131179 matches found
Code execution vulnerability in multiple Mozilla products (CNVD-2026-19983)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products due to...
Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15832)
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC has a security vulnerability that can be exploited by attackers to hijack or impersonate administrator users...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2026-16879)
IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for data quality governance, data integration and master data management. A security vulnerability exists in IBM InfoSphere Information Server that stems from improper validation of HOST header input. An attacke...
Multiple Apple Products Cross-Border Access Vulnerability
Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple iPadOS is an operating system for iPad tablets. An out-of-bounds access vulnerability exists in multiple Apple products, which can be exploited by an attacker to terminate a proce...
Unspecified vulnerability in Apple macOS Tahoe (CNVD-2026-19042)
Apple macOS Tahoe is an operating system from the American company Apple. Apple macOS Tahoe contains a security vulnerability that can be exploited by attackers to cause an application to access protected user data...
Unspecified vulnerability in Apple macOS Tahoe (CNVD-2026-19036)
Apple macOS Tahoe is an operating system from the American company Apple. A security vulnerability exists in Apple macOS Tahoe, which can be exploited by an attacker to cause a document to be written to a temporary file when using Print Preview...
IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16131)
IBM InfoSphere Information Server is IBM's data integration platform for integrating, cleansing, transforming and managing enterprise data. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from the system returning overly detailed error messages. An...
IBM Concert Encryption Problem Vulnerability (CNVD-2026-16134)
IBM Concert is IBM's collaborative application lifecycle management platform. A security vulnerability exists in IBM Concert that originates when the program transmits data in clear text. An attacker could exploit the vulnerability to intercept and obtain sensitive information via man-in-the-midd...
IBM Concert Access Control Error Vulnerability (CNVD-2026-16128)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An Access Control Error vulnerability exists in IBM Concert 2.2.0 and prior versions. The vulnerability stems from a lack of functional-level access...
HCL Aftermarket DPC Input Validation Error Vulnerability
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an input validation error vulnerability that can be exploited by an attacker to inject executable code and perform cross-site scripting, SQL injection, command injectio...
Unspecified vulnerability in Apple macOS Tahoe (CNVD-2026-19043)
Apple macOS Tahoe is an operating system from the American company Apple. Apple macOS Tahoe contains a security vulnerability that can be exploited by attackers to cause an application to bypass Gatekeeper checks...
HCL Aftermarket DPC Cross-Site Scripting Vulnerability
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...
Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15830)
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a security vulnerability that can be exploited by an attacker to obtain system software and version details to carry out software-specific attacks...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-19985)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products due to...
Unspecified vulnerability in HCL Aftermarket DPC (CNVD-2026-15829)
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a security vulnerability that can be exploited by attackers to more easily guess weak passwords or gain unauthorized access to user accounts using brute force technique...
WordPress Plugin Abandoned Cart Recovery for WooCommerce Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Abandoned Cart Recovery for WooCommerce has a cross-site scripting vulnerabili...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2026-17912)
Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is a suite of operating systems developed for mobile devices.Apple iPadOS is a suite of operating systems for the iPad tablet computer. A security vulnerability exists in...
Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15837)
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. A security vulnerability exists in HCL Aftermarket DPC, which can be exploited by an attacker to execute arbitrary commands or inject harmful content based on the way the web application handles split...
Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2026-19990)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An information disclosure vulnerability exists in several Mozilla produc...
Unspecified Vulnerability in HCL Aftermarket DPC
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC has a security vulnerability that can be exploited by an attacker to read sensitive files on the system and use them for further attacks...
Code Issue Vulnerability in Multiple Mozilla Products (CNVD-2026-19982)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code issue vulnerability exists in multiple Mozilla products due to an...
Unspecified Vulnerability in Apple macOS Tahoe (CNVD-2026-19035)
Apple macOS Tahoe is an operating system from the American company Apple. A security vulnerability exists in Apple macOS Tahoe, which stems from a directory path resolution issue that can be exploited by attackers to cause an application to access sensitive user data...
FreeBSD Buffer Overflow Vulnerability (CNVD-2026-16037)
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A buffer overflow vulnerability exists in FreeBSD. The vulnerability stems from the routine to verify packet signatures in the RPCSECGSS implementation of kgssapi.ko not properly verifying data boundaries, which can be...
IBM Concert Code Issue Vulnerability (CNVD-2026-16136)
IBM Concert is IBM's collaborative application lifecycle management platform. An information disclosure vulnerability exists in IBM Concert that stems from the program failing to properly clear buffer resources. An attacker could exploit the vulnerability to access sensitive information in memory...
Unspecified vulnerability in Apple macOS Tahoe (CNVD-2026-19040)
Apple macOS Tahoe is an operating system from the American company Apple. Apple macOS Tahoe contains a security vulnerability that can be exploited by attackers to cause an application to access sensitive user data...
HCL Aftermarket DPC File Upload Vulnerability
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a file upload vulnerability, which stems from the application not strictly verifying or filtering user uploaded files, and can be exploited by an attacker to upload and...
IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16129)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server. The...
Linux kernel memory misreference vulnerability (CNVD-2026-16038)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a mix-up in the instruction responsible for freeing memory. An attacker could explo...
MailEnable Attendees Parameter Cross-Site Scripting Vulnerability
MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable Attendees parameter, which stems from improper cleanup of the Attendees parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...
Dell Integrated Dell Remote Access Controller Code Execution Vulnerability
Dell Integrated Dell Remote Access Controller is an embedded controller for remote management and monitoring of servers from Dell USA. A code execution vulnerability exists in Dell Integrated Dell Remote Access Controller. The vulnerability stems from the application failing to properly filter...
OpenClaw Command Execution Vulnerability (CNVD-2026-16046)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a command execution vulnerability that can be exploited by an attacker to cause an authenticated operator to execute arbitrary parameters...
WordPress Plugin Download Manager Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin Download Manager information disclosure vulnerability, which stems from a...
MailEnable SelectedIndex Parameter Cross-Site Scripting Vulnerability
MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable SelectedIndex parameter. The vulnerability stems from improper cleanup of the SelectedIndex parameter of the ManageShares.aspx form in the Webmail interface, which can be exploited b...
OpenClaw has an unspecified vulnerability (CNVD-2026-16391)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to skip approval requirements...
OpenClaw has an unspecified vulnerability (CNVD-2026-16385)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause reuse of pairing approvals across multiple accounts...
OpenClaw has an unspecified vulnerability (CNVD-2026-16387)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated caller with operator.write scope to invoke the owner-only tool interface...
OpenClaw has an unspecified vulnerability (CNVD-2026-16389)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to bypass SSRF protection...
Unspecified Vulnerability in OpenClaw (CVE-2026-32913)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause custom authorization headers to be forwarded during cross-origin redirection, thereby intercepting sensitive information...
OpenClaw Sandbox Escape Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox escape vulnerability that can be exploited by an attacker to cause a bypass of sandbox restrictions...
OpenClaw Access Control Error Vulnerability (CNVD-2026-16041)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the BlueBubbles webhook handler containing a passwordless fallback authentication path, which can be exploited by an attacker to cause an...
OpenClaw Security Bypass Vulnerability (CNVD-2026-16045)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security bypass vulnerability that can be exploited by attackers to bypass command gate restrictions...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-16043)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from the safeBins configuration failing to properly filter constructed command special characters, commands, etc., which can...
OpenClaw has an unspecified vulnerability (CNVD-2026-16048)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a bypass of token and password requirements...
OpenClaw has an unspecified vulnerability (CNVD-2026-16049)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute arbitrary code without sandbox escape...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-16044)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability is caused by failing to filter the shell startup environment variables HOME and ZDOTDIR in the system.run function. An attacker ca...
OpenClaw Security Bypass Vulnerability (CNVD-2026-16051)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security bypass vulnerability that can be exploited by an attacker to cause a remote attacker to bypass sender authorization checks...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-16050)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...
OpenClaw path traversal vulnerability (CNVD-2026-16057)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to weaken bound source isolation by symbolically linking the parent directory to bypass the allowed root directory and prevent path...
OpenClaw Security Bypass Vulnerability (CNVD-2026-16055)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause bypassing of interactive approval prompts...
OpenClaw Command Execution Vulnerability (CNVD-2026-16054)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a command execution vulnerability that can be exploited by an attacker to bypass expected execution limits...