131179 matches found
Google Chrome Security Bypass Vulnerability (CNVD-2026-16149)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass navigation restrictions via specially crafted HTML pages...
Google Chrome Security Bypass Vulnerability (CNVD-2026-16148)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to disclose cross-domain data via specially crafted HTML pages...
Google Chrome Security Bypass Vulnerability (CNVD-2026-15396)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused due to insufficient policy enforcement in PDF. An attacker can exploit the vulnerability to bypass security restrictions...
Google Chrome Information Disclosure Vulnerability (CNVD-2026-16150)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability that can be exploited by attackers to disclose cross-domain data via specially crafted HTML pages...
Microsoft Office Code Execution Vulnerability (CNVD-2026-16159)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...
Google Chrome Security Bypass Vulnerability (CNVD-2026-15408)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome due to insufficient policy enforcement in DevTools, which can be exploited by attackers to bypass security restrictions...
Google Chrome Security Bypass Vulnerability (CNVD-2026-15398)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability caused by insufficient policy enforcement in DevTools, which can be exploited by an attacker to bypass navigation restrictions via specially crafted HTML pages...
Google Chrome Security Bypass Vulnerability (CNVD-2026-15411)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability caused by an incorrect security UI in PictureInPicture, which can be exploited by an attacker to perform UI spoofing via specially crafted HTML pages...
Google Chrome Security Bypass Vulnerability (CNVD-2026-15409)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which is caused due to insufficient policy enforcement in PDF, and can be exploited by attackers to bypass security restrictions...
Google Chrome Security Bypass Vulnerability (CNVD-2026-15410)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused by insufficient policy enforcement in the Extensions program. An attacker can exploit the vulnerability to conduct UI spoofing via a specially crafted Chrome...
Unspecified vulnerability in Discourse (CNVD-2026-17482)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has a security vulnerability that can be exploited by an attacker to cause a legitimate Discourse authorization page to display...
Discourse Information Disclosure Vulnerability (CNVD-2026-17272)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from a post edit management report disclosing the first 40...
OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14835)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that stems from the system accepting variable sender display names instead of forcing an ID-only match. An attacker could use this vulnerability to bypass...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-15060)
OpenClaw is an automation tool for executing system commands. A security vulnerability exists in versions of OpenClaw prior to 2026.2.22, which stems from a flaw in the security configuration of the sort tool after it is manually added to the tools.exec.safeBins configuration. An attacker can...
OpenClaw Metadata Spoofing Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a metadata forgery vulnerability that stems from client-submitted reconnect platform and device family fields not being bound to a device authentication signature. An attacker could use this...
OpenClaw Backlink Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to cause arbitrary file overwrites...
OpenClaw code issue vulnerability (CNVD-2026-14860)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that can be exploited by an attacker to bypass the allow list check and execute a trojan binary...
OpenClaw Denial of Service Vulnerability (CNVD-2026-14825)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that stems from its BlueBubbles and Google Chat webhook handlers parsing request bodies before performing authentication and signature verification. An attacker could...
OpenClaw Authorization Bypass Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that can be exploited by an attacker to attack inherited elevated tool privileges via identifier conflict...
OpenClaw Authentication Bypass Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw there is an authentication bypass vulnerability , the vulnerability stems from the gateway authentication there is a path normalization mismatch problem , an attacker can use the vulnerability to bypass...
OpenClaw Authentication Strengthening Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication hardening vulnerability that is due to an authentication hardening vulnerability in the browser-sourced WebSocket client in a loopback deployment. An attacker can exploit the...
OpenClaw backlink vulnerability (CNVD-2026-14861)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read and write files outside the agent's workspace, which in turn can be used to execute code via a file overwrite attack...
OpenClaw OS Command Injection Vulnerability
OpenClaw is an automation tool for executing system commands. A security vulnerability exists in the system.run function in versions of OpenClaw prior to 2026.2.22, which stems from not effectively filtering environment variables such as SHELLOPTS and PS4. An attacker can exploit this vulnerabili...
OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14837)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that stems from the system incorrectly treating DM paired stored identities as group allowlist identities when dmPolicy is set to pairing and groupPolicy is set to...
OpenClaw path traversal vulnerability (CNVD-2026-14856)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to bypass group message access control...
OpenClaw Backlink Vulnerability (CNVD-2026-14858)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read arbitrary files outside the boundaries of the configuration workspace...
