131179 matches found
Google Android Authorization Vulnerability (CNVD-2026-26392)
Google Android is an operating system based on Linux, open-sourced by the American company Google. Google Android has authorization-related vulnerabilities; these vulnerabilities stem from the lack of permission checks. Attackers can exploit these vulnerabilities to gain higher levels of access...
Dell PowerFlex Manager encryption vulnerability (CNVD-2026-26082)
Dell PowerFlex Manager is a software-defined storage management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.5.1.1 contained security vulnerabilities. Attackers could exploit these vulnerabilities to carry out man-in-the-middle attacks using DNS...
Dell PowerStore cross-site scripting vulnerability (CNVD-2026-26084)
Dell PowerStore is an enterprise-level network storage system developed by the American company Dell. Dell PowerStore has a cross-site scripting vulnerability. This vulnerability stems from the lack of effective filtering and escaping of data provided by users in the PowerStore Manager. Attackers...
Dell EMC VxRail Appliance permission licensing and access control issue vulnerabilities
The Dell EMC VxRail Appliance is an integrated hypervisor-enabled hyper-converged infrastructure device developed by the American company Dell. Versions of the Dell EMC VxRail Appliance prior to 7.0.520 contain security vulnerabilities. Attackers can exploit these vulnerabilities to escape from...
Google Android has an unknown vulnerability (CNVD-2026-26390)
Google Android is an operating system based on Linux, open-sourced by Google Inc. There are security vulnerabilities in Google Android, which stem from a lack of boundary checks in the mfccorenalqgetdecmetadataseinal function in mfccorenal.q. Attackers can exploit these vulnerabilities to execute...
Rockwell Automation CompactLogix 5370 suffers a denial-of-service vulnerability
Rockwell Automation CompactLogix 5370 is a programmable automation controller developed by Rockwell Automation in the United States. The CompactLogix 5370 has a denial-of-service vulnerability, which stems from the lack of verification of sequence numbers and source IP addresses in the CIP...
Google Android competition conditions issue vulnerability (CNVD-2026-26393)
Google Android is an open-source operating system based on Linux, developed by Google Inc. Google Android has a vulnerability known as a race condition. This vulnerability stems from a persistent synchronization issue within the createSessionInternal function in PackageInstallerService.java...
Dell PowerFlex Manager permission and access control vulnerabilities
Dell PowerFlex Manager is a software-defined storage management platform developed by the American company Dell. Dell PowerFlex has vulnerabilities related to permission licensing and access control. These vulnerabilities stem from improper access control mechanisms, and attackers can exploit the...
Cisco Identity Services Engine Software Authorization Vulnerability
Cisco Identity Services Engine Software is a identity management platform developed by the American company Cisco. There are authorization-related vulnerabilities in Cisco Identity Services Engine Software. These vulnerabilities stem from improper authorization checks during resource access...
Cisco Webex App input validation vulnerability (CNVD-2026-26204)
The Cisco Webex App is a video conferencing and collaboration software developed by Cisco, Inc. in the United States. The Cisco Webex App has a vulnerability related to input validation. This vulnerability stems from improper input validation of URL parameters in HTTP requests. Attackers can...
Apple Safari permissions vulnerability (CNVD-2026-26338)
Apple Safari is a web browser developed by Apple Inc., integrated into iOS, iPadOS, and macOS systems. It is primarily used for accessing and browsing web content. Apple Safari has a permissions vulnerability. This vulnerability stems from improper handling of permissions restrictions during...
Rockwell Automation FactoryTalk Analytics PavilionX Authorization Issues Vulnerability
Rockwell Automation FactoryTalk Analytics PavilionX is an industrial automation analysis platform developed by the Rockwell Automation Foundation in the United States. There is a vulnerability related to authorization in Rockwell Automation FactoryTalk Analytics PavilionX. This vulnerability stem...
