FreeRDP freerdp_image_copy_from_icon_data function buffer overflow vulnerability

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer overflow vulnerability exists in versions prior to FreeRDP 3.23.0. The vulnerability stems from a buffer over-read in the freerdpimagecopyfromicondata function, which can be exploited by an...

Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Microsoft ACI Confidential Containers is a Microsoft credentials container. A security vulnerability exists in Microsoft ACI Confidential Containers that stems from an improper design and can be exploited by an attacker to obtain sensitive information...

Apache Superset Information Disclosure Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset has an information disclosure vulnerability that can be exploited by an attacker to retrieve sensitive user information...

Google Android Information Disclosure Vulnerability (CNVD-2026-13142)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Google Chrome DevTools Heap Corruption Vulnerability

Google Chrome is a free web browser developed by Google Inc. A heap corruption vulnerability exists in Google Chrome DevTools, which stems from improper object destructuring and can be exploited by remote attackers to execute arbitrary code...

Google Android suffers from unspecified vulnerability (CNVD-2026-14648)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from improper input validation of the loadDescription function in DeviceAdminInfo.java, and can be exploited by an attacker to cause a local elevation of...

Google Android elevation of privilege vulnerability (CNVD-2026-13790)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability. An attacker can exploit the vulnerability to cause a local elevation of privilege...

D-Link DIR-513 Stack Buffer Overflow Vulnerability

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause a denial of service...

D-Link DIR-513 Stack Buffer Overflow Vulnerability (CNVD-2026-16147)

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a stack buffer overflow vulnerability that originates from the parameter curTime in file goform/formSetWANWizard51 that fails to properly validate the length size of the input data, which can be...

Discourse Access Control Error Vulnerability (CNVD-2026-17484)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from a Chat::AddUsersToChannel add member that bypasses private...

Unspecified vulnerability in Discourse (CNVD-2026-17486)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a lack of validatebeforecreate authorization in Data Explorer's...

Apache Superset Security Bypass Vulnerability (CNVD-2026-13252)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to bypass data access controls...

Apache Superset SQL Injection Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete arbitrary files on the database...

Delta Electronics CNCSoft-G2 Code Execution Vulnerability

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a code execution vulnerability that originates from insufficient user-supplied file validation, which can be exploited by an attacker to execute code...

Chamilo copy_course_session_selected.php file SQL injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo copycoursesessionselected.php file contains a SQL injection vulnerability that can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data...

Google Android elevation of privilege vulnerability (CNVD-2026-13146)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by proxy obfuscation in multiple functions of MediaProvider.java that could potentially bypass the external storage write permission. An...

Huawei HarmonyOS Print Module Competitive Conditions Vulnerability (CNVD-2026-18800)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS Printing Module, which can be exploited by an attacker to cause availability to be...

Google Android Denial of Service Vulnerability (CNVD-2026-13147)

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which stems from improper input validation in multiple functions of ProfilingService.java, and can be exploited by an attacker to cause a denial of service...

Google Chrome V8 Memory Out-of-Bounds Access Vulnerability (CNVD-2026-13792)

Google Chrome is a free web browser developed by Google Inc. Google Chrome V8 suffers from a memory out-of-bounds access vulnerability that stems from improper memory buffer access control and can be exploited by remote attackers to execute arbitrary code...

Huawei HarmonyOS Window Module Double Release Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A double-release vulnerability exists in the Huawei HarmonyOS window module, which can be exploited by an attacker to cause availability to be compromised...

Huawei HarmonyOS Device Security Management Module Competitive Conditions Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS device security management module, which can be exploited by an attacker to cause...

Google Android Out-of-Bounds Write Vulnerability (CNVD-2026-18788)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability that can be exploited by attackers to cause memory corruption and local elevation of privilege...

Microsoft Azure Arc Access Control Error Vulnerability

Microsoft Azure Arc is a storage system from Microsoft USA. that extends the Azure platform into your environment. Microsoft Azure Arc has an Access Control Error vulnerability that can be exploited by an attacker to elevate privileges...

FunAdmin Access Control Error Vulnerability

FunAdmin is a lightweight and highly colorful backend development system based on ThinkPHP6+Layui. An access control error vulnerability exists in funadmin. The vulnerability stems from the lack of validation of user privileges in the function getMember in the file...

Microsoft Azure Front Door Access Control Error Vulnerability

Microsoft Azure Front Door is a cloud-based content delivery network from Microsoft Corporation in the United States. An access control error vulnerability exists in Microsoft Azure Front Door, which can be exploited by an attacker to elevate privileges...

IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2026-13784)

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...

Textream Resource Management Error Vulnerability

Textream is a teleprompter application. A resource management error vulnerability exists in Textream that stems from the DirectorServer WebSocket server not limiting concurrent connections, which can be exploited by an attacker to cause CPU and memory exhaustion, freezing and crashing the...

IBM Cloud Pak System Access Control Error Vulnerability

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An access control error vulnerability exists in IB...

Google Android suffers from unspecified vulnerability (CNVD-2026-18789)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...

FreeRDP Buffer Overflow Vulnerability (CNVD-2026-12777)

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from a buffer overflow vulnerability that stems from unvalidated target rectangle boundaries in the GDI surface pipeline, which can be exploited by an attacker to cause a heap buffer...

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-16683)

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM suffers from a cross-site scripting vulnerability that originates from an authenticated user being able to store a JavaScript payload, no details of the vulnerability are provided at this time...

Google Android Information Disclosure Vulnerability (CNVD-2026-18787)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a lack of privilege checking, which can be exploited by attackers to obtain sensitive information...

Microsoft Semantic Kernel Code Injection Vulnerability

Microsoft Semantic Kernel is a large model orchestration framework from Microsoft Corporation, USA. A code injection vulnerability exists in Microsoft Semantic Kernel versions prior to 1.39.4. The vulnerability stems from the InMemoryVectorStore filtering feature failing to properly filter specia...

OpenClaw Information Disclosure Vulnerability (CNVD-2026-13370)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability. The vulnerability stems from the fact that skills.status may return raw parsed configuration values for the skills.config path via configChecks, which can be...

Google Android Permission Mismanagement Vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a mismanagement of privileges vulnerability that can be exploited by attackers to cause memory corruption and local elevation of privileges...

Google Android elevation of privilege vulnerability (CNVD-2026-19056)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an out-of-bounds write due to an integer overflow in multiple functions of memprotect.c. The vulnerability is caused by an integer overflow in th...

Google Android Privilege Bypass Vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a privilege bypass vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

Microsoft Azure Functions Information Disclosure Vulnerability

Microsoft Azure Functions is a hosted Platform-as-a-Service PaaS provider from Microsoft Corporation USA that delivers event-driven and scheduled compute resources for Azure cloud services. An information disclosure vulnerability exists in Microsoft Azure Functions, which can be exploited by an...

Google Android elevation of privilege vulnerability (CNVD-2026-18786)

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android, which can be exploited by an attacker to cause an application to gain read and write access to non-existent files and local elevation of privilege...

Microsoft Windows Admin Center Authorization Issues Vulnerability

Microsoft Windows Admin Center is a locally deployed browser-based application from Microsoft USA. The program is mainly used for managing servers, clusters, etc. An authorization issue vulnerability exists in Microsoft Windows Admin Center that stems from improper authentication and can be...

Google Chrome Security Bypass Vulnerability (CNVD-2026-18793)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2026-18794)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...

OpenClaw has an unspecified vulnerability (CNVD-2026-13371)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability, which stems from tools.exec.safeBins authentication can be bypassed and can be exploited by an attacker to cause unapproved code execution...

Microsoft Teams Access Control Error Vulnerability

Microsoft Teams is an American Microsoft Microsoft software for online meetings, chat, and cloud storage capabilities. Microsoft Teams suffers from an Access Control Error vulnerability that stems from improper access control and can be exploited by an attacker to cause an unauthorized attacker t...

Google Chrome Security Bypass Vulnerability (CNVD-2026-18792)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...

Fiber Security Feature Issue Vulnerability

Fiber is Fiber open source an open source Web framework written in Go language . Fiber suffers from a security signature issue vulnerability. The vulnerability stems from an error not returned by the UUID function and can be exploited by an attacker to use predictable or low entropy identifiers i...

NVIDIA Delegated Licensing Service Authorization Issues Vulnerability

NVIDIA Delegated Licensing Service is a licensing service of NVIDIA Corporation. NVIDIA Delegated Licensing suffers from an authorization issue vulnerability that stems from improper authentication, which can be exploited by an attacker to cause information disclosure...

Google Chrome Code Execution Vulnerability (CNVD-2026-18791)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome, which can be exploited by an attacker to execute arbitrary code on a system...

Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14277)

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial-of-service vulnerability exists in several Apple products, which can be exploited by an attacker t...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14338)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . A cross-site scripting vulnerability exists in Smoothwall Express. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the SRCIP, DESTIP, or COMMENT parameters...