Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/03/24 12:0 a.m.•3 views

OpenClaw code issue vulnerability (CNVD-2026-14844)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability caused by a path validation bypass flaw in the exec approval distribution list pattern on macOS. An attacker can exploit the vulnerability to execute arbitrary commands on th...

7.8CVSS6.2AI score0.00122EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/24 12:0 a.m.•6 views

OpenClaw code issue vulnerability (CNVD-2026-14849)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that is caused by an arbitrary shell execution flaw in the shell environment fallback. An attacker can exploit the vulnerability to execute arbitrary commands on the system...

7.8CVSS6.4AI score0.00127EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/23 12:0 a.m.•7 views

Google Chrome heap buffer overflow vulnerability (CNVD-2026-19448)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause heap corruption...

8.8CVSS6AI score0.00271EPSS
Exploits0
CNVD
CNVD
•added 2026/03/23 12:0 a.m.•7 views

Google Chrome memory misreference vulnerability (CNVD-2026-16151)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that can be exploited by attackers to cause heap corruption...

8.8CVSS6AI score0.00317EPSS
Exploits0
CNVD
CNVD
•added 2026/03/20 12:0 a.m.•5 views

StudioCMS Information Disclosure Vulnerability

StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an information disclosure vulnerability that stems from the use of an attacker-controlled rank query parameter in the REST API getUsers endpoint, which can be exploited by an attacker to cause an administrator...

2.7CVSS5.3AI score0.00375EPSS
Exploits1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•7 views

WordPress Plugin Active Products Tables for WooCommerce Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Active Products Tables for WooCommerce has a cross-site scripting vulnerabilit...

6.5CVSS5.9AI score0.00129EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•5 views

Unspecified Vulnerability in WordPress Plugin Atarim

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Atarim, which can be exploited by an...

4.3CVSS5.6AI score0.00159EPSS
Exploits0
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•4 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15156)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has an information disclosure vulnerability that stems...

7.5CVSS5.9AI score0.00677EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•9 views

Open5GS Denial of Service Vulnerability (CNVD-2026-14249)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.7.6 and earlier. The vulnerability stems from the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of t...

7.5CVSS5.9AI score0.00534EPSS
Exploits1References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•30 views

Apache Spark Deserialization Vulnerability

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...

8.8CVSS6.3AI score0.05341EPSS
Exploits1References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•6 views

Zephyr Buffer Overflow Vulnerability

Zephyr is Zephyr open source a scalable real-time operating system RTOS. Zephyr suffers from a buffer overflow vulnerability. The vulnerability stems from ATAES132A response parsing that fails to properly validate the length size of input data, which can be exploited by an attacker to cause kerne...

3.8CVSS6.1AI score0.0024EPSS
Exploits1References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•40 views

OpenClaw Information Disclosure Vulnerability (CNVD-2026-14389)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability, the vulnerability stems from the component File Existence Handler's function tools.exec.safeBins for the protection of sensitive information is insufficient, an attacker can...

5.5CVSS5.6AI score0.00133EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•7 views

WordPress Plugin Avada Core Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Avada Core, which stems fro...

6.5CVSS5.6AI score0.00129EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•6 views

WordPress Plugin Astra Bulk Edit Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Astra Bulk Edit, which stem...

6.5CVSS5.5AI score0.00161EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•2 views

HCL AION Security Bypass Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security bypass vulnerability that is caused by a container base image not being properly authenticated. An attacker can exploit the vulnerability to cause the use of an untrusted container image...

7.2CVSS6AI score0.00127EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•5 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15149)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause the use of an unauthenticated or tampered image, triggering security risks such as integrity breaches or unexpected system behavior...

9.8CVSS5.9AI score0.00117EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•4 views

IBM Aspera Console Information Disclosure Vulnerability (CNVD-2026-17491)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. An information disclosure vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to enumera...

5.3CVSS5.8AI score0.0024EPSS
Exploits0
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•2 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15148)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from untrusted file parsing operations not being performed in an isolated sandboxed environment, which can be exploited by an attacker to cause unexpected behavior when...

7.8CVSS5.9AI score0.00095EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•4 views

Dell ThinOS 10 Command Injection Vulnerability

Dell ThinOS 10 is an operating system from the American company Dell Dell. A command injection vulnerability exists in versions prior to Dell ThinOS 10 260210.0573. The vulnerability stems from improper neutralization of special elements in commands and can be exploited by an attacker to achieve...

7.8CVSS5.8AI score0.00438EPSS
Exploits0
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•2 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15147)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a lack of validation or restriction on SQL query execution, which can be exploited by an attacker to cause unexpected database interactions or information leakage...

7.3CVSS6AI score0.00225EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•9 views

ImageMagick Buffer Overflow Vulnerability (CNVD-2026-16617)

ImageMagick is ImageMagick open source set of open source image processing software. Can read, convert or write images in a variety of formats. ImageMagick suffers from a buffer overflow vulnerability that originates beyond the end of the write stack buffer when a memory allocation failure occurs...

6.7CVSS6.1AI score0.00096EPSS
Exploits0
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•4 views

HCL AION SQL Injection Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...

9.8CVSS6AI score0.00281EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•3 views

TRENDnet TEW-632BRP Buffer Overflow Vulnerability

The TRENDnet TEW-632BRP is a wireless router from TRENDnet. A buffer overflow vulnerability exists in the TRENDnet TEW-632BRP. The vulnerability is caused due to a lack of bounds checking in the user-controlled pingipadder parameter in the HTTP POST request handler of the /pingresponse.cgi...

8.6CVSS7.6AI score0.00612EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•3 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15153)

HCL AION is an AI lifecycle management platform. HCL AION suffers from a security vulnerability that originates from an internal file system path being exposed via an application response, which can be exploited by an attacker to cause information disclosure...

6.5CVSS5.9AI score0.00108EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•11 views

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability (CNVD-2026-17493)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based for Android, which can be exploited by attackers to perform spoofing attacks...

5CVSS5.8AI score0.00239EPSS
Exploits0
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•2 views

HCL AION Information Disclosure Vulnerability (CNVD-2026-15145)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that stems from the predictability of certain identifiers, which can be exploited by an attacker to cause the attacker to infer or guess system-generated values, triggerin...

5.3CVSS5.9AI score0.00131EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•4 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15150)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause the use of unvalidated or modified model artifacts...

5.3CVSS5.9AI score0.00084EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•4 views

HCL AION SQL Injection Vulnerability (CNVD-2026-15146)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from a misconfiguration that may allow execution of harmful SQL queries, which can be exploited by an attacker to cause unexpected database interactions or limited...

5.3CVSS6.2AI score0.00147EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•5 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15151)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by attackers to affect the traceability of user activities...

8.2CVSS5.9AI score0.00141EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•6 views

AnythingLLM SQL Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM SQL injection vulnerability , the vulnerability stems from the built-in SQL proxy plug-in getTableSchemaSql method of the tablename parameter lack of validation of external input SQL statements , an attacker can use...

8.8CVSS6.2AI score0.00299EPSS
Exploits1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•8 views

IBM Aspera Console Denial of Service Vulnerability (CNVD-2026-19449)

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

4.9CVSS5.8AI score0.00422EPSS
Exploits0
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•5 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-14390)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from a browser-initiated WebSocket connection that can bypass origin authentication under certain configurations, which can be exploited by an attacker ...

8.1CVSS5.8AI score0.00153EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•5 views

Belkin F9K1122 Stack Buffer Overflow Vulnerability (CNVD-2026-14686)

The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a stack buffer overflow vulnerability, which originates from a misbehavior of the webpage parameter of the function formReboot in the file /goform/formReboot, that can be exploited by an attacker to execute arbitrary co...

9CVSS7.7AI score0.00455EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•4 views

IBM Aspera Console Denial of Service Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

5.3CVSS5.7AI score0.0027EPSS
Exploits0
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•3 views

Apache Livy Input Validation Error Vulnerability

Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...

6.3CVSS5.8AI score0.00488EPSS
Exploits1References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•5 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15158)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has an information disclosure vulnerability that stems...

4.3CVSS5.9AI score0.0044EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•3 views

WordPress Plugin wpDiscuz Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin wpDiscuz, which stems fr...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•7 views

HCL AION Denial of Service Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a denial of service vulnerability that stems from improper handling of upload size limits, which can be exploited by an attacker to cause excessive resource consumption or denial of service...

7.5CVSS5.7AI score0.00144EPSS
Exploits0
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•7 views

Apache Airflow Security Bypass Vulnerability (CNVD-2026-15157)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from a security bypass vulnerability that stems...

8.1CVSS5.9AI score0.00409EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•6 views

WordPress Plugin Calculated Fields Form Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Calculated Fields Form, whi...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•3 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15159)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

6.5CVSS5.9AI score0.00406EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/19 12:0 a.m.•5 views

WordPress Plugin WpEvently Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WpEvently has an information disclosure vulnerability that can be exploited by...

5.3CVSS5.8AI score0.00251EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/18 12:0 a.m.•4 views

Unspecified vulnerability in AnythingLLM (CNVD-2026-17191)

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from two common system preferences endpoints that allow administrator role access, which can be exploited by an attacker to cause the administrator to read plaintext...

3.8CVSS5.8AI score0.00198EPSS
Exploits1
CNVD
CNVD
•added 2026/03/18 12:0 a.m.•6 views

AnythingLLM Code Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...

6.4CVSS6.2AI score0.00388EPSS
Exploits1
CNVD
CNVD
•added 2026/03/18 12:0 a.m.•4 views

Unspecified Vulnerability in AnythingLLM

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from a suspended user not being blocked on the browser extension API key path in multi-user mode, which can be exploited by an attacker to cause the suspended user to...

2.7CVSS5.8AI score0.00231EPSS
Exploits1
CNVD
CNVD
•added 2026/03/17 12:0 a.m.•3 views

WordPress Plugin NextScripts: Social Networks Auto-Poster Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin NextScripts: Social Network...

6.4CVSS5.9AI score0.04279EPSS
Exploits1References1
CNVD
CNVD
•added 2026/03/17 12:0 a.m.•3 views

Google Chrome Web Speech Out-of-Bounds Read Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome Web Speech suffers from an out-of-bounds read vulnerability that originates from out-of-bounds reading of memory buffer data, which can be exploited by remote attackers to execute arbitrary code...

9.6CVSS6.2AI score0.00349EPSS
Exploits0References1
CNVD
CNVD
•added 2026/03/17 12:0 a.m.•6 views

Dell Alienware Command Center Access Control Error Vulnerability

Dell Alienware Command Center is a package manager from Dell USA. An access control error vulnerability exists in Dell Alienware Command Center versions prior to 6.12.24.0. The vulnerability stems from improper access control and can be exploited by an attacker to cause a denial of service...

5.5CVSS5.4AI score0.00075EPSS
Exploits0
CNVD
CNVD
•added 2026/03/17 12:0 a.m.•7 views

Adobe Commerce Improper Authorization Vulnerability

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. An improper authorization vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a security feature bypass...

5.3CVSS5.8AI score0.00295EPSS
Exploits0
CNVD
CNVD
•added 2026/03/17 12:0 a.m.•6 views

Adobe Commerce Security Bypass Vulnerability (CNVD-2026-16578)

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a security feature bypass...

4.3CVSS5.7AI score0.00339EPSS
Exploits0
Total number of security vulnerabilities131179