TP-Link TL-WR841N Web interface stack buffer overflow vulnerability
The TP-Link TL-WR841N v14 is a wireless router produced by the Chinese company TP-Link. The TP-Link TL-WR841N v14 has a stack buffer overflow vulnerability in its web interface. This vulnerability arises from improper handling of specially crafted HTTP requests, leading to a buffer overflow...
Dell Peripheral Manager permissions and access control vulnerabilities (CNVD-2026-26537)
Dell Peripheral Manager is a peripheral device management software developed by the American company Dell. Versions of Dell Peripheral Manager prior to 1.7.3 contained security vulnerabilities. Attackers could exploit these vulnerabilities to execute arbitrary code by preloading malicious DLLs...
Google Chrome Input Validation Vulnerability (CNVD-2026-26522)
Google Chrome is a cross-platform web browser developed by Google Inc. of the United States. There is a security vulnerability in Google Chrome. This vulnerability stems from improper implementations in extensions. Attackers can exploit this vulnerability to bypass the origin policy using a...
Dell Peripheral Manager permissions and access control vulnerabilities
Dell Peripheral Manager is a peripheral device management software developed by the American company Dell. There are security vulnerabilities in Dell Peripheral Manager. Attackers can exploit these vulnerabilities to execute arbitrary code by preloading malicious executable files...
Google Chrome Authorization Vulnerability (CNVD-2026-26521)
Google Chrome is a cross-platform web browser developed by Google Inc. of the United States. There is a security vulnerability in Google Chrome. This vulnerability stems from improper handling of passwords in the Password module. Attackers can exploit this vulnerability to leak cross-source data...
Apple Safari buffer overflow vulnerability (CNVD-2026-26434)
Apple Safari is a web browser developed by Apple Inc., primarily used on iOS, iPadOS, and macOS systems. It provides web browsing functionality. Apple Safari has a buffer overflow vulnerability. This vulnerability stems from insufficient validation of boundary checks. Attackers can exploit this...
OpenBSD Resource Management Vulnerability (CNVD-2026-26371)
OpenBSD is a Unix-like operating system that focuses on security and code quality. There is a resource management vulnerability in OpenBSD. This vulnerability stems from the use of the syssem.get function in sys/kern/sysvsem.c, where a memory error occurs due to a context switch after tsleep. An...
Linux Kernel Memory Error Reference Vulnerability (CNVD-2026-25961)
The Linux kernel is an open-source operating system kernel that provides core functions such as process management, memory management, network protocol stack, and hardware drivers. The Linux kernel has a memory error reference vulnerability. This vulnerability arises from processing MLD queries,...
Dell Container Storage Module OS Command Injection Vulnerability
Dell Container Storage Modules is a container storage management module that primarily provides storage orchestration and data management functions in a containerized environment. Dell Container Storage Modules has an OS command injection vulnerability. This vulnerability stems from the failure t...
Linux Kernel TEe Optee Memory Error Reference Vulnerability
The Linux kernel is the core of the Linux operating system, responsible for managing hardware resources and providing system services. The TEE OP-TEE driver in the Linux kernel has a memory error reference vulnerability. This vulnerability arises from the possibility for the client to exit while...
Apache Kerby Kerberos Pre-authentication Bypass Vulnerability
Apache Kerby is a Java implementation of the Kerberos protocol, primarily used for providing authentication and authorization services. Apache Kerby has a vulnerability related to bypassing Kerberos pre-authentication. This vulnerability arises when users send PA-DATA that includes unrecognized o...
Linux Kernel Memory Vulnerability (CNVD-2026-26372)
The Linux kernel is the core of the Linux operating system, responsible for managing system resources, process scheduling, file systems, and other functions. The Linux kernel has a memory corruption vulnerability. This vulnerability arises due to the btrfs module releasing dirty page IO trees...
Google Chrome Resource Management Error Vulnerability (CNVD-2026-26523)
Google Chrome is a cross-platform web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.201 contained a resource management vulnerability, which stemmed from a reuse issue in AdFilter. Attackers could exploit this vulnerability by using specially crafted HTML pages an...
