131179 matches found
D-Link DIR-513 Stack Buffer Overflow Vulnerability (CNVD-2026-19424)
D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a stack buffer overflow vulnerability that originates from the parameter curTime in the file goform/formSetWANTypeWizard5 that fails to correctly validate the length size of the input data, which...
Google Chrome WebAssembly Memory Out-of-Bounds Access Vulnerability
Google Chrome is a free web browser developed by Google Inc. A memory out-of-bounds access vulnerability exists in Google Chrome WebAssembly, which stems from improper memory buffer access control and can be exploited by remote attackers to execute arbitrary code...
Microsoft Payment Orchestrator Service Access Control Error Vulnerability
Microsoft Payment Orchestrator Service is a Microsoft feature that provides cloud-native payment process automation and orchestration for the financial services industry. An Access Control Error vulnerability exists in Microsoft Payment Orchestrator Service, which stems from improper authenticati...
Chamilo CSV File Name Cross-Site Scripting Vulnerability
Chamilo is a learning management system open source by Chamilo. A cross-site scripting vulnerability exists in Chamilo CSV filenames, which stems from insufficient cleanup of CSV filenames, and no detailed vulnerability details are provided at this time...
Google Android Denial of Service Vulnerability (CNVD-2026-13147)
Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which stems from improper input validation in multiple functions of ProfilingService.java, and can be exploited by an attacker to cause a denial of service...
Google Android elevation of privilege vulnerability (CNVD-2026-13146)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by proxy obfuscation in multiple functions of MediaProvider.java that could potentially bypass the external storage write permission. An...
Discourse Access Control Error Vulnerability (CNVD-2026-17485)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from an open Access Control Failure in the Data Explorer plugin,...
Chamilo index.php file SQL injection vulnerability
Chamilo is a learning management system open source by Chamilo. Chamilo index.php file contains a SQL injection vulnerability , an attacker can use the vulnerability to execute illegal SQL commands to steal sensitive database data...
Google Chrome CSS Memory Out-of-Bounds Read Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome CSS suffers from a memory out-of-bounds read vulnerability that originates from out-of-bounds reads of memory buffer data, which can be exploited by remote attackers to execute arbitrary code...
Gradio Trust Management Issue Vulnerability
Gradio is an open source Python library from Gradio Open Source, a way to demonstrate machine learning models through a friendly web interface. A trust management issue vulnerability exists in Gradio versions prior to 4.16.0 through 6.6.0. The vulnerability stems from the automatic enablement of...
Google Android elevation of privilege vulnerability (CNVD-2026-14649)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that could be initiated anywhere due to proxy obfuscation in executeRequest of ActivityStarter.java. An attacker can exploit the vulnerability to gain...
Google Android Information Disclosure Vulnerability (CNVD-2026-13142)
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
FreeRDP freerdp_image_copy_from_icon_data function buffer overflow vulnerability
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer overflow vulnerability exists in versions prior to FreeRDP 3.23.0. The vulnerability stems from a buffer over-read in the freerdpimagecopyfromicondata function, which can be exploited by an...
Google Android suffers from unspecified vulnerability (CNVD-2026-13151)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...
Huawei HarmonyOS Device Security Management Module Competitive Conditions Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