Denial of Service Vulnerability in IBM Db2

IBM Db2 is a set of relational database management system developed by the United States International Business Machines IBM Corporation, and its main operating environments are UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, as well as Windows server versions. A denial...

Microsoft Hyper-V Code Execution Vulnerability (CNVD-2026-17151)

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A code execution vulnerability exists in Microsoft Hyper-V, which can be exploited by an attacker to execute arbitrary code on a system...

OpenClaw Cross-Site Request Forgery Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a cross-site request forgery vulnerability that stems from a browser-oriented local host change route accepting cross-domain browser requests without explicit Origin/Referer validation, which can be...

Adobe After Effects has a binary vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A binary vulnerability exists in Adobe After Effects 25.6 and earlier...

Adobe After Effects has a Memory Free After Use Vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects 25.6 and earlier versions suffer from a Memory Free Aft...

Adobe Substance 3D Stager suffers from an out-of-bounds read vulnerability (CNVD-2026-12699)

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds read vulnerability exists in Adobe Substance 3D Stager, which can be exploited by an attacker ...

Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager 3.1.6 and earlier versions, which can ...

Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability (CNVD-2026-12697)

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager, which can be exploited by attackers t...

Adobe After Effects has an out-of-bounds write vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds write vulnerability exists in Adobe After Effects 25.6 and...

Adobe After Effects suffers from an out-of-bounds write vulnerability (CNVD-2026-12691)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds write vulnerability exists in Adobe After Effects 25.6 and...

Adobe After Effects suffers from an out-of-bounds read vulnerability (CNVD-2026-12688)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects 25.6 and...

WordPress Plugin Simple Ajax Chat Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Simple Ajax Chat. The...

Google Chrome Buffer Overflow Vulnerability (CNVD-2026-12763)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a buffer overflow vulnerability that originates from a media out-of-bounds read, which can be exploited by a remote attacker to perform an out-of-bounds memory read via a crafted HTML page...

WordPress Plugin Context Blog Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Context Blog. The...

HTML Injection Vulnerability in IBM webMethods Integration Server

IBM webMethods Integration Server is an application connector from International Business Machines IBM. An HTML injection vulnerability exists in IBM webMethods Integration Server version 12.0. An attacker could exploit this vulnerability to execute arbitrary Web script or HTML...

D-Link DWR-M960 formDdns File Buffer Overflow Vulnerability

The D-Link DWR-M960 is a router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DWR-M960 formDdns file. The vulnerability stems from a misbehavior of the function sub4648F0 in the file /boafrm/formDdns in the DDNS Settings Handler component with respect to the...

Microsoft Windows Notepad Command Injection Vulnerability

Microsoft Windows Notepad is a text editor program from Microsoft USA. A command injection vulnerability exists in Microsoft Windows Notepad. The vulnerability stems from the application failing to properly filter constructed command special characters, commands, etc. An attacker could exploit th...

Information Disclosure Vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway

IBM Sterling B2B Integrator is a flexible integration platform that simplifies complex B2B and Electronic Data Interchange EDI processes across the partner ecosystem, supports local and hybrid cloud deployments, ensures data security, and provides high availability guarantees.IBM Sterling File...

Microsoft Hyper-V Access Control Error Vulnerability

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. An access control error vulnerability exists in Microsoft Hyper-V. The vulnerability stems from a flaw in the access control mechanism and can be...

Microsoft Excel Buffer Overflow Vulnerability (CNVD-2026-12553)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A buffer overflow vulnerability exists in Microsoft Excel. The vulnerability stems from the program's failure to properly validate the length and size of input data, which can be exploited by an attacker ...

Memory Free After Use Vulnerability in Adobe After Effects 25.6 and Prior Versions

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects 25.6 and earlier versions suffer from a Memory Free Aft...

Multiple Apple Products Information Disclosure Vulnerability (CNVD-2026-14480)

AApple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. apple macOS is a specialized operating system developed for Mac computers. An information disclosure vulnerability exists in multiple Apple products.The vulnerability is caused due to an error in the...

OpenClaw Server-Side Request Forgery Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability. The vulnerability stems from the fact that SSRF protection can be bypassed using a full form IPv4 mapping IPv6 literal, which can be exploited by an attacke...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14288)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the urlfilter.cgi endpoint in the REDIRECTPAGE or CHILDREN parameter on the user-supplied data lack of effective filterin...

Adobe Substance 3D Stager suffers from an out-of-bounds read vulnerability

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated 3D scene set, lighting setup and high-quality rendering of professional software. An out-of-bounds read vulnerability exists in Adobe Substance 3D Stager, which can be exploited by an attacker to execute...

Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14489)

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial of service vulnerability exists in multiple Apple products, which is caused due to an issue in the...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14285)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the NTPSERVER parameter of the time.cgi...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14287)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14289)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the smoothinfo.cgi endpoint WRAP or SECTIONTITLE parameter on the user-supplied data lack of effective filtering an...

Unspecified Vulnerability in Multiple Apple Products (CNVD-2026-14494)

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in several Apple products that could be exploited by an attacker to disclose...

Security Bypass Vulnerability in Multiple Apple Products

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products, which can be exploited by an attacker to...

Apple macOS Tahoe Information Disclosure Vulnerability (CNVD-2026-14995)

Apple macOS Tahoe is an operating system from the American company Apple. Apple macOS Tahoe suffers from an information disclosure vulnerability that can be exploited by attackers to access sensitive user data...

OpenClaw has an unspecified vulnerability (CNVD-2026-13377)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an unspecified vulnerability that stems from insufficient validation of the targetDir value during download skill installation, which can be exploited by an attacker to cause files to be written outsid...

Apple macOS Tahoe Elevation of Privilege Vulnerability

Apple macOS Tahoe is an operating system from the American company Apple. Apple macOS Tahoe suffers from an elevation of privilege vulnerability that is caused due to an issue in the Installation Assistant component when using a specially crafted application. An attacker can exploit the...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14345)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express suffers from a cross-site scripting vulnerability that originates from the interfaces.cgi script to GREENADDRESS, GREENNETMASK, REDDHCPHOSTNAME, REDADDRESS, DNS1OVERRIDE, DNS2 OVERRIDE,...

OpenClaw Code Injection Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code injection vulnerability. The vulnerability stems from the fact that channel metadata may be included in the model's system prompts when the Slack integration is enabled, increasing the attack...

Log injection vulnerability in IBM MQ Operator and IBM-supplied MQ Advanced container images

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable, proven messaging backbone for Service Oriented Architecture SOA. IBM-supplied MQ Advanced container images are standard container images officially provided by IBM,...

GFI MailEssentials AI IP Blocklist Administration Page Cross-Site Scripting Vulnerability

GFI MailEssentials AI is a U.S. GFI open source anti-spam and data leakage protection software. A cross-site scripting vulnerability exists in the GFI MailEssentials AI IP Blocklist administration page, which can be exploited by an attacker to execute script in the context of a logged-in user...

WordPress Plugin Web Accessibility by accessiBe Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Web Accessibility by...

Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14486)

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial of service vulnerability exists in multiple Apple products, which is caused due to an issue in the...

Microsoft Windows Resource Management Error Vulnerability (CNVD-2026-12560)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A resource management error vulnerability exists in Microsoft Windows. The vulnerability stems from uncontrolled resource consumption by an application and can be exploited by an...

Microsoft Excel Elevation of Privilege Vulnerability (CNVD-2026-16158)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Excel, which can be exploited by an attacker to elevate privileges...

Microsoft Hyper-V Buffer Overflow Vulnerability

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A buffer overflow vulnerability exists in Microsoft Hyper-V. The vulnerability stems from a failure to properly validate the length and size of...

Zyxel EX3510-B0 TR-369 certificate download script command injection vulnerability

The Zyxel VMG3625-T50B is a VDSL2/ADSL2+ modem router produced by Zyxel Technologies. The Zyxel VMG3625-T50B has a command injection vulnerability as indicated by the TR-369 certification download script. This vulnerability stems from incorrect filtering of input parameters, allowing remote...

Mozilla Firefox for Android information leakage vulnerability (CNVD-2026-23777)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox for Android has a vulnerability where information can be leaked; attackers can exploit this vulnerability to obtain sensitive data...

Multiple Mozilla products have memory error-related vulnerabilities (CNVD-2026-23778)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. Several Mozilla products have memory error exploitation...

Adobe InDesign Desktop suffers from an out-of-bounds read vulnerability

Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. A security vulnerability exists in Adobe InDesign Desktop version 21.1, version 20.5.1, and prior versions, which can be exploited by attackers to obtain sensitive information...

OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-13430)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from unauthenticated TXT records in discovery beacons, where certain clients treat the TXT values as authoritative routing/fixed inputs. An attacker...

Smoothwall Express proxy.cgi Endpoint Cross-Site Scripting Vulnerability

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express proxy.cgi endpoint cross-site scripting vulnerability , the vulnerability stems from the proxy.cgi endpoint in a number of parameters of the user-supplied data lack of effective filtering...

Adobe After Effects has an out-of-bounds read vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects 25.6 and...