Google Chrome Input Validation Vulnerability (CNVD-2026-26524)
Google Chrome is a cross-platform web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.201 contained a vulnerability related to input validation errors. This vulnerability stemmed from an integer overflow issue in the Mojo component. Attackers could exploit this...
GPAC mp4box gf_cenc_set_pssh function buffer overflow vulnerability
GPAC mp4box is a multimedia file processing tool open-sourced by the GPAC team. Version 2.4 of GPAC mp4box contains a buffer overflow vulnerability. This vulnerability stems from the failure of the gfcencsetpssh function located in isomedia/drmsample.c to correctly verify the length of the input...
Oracle WebCenter Content permission licensing and access control issues
Oracle WebCenter Content is a content management product within Oracle Fusion Middleware. It is primarily used for creating, managing, and publishing corporate content. Oracle WebCenter Content has vulnerabilities related to permission verification and access control. These vulnerabilities stem...
Oracle WebCenter Sites permission and access control issue vulnerabilities
Oracle WebCenter Sites is a content management system component within Oracle Fusion Middleware, primarily used for website content management and publishing. There is a security vulnerability in Oracle WebCenter Sites. This vulnerability stems from improper handling of user permission...
Oracle Unified Directory permission and access control vulnerabilities
Oracle Unified Directory is a unified directory service provided by Oracle Corporation in the United States. Versions 12.2.1.4.0 and 14.1.2.1.0 of Oracle Unified Directory contain vulnerabilities related to permission licensing and access control. These vulnerabilities stem from issues with the O...
Google Chrome Blink memory error and reference vulnerability
Google Chrome is a web browser developed by Google, primarily providing web browsing, multimedia support, and additional features. Google Chrome has a memory error reference vulnerability. This vulnerability arises due to the Blink component failing to properly handle object lifecycle issues,...
Google Chrome Autofill memory error and reference vulnerability
Google Chrome is a web browser developed by Google. It primarily offers web browsing capabilities, extension support, and cross-platform synchronization features. The Autofill component of Google Chrome has a memory error reference vulnerability. This vulnerability stems from Autofill’s failure t...
Google Chrome Blink memory error reference vulnerability (CNVD-2026-25582)
Google Chrome is a web browser developed by Google, primarily used for browsing web content on the internet. Google Chrome has a memory error reference vulnerability, which stems from the use of memory after it has been released. Attackers can exploit this vulnerability to execute arbitrary code ...
Oracle VM VirtualBox Permission Licensing and Access Control Vulnerabilities
Oracle VM VirtualBox is one of the virtual machine components developed by Oracle Corporation in the United States. Version 7.2.8 of Oracle VM VirtualBox contains vulnerabilities related to permissions and access control. Attackers can exploit these vulnerabilities to log into virtual machines an...
Oracle Application Development Framework Permission Licensing and Access Control Vulnerabilities
The Oracle Application Development Framework is an application development framework developed by Oracle Corporation in the United States. There were vulnerabilities related to permission licensing and access control in the ADF versions 12.2.1.4.0 and 14.1.2.0.0. These vulnerabilities stemmed fro...
Google Chrome FileSystem memory error reference vulnerability
Google Chrome is a web browser developed by Google. Google Chrome has a memory error reference vulnerability. This vulnerability stems from a memory error reference within the FileSystem component. An attacker can exploit this vulnerability to trigger heap corruption through carefully crafted HTM...
Google Chrome Bluetooth memory error and reference vulnerability
Google Chrome is a cross-platform web browser developed by Google. It primarily provides features for web browsing, extension support, and multi-platform synchronization. Google Chrome has a memory error reference vulnerability, which stems from the Bluetooth component failing to properly manage...
Google Pixel remote code execution vulnerability (CNVD-2026-25584)
The Google Pixel is an Android smart device produced by Google, used for mobile communication and application execution. The Google Pixel has a remote code execution vulnerability. This vulnerability arises due to memory corruption in the Modem component during the processing of SIP REFER request...
