Siemens RUGGEDCOM operating system command injection vulnerability (CNVD-2026-23336)

Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...

Siemens Teamcenter Trust Management Vulnerability

Siemens Teamcenter is a software application for product lifecycle management developed by the German company Siemens. Siemens Teamcenter has a vulnerability related to trust management. This vulnerability stems from the use of hardcoded keys for obfuscation. Attackers can exploit this...

Siemens RUGGEDCOM ROX parameter injection vulnerability

Siemens RUGGEDCOM ROX is a dedicated operating system developed by Siemens for its industrial communication devices. It primarily runs on RUGGEDCOM series of industrial Ethernet switches, routers, and multi-service platforms. Siemens RUGGEDCOM ROX has a parameter injection vulnerability; this...

Siemens SIMATIC HMI Comfort Panels have undisclosed vulnerabilities

Siemens SIMATIC HMI Comfort Panels are touchscreen devices produced by the German company Siemens. Siemens SIMATIC HMI Comfort Panels have security vulnerabilities. These vulnerabilities stem from improper restrictions on access to web browsers through the control panel. Unauthorized attackers ca...

Siemens ROS# Path traversal vulnerability

Siemens ROS is a robot operating system communication framework based on C and .NET by the German company Siemens. Siemens ROS has a path traversal vulnerability, which arises from incorrect user input that leads to path traversal. Attackers can exploit this vulnerability to access any file on th...

Kuicms PHP EE cross-site scripting vulnerability

Kuicms Php EE is a PHP enterprise website content management system developed by Kuicms Corporation. Version 2.0 of Kuicms Php EE contains a cross-site scripting vulnerability. This vulnerability stems from insufficient filtering and escaping of data provided by users. Attackers can exploit this...

Siemens Solid Edge buffer overflow vulnerability (CNVD-2026-23467)

Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for part design, assembly design, sheet metal design, welding design, and other industries. Siemens Solid Edge has a buffer overflow vulnerability; this vulnerability stems from the lack of...

Siemens Teamcenter Cross-site Scripting Vulnerability

Siemens Teamcenter is a software application for product lifecycle management developed by the German company Siemens. Siemens Teamcenter has a cross-site scripting vulnerability. This vulnerability arises because the affected applications fail to properly encode or filter data provided by users...

Siemens Solid Edge stack buffer overflow vulnerability (CNVD-2026-23468)

Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Siemens Solid Edge has a stack buffer overflow vulnerability, which allows attackers to execute...

BloofoxCMS Cross-Site Request Forgery Vulnerability

BloofoxCMS is a PHP-based text content management system. The bloofoxCMS 0.5.2.1 version has a cross-site request forgeing vulnerability. This vulnerability arises from the WEB application not properly verifying whether the request comes from a trusted user. Attackers can exploit this vulnerabili...

Zyxel NWA1100-N buffer overflow vulnerability

The Zyxel NWA1100-N is a wireless access point manufactured by the Chinese company Zyxel. The Zyxel NWA1100-N 1.00AACE.1C0 version contains a buffer overflow vulnerability. This vulnerability arises from insufficient validation of the length of input data in functions such as formWep, formWlAc,...

Mozilla Firefox Memory Error Reference Vulnerability (CNVD-2026-23638)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a memory corruption vulnerability, which stems from JavaScript: the WebAssembly component responsible for releasing memory experiences confusion in its instructions. Attacke...

Mozilla Firefox Code Execution Vulnerability (CNVD-2026-23637)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a code execution vulnerability, which stems from errors in the JavaScript Engine’s JIT compilation process. Attackers can exploit this vulnerability to execute arbitrary cod...

Microsoft Office Exploitation Vulnerability (CNVD-2026-23631)

Microsoft Office is a suite of office software products developed by the American company Microsoft. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a deception vulnerability that attackers can exploit to carry out deceptive attacks...

Microsoft Office Code Execution Vulnerability (CNVD-2026-23632)

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a code execution vulnerability, which allows attackers to execute arbitra...

Mozilla Firefox has an unknown vulnerability (CNVD-2026-23639)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. There are security vulnerabilities in Mozilla Firefox, which stem from issues with the JavaScript Engine component. Currently, no detailed information about these vulnerabilities is available...

Microsoft M365 Copilot for Desktop has a deception vulnerability

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot for Desktop has a deception vulnerability, and attackers can exploit this vulnerability to carry out deceptive attacks...

Mozilla Firefox has an unknown vulnerability (CNVD-2026-23640)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. There is a security vulnerability in Mozilla Firefox, which stems from a sandbox escape in the Profile Backup component. Currently, no detailed details about this vulnerability are available...

Linux kernel smb_check_perm_dacl function out-of-bounds read vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability. The vulnerability stems from insufficient ACE size validation in the smbcheckpermdacl function of ksmbd, whic...

Linux kernel set_cig_params_sync function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from the setcigparamssync function in Bluetooth hciconn not locking hciconn, which can b...

D-Link M60 License Issue Vulnerability

The D-Link M60 is a wireless routing device from China-based D-Link. An authorization issue vulnerability exists in D-Link M60 version 1.20B02 and prior versions, which stems from a weak password recovery issue in the file /usr/bin/httpd, and can be exploited by an attacker to cause...

Linux kernel sco_sock_connect function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a confusion in the instruction responsible for freeing memory in the scosockconnect...

Linux kernel fuse_add_dirent_to_cache function buffer overflow vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. The vulnerability stems from the fuseadddirenttocache function not checking if the dirent size exceeds PAGESIZE, whi...

Linux kernel netfilter nf_conntrack_helper function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from passing a NULL pointer when expecting cleanup in netfilter nfconntrackhelper, which...

Linux kernel x25_queue_rx_frame function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a call to kfreeskb when allocskb fails in x25queuerxframe, which can be exploited b...

Linux Kernel wilc1000 Integer Overflow Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a heap buffer overflow due to a u8 overflow in the wilc1000 wireless driver, which could lead to memory...

OpenClaw has an unspecified vulnerability (CNVD-2026-20009)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the failure of the OpenShell file system bridge to properly validate symbolic link exchanges when handling file system operations, which can be exploited by an...

OpenClaw has an unspecified vulnerability (CNVD-2026-19640)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to bypass permission list validation by embedding shell extension tokens in heredoc bodies to execute unapproved commands at runtime...

OpenClaw Server-Side Request Forgery Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that stems from a server-side request forgery vulnerability in QQBot direct media uploads that skips URL authentication. An attacker can exploit this...

OpenClaw has an unspecified vulnerability (CNVD-2026-20008)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to properly preserve the OPENCLAWRuntime Control Environment namespace in the workspace dotenv file, which can be exploited by an attacker to manipula...

OpenClaw server-side request forgery vulnerability (CNVD-2026-19639)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...

Google Chrome Network Integer Overflow Vulnerability

Google Chrome is a web browser developed by Google to provide web browsing, application running and internet communication features. Google Chrome suffers from an integer overflow vulnerability that stems from the Network component failing to properly handle certain data, which can be exploited b...

XATABoost CMS SQL Injection Vulnerability

XATABoost CMS is a content management system from XATABoost that provides website content publishing and management functions. A SQL injection vulnerability exists in XATABoost CMS version 1.0.0. The vulnerability stems from the application's lack of validation of externally entered SQL statement...

OpenClaw has an unspecified vulnerability (CNVD-2026-19618)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the derivation of a loopback MCP owner context from a server-issued bearer token that can be spoofed in the request header, which can be exploited by an attacke...

FluentCMS TextHTML Plugin Cross-Site Scripting Vulnerability

FluentCMS is a .NET-based content management system CMS that is primarily used to quickly build websites and manage web content. A cross-site scripting vulnerability exists in the FluentCMS TextHTML plugin. The vulnerability stems from insufficient validation of user input and failure to properly...

Google Android ADB Authentication Bypass Vulnerability

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

Ollama GGUF Model Loader Heap Out-of-Bounds Read Vulnerability

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

IBM i Web Administration GUI Elevation of Privilege Vulnerability

IBM i is an integrated operating system developed by IBM for use on IBM Power Systems servers, providing database, network, and application services. An elevation of privilege vulnerability exists in IBM i. The vulnerability stems from an invalid authorization check in the Web Administration GUI...

IBM Turbonomic prometurbo agent elevation of privilege vulnerability

The IBM Turbonomic prometurbo agent is a component in IBM Turbonomic Application Resource Management that is used to manage resource configurations. An elevation of privilege vulnerability exists in IBM Turbonomic prometurbo agent. The vulnerability stems from an excessive cluster-wide permission...

OpenClaw has an unspecified vulnerability (CNVD-2026-19030)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to read arbitrary host files, thereby stealing sensitive credentials and accessing critical data...

OpenClaw path traversal vulnerability (CNVD-2026-19027)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to bypass file system sandboxing restrictions to read arbitrary files...

OpenClaw has an unspecified vulnerability (CNVD-2026-19026)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to suppress legitimate events on different accounts by matching the eventname and messageid parameters...

OpenClaw has an unspecified vulnerability (CNVD-2026-19029)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to retrieve threaded messages that should be filtered by the sender's permission list...

OpenClaw Backlink Vulnerability (CNVD-2026-19028)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to upload a tar archive file containing a symbolic link to escape the sandbox and overwrite files on a remote host...

IBM Security Verify Directory File Upload Vulnerability

IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. A file upload vulnerability exists in IBM Security Verify Directory versions 10.0.0 through 10.0.0.3. The vulnerability stems from an unverified file type and can be...

Delta Electronics AS320T Stack Buffer Overflow Vulnerability

Delta Electronics AS320T is a high-performance programmable logic controller device for industrial automation control from Delta Electronics China. The Delta Electronics AS320T suffers from a stack buffer overflow vulnerability that is caused by incorrect boundary checking of file names. An...

Delta Electronics AS320T Denial of Service Vulnerability

Delta Electronics AS320T is a high-performance programmable logic controller device for industrial automation control from Delta Electronics China. A denial of service vulnerability exists in the Delta Electronics AS320T, which can be exploited by an attacker to cause a denial of service...

TOTOLINK A3300R hour parameter command injection vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R hour parameter, which originates from the cstecgi.cgi file failing to properly validate the hour parameter, and can be exploited by an attacker to execute...

TOTOLINK A3300R recHour Parameter Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R recHour parameter, which originates from the failure of the recHour parameter in the /cgi-bin/cstecgi.cgi file to correctly filter user input, and can be...

Flowise Information Disclosure Vulnerability

Flowise is a FlowiseAI open source tool for easily building LLM applications. Flowise suffers from an information disclosure vulnerability caused by a flaw in the /api/v1/public-chatflows/:id endpoint that can be exploited by an attacker to obtain sensitive information...