripts: Social Network...

OpenClaw Remote Code Execution Vulnerability (CNVD-2026-14393)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary code...

SAP Business One Job Service Cross-Site Scripting Vulnerability

SAP Business One Job Service is a service component of SAP's Enterprise Resource Planning ERP system for scheduling and executing tasks in the background. A cross-site scripting vulnerability exists in SAP Business One Job Service. The vulnerability stems from the lack of effective filtering and...

Huawei HarmonyOS Resource Scheduling Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS resource scheduling module, which can be exploited by an attacker to compromise integrity...

OpenClaw Directory Traversal Vulnerability (CNVD-2026-14394)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that stems from the sandbox skill image failing to properly filter special elements in the path of a resource or file, which can be exploited by an attacker to cause a file t...

Fortinet FortiWeb OS Command Injection Vulnerability (CNVD-2026-14602)

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

OpenClaw Directory Traversal Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a directory traversal vulnerability that can be exploited by an attacker to cause data to be written to an arbitrary location on the host file system...

Huawei EMUI and Huawei HarmonyOS email app improper checksum vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A checksum misuse vulnerability exists in the Huawei EMUI and Huawei HarmonyOS email applications, which can be...

OpenAkita Operating System Command Injection Vulnerability

OpenAkita is a multi-platform, multi-intelligence collaborative AI assistant. An operating system command injection vulnerability exists in OpenAkita 1.24.3 and earlier versions. The vulnerability stems from the component Chat API Endpoint in the file src/openakita/tools/shell.py function run...

WordPress plugin Greenshift - animation and page builder blocks information disclosure vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Greenshift - animation a...

WordPress Plugin WP Booking System Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Booking System, which...

Google Chrome WebView Resource Management Error Vulnerability

Google Chrome is a free web browser developed by Google Inc. A security vulnerability exists in Google Chrome WebView that originates from re-referencing or using freed memory, which can be exploited by remote attackers to execute arbitrary code...

Google Chrome WebMCP Resource Management Error Vulnerability

Google Chrome is a free web browser developed by Google Inc. A security vulnerability exists in Google Chrome WebMCP, which originates from re-referencing or using freed memory, and can be exploited by remote attackers to execute arbitrary code...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-14408)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute code...

Google Chrome Extensions Resource Management Error Vulnerability (CNVD-2026-14595)

Google Chrome is a free web browser developed by Google Inc. A security vulnerability exists in Google Chrome Extensions, which originates from re-referencing or using freed memory and can be exploited by remote attackers to execute arbitrary code...

Adobe Illustrator Stack Buffer Overflow Vulnerability (CNVD-2026-14501)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator suffers from a stack buffer overflow vulnerability vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to...

Adobe Commerce License Issue Vulnerability (CNVD-2026-15170)

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. Adobe Commerce has an authorization issue vulnerability that can be exploited by an attacker to bypass security measures and gain limited...

Adobe Commerce License Issues Vulnerability (CNVD-2026-15168)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an authorization issue vulnerability that could be exploited by an attacker to bypass security measures and have a limited impact on...

Google Chrome Web Speech Out-of-Bounds Read Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome Web Speech suffers from an out-of-bounds read vulnerability that originates from out-of-bounds reading of memory buffer data, which can be exploited by remote attackers to execute arbitrary code...

Google Chrome WebMIDI Memory Misreference Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome WebMIDI suffers from a use-after-free vulnerability that originates from re-referencing or using freed memory, which can be exploited by remote attackers to execute arbitrary code...

Google Chrome MediaStream Memory Misreference Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome MediaStream suffers from a use-after-free vulnerability that originates from re-referencing or using freed memory, which can be exploited by remote attackers to execute arbitrary code...

StudioCMS License Issues Vulnerabilities

StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an authorization issue vulnerability that stems from improper access control in the password reset token generation endpoint, which can be exploited by an attacker to cause an administrator to take over a...

Google Chrome Agents Resource Management Error Vulnerability

Google Chrome is a free web browser developed by Google Inc. A security vulnerability exists in Google Chrome Agents, which originates from re-referencing or using freed memory and can be exploited by remote attackers to execute arbitrary code...

Adobe Commerce Improper Authorization Vulnerability

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. An improper authorization vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a security feature bypass...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2026-16582)

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input. An attacker could...

Adobe Commerce Server-Side Request Forgery Vulnerability

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a server-side request forgery vulnerability that can be exploited by an attacker to read arbitrary file systems...

Adobe Commerce Input Validation Error Vulnerability (CNVD-2026-16588)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. An input validation error vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a denial of service in the application...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-16153)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute code...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-16156)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute code...

Microsoft Office Code Execution Vulnerability (CNVD-2026-16160)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Dell Alienware Command Center Access Control Error Vulnerability

Dell Alienware Command Center is a package manager from Dell USA. An access control error vulnerability exists in Dell Alienware Command Center versions prior to 6.12.24.0. The vulnerability stems from improper access control and can be exploited by an attacker to cause a denial of service...

Siemens SICAM SIAPP SDK Path Traversal Vulnerability

Siemens SICAM SIAPP SDK is a software development kit from Siemens, Germany. A path traversal vulnerability exists in the Siemens SICAM SIAPP SDK that originates from performing file deletion without properly validating the file path or destination, which can be exploited by an attacker to cause ...

Siemens SICAM SIAPP SDK Out-of-Bounds Write Vulnerability

Siemens SICAM SIAPP SDK is a software development kit from Siemens, Germany. The Siemens SICAM SIAPP SDK contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service or execute arbitrary code...

Siemens SICAM SIAPP SDK Command Execution Vulnerability

Siemens SICAM SIAPP SDK is a software development kit from Siemens, Germany. The Siemens SICAM SIAPP SDK suffers from a command execution vulnerability that can be exploited by attackers to cause command injection and full system cracking...

Siemens SICAM SIAPP SDK Stack Buffer Overflow Vulnerability

Siemens SICAM SIAPP SDK is a software development kit from Siemens, Germany. The Siemens SICAM SIAPP SDK suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause a stack overflow, which can be exploited for code execution and denial of service...