OpenClaw has an unspecified vulnerability (CNVD-2026-14834)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from not enforcing dmPolicy and allowFrom authorization checks on Discord direct message response notifications, which can be exploited by an attacker to bypass DM...
OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-14827)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Data Forgery Issue vulnerability that stems from improperly parsing the X-Forwarded-For header value, which can be exploited by an attacker to spoof a client's IP address and influence security...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-15059)
OpenClaw is an automation tool for executing system commands. An authentication bypass vulnerability exists in versions prior to OpenClaw 2026.2.21 that stems from the system failing to enforce secure authentication when the allowInsecureAuth setting is explicitly enabled and the gateway is expos...
OpenClaw Information Disclosure Vulnerability (CNVD-2026-14826)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that stems from the failure of a sandbox mirroring tool to enforce the tools.fs.workspaceOnly restriction on mounted sandbox paths, which can be exploited by an...
OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14841)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that is due to an authorization bypass vulnerability in the WebSocket connection path. An attacker can exploit the vulnerability to perform administrator-only...
OpenClaw path traversal vulnerability (CNVD-2026-14850)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that stems from the function accepting an arbitrary absolute path when the iMessage remote attachment fetch function is enabled. An attacker could use this vulnerability ...
OpenClaw path traversal vulnerability (CNVD-2026-14857)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Path Validation Improperity vulnerability, which is caused by an incorrect path validation flaw in sandboxed media handling. An attacker can exploit the vulnerability to traverse a directory on a...
Unspecified vulnerability in Discourse (CNVD-2026-17483)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a user with tag editing privileges being able to edit and create synonyms...
OpenClaw backlink vulnerability (CNVD-2026-14859)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability, which is caused by a flaw in the static file handler following a symbolic link. An attacker can exploit the vulnerability to read arbitrary files outside the root directory...
OpenClaw has an unspecified vulnerability (CNVD-2026-14832)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that is caused by failing to pass the senderIsOwner flag when processing Discord voice transcription in agentCommand. An attacker could exploit the vulnerability to cause a voi...
Discourse Information Disclosure Vulnerability (CNVD-2026-17477)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the /private-posts endpoint not applying post type...
Discourse Information Disclosure Vulnerability (CNVD-2026-17271)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that originates when the ipaddress of a tagged user is exposed to any user...
Unspecified vulnerability in Discourse (CNVD-2026-17480)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from improper privilege authentication, which can be exploited by an attacker ...
Unspecified vulnerability in Discourse (CNVD-2026-17481)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability due to an overly broad authorization check on the deleted post index endpoint, which can ...
OpenClaw has an unspecified vulnerability (CNVD-2026-14830)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from not consistently applying sender policy checks to reaction and pin non-message events, which can be exploited by an attacker to cause the injection of...
Discourse Information Disclosure Vulnerability (CNVD-2026-17478)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that originates from the disclosure of a user's hidden profile information...
OpenClaw has an unspecified vulnerability (CNVD-2026-14828)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from a standard input-only policy bypass issue in the grep tool in tools.exec.safeBins, which can be exploited by an attacker to read arbitrary files...
Discourse Information Disclosure Vulnerability (CNVD-2026-17479)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from insufficient authorization checks on user-operated...
OpenClaw Authentication Bypass Vulnerability (CNVD-2026-14840)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability that originates from allowing clients authenticated with a shared gateway token to connect as a role=node without device authentication. An attacker could use thi...
OpenClaw Authentication Bypass Vulnerability (CNVD-2026-14839)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability caused by a /api/channels route classification flaw due to a mismatch in the depth of normalization between authentication path classification and route path...
OpenClaw path traversal vulnerability (CNVD-2026-14848)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read files outside of the workspace...
OpenClaw has an unspecified vulnerability (CNVD-2026-14838)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to enforce sender authorization checks on interactive callbacks in shared workspace deployments, which can be exploited by an attacker to cause...
OpenClaw has an unspecified vulnerability (CNVD-2026-14829)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from an allowable list bypass issue with the exec safeBins policy, which can be exploited by an attacker to write to arbitrary files using a short option payload...
OpenClaw Access Control Error Vulnerability (CNVD-2026-14842)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that is caused by a failure to properly handle authentication boot errors during startup. An attacker can exploit the vulnerability to cause a local process or...