Dell Wyse Management Suite Trust Management Vulnerability
Dell Wyse Management Suite WMS is a software suite developed by Dell that is used for centralized management of thin client devices. Versions of the Dell Wyse Management Suite prior to 2605 contained a trust management vulnerability, which was caused by the system using default or preset login...
Google Android Buffer Overflow Vulnerability (CNVD-2026-26526)
Google Android is an operating system based on Linux, open-sourced by Google Inc. Google Android has a buffer overflow vulnerability. This vulnerability stems from the lack of boundary checks in the RtcpHeader::decodeRtcpHeader function, which may lead to out-of-bounds reads, resulting in remote...
Google Android Out-of-Bounds Write Vulnerability (CNVD-2026-26527)
Google Android is an operating system based on Linux, open-sourced by Google Inc. in the United States. There is a buffer overflow vulnerability in Google Android. The cause of this vulnerability lies in the incorrect boundary checking of the Write function in msgtoHostbuffer.cc; it is possible f...
Google Android DDoS Vulnerability (CNVD-2026-26529)
Android is Google's mobile operating system, used for managing the operation of smartphones, tablets, and embedded devices. Google Android has a denial-of-service vulnerability. The vulnerability arises due to a lack of null pointer checking in the checkSsrcCollisionOnRcv function in...
J-BusinessDirectory SQL Injection Vulnerability
J-BusinessDirectory is a Joomla component used to expand the content and functionality of Joomla sites. J-BusinessDirectory has a SQL injection vulnerability. The vulnerability arises because the categories.getCategories task does not properly filter the SQL statement fragments in the type...
Google Android Buffer Overflow Vulnerability (CNVD-2026-26528)
Google Android is an operating system based on Linux, open-sourced by Google Inc. There is a buffer overflow vulnerability in Google Android. This vulnerability stems from memory corruption in the NrmmMsgCodec::DecodeUPUTransparentContext function found in the cnNrmmDecoder.cpp file. This can lea...
Google Pixel remote code execution vulnerability (CNVD-2026-25585)
The Google Pixel is a Android smart device produced by Google, used for mobile communication and application execution. The Google Pixel has a remote code execution vulnerability. This vulnerability arises due to a lack of boundary checks in the modem component, allowing unauthorized access to...
Google Android Buffer Overflow Vulnerability (CNVD-2026-25586)
Google Android is an open-source operating system based on Linux, developed by Google Inc. Google Android has a buffer overflow vulnerability. This vulnerability stems from a lack of boundary checks in the TextRtpPayloadDecoderNode::DecodeT140 function found in TextRtpPayloadDecoderNode.cpp. This...
Google Pixel remote code execution vulnerability (CNVD-2026-25583)
The Google Pixel is a Android smart device produced by Google, used for mobile communication and application execution. The Google Pixel has a remote code execution vulnerability. This vulnerability arises due to a lack of boundary checks in the modem component, allowing unauthorized writing beyo...
Mozilla Firefox for iOS: Input validation error vulnerability
Mozilla Firefox for iOS is a mobile web browser developed by the Mozilla Foundation. Mozilla Firefox for iOS has a vulnerability related to input validation. This vulnerability stems from a problem in TemporaryDocument where cross-source HTTP redirection retains the initial PDF request settings f...
NVIDIA NeMo Framework Deserialization Vulnerability (CNVD-2026-25394)
NVIDIA NeMo Framework is an open-source generative AI development platform designed specifically for researchers and developers. It aims to efficiently build, customize, and deploy large language models, multimodal models, and voice AI models. The NVIDIA NeMo Framework has a deserialization...
NVIDIA NeMo Framework arbitrary code execution vulnerability
NVIDIA NeMo Framework is an open-source generative AI development platform designed specifically for researchers and developers. It aims to efficiently build, customize, and deploy large language models, multimodal models, and voice AI models. The NVIDIA NeMo Framework has a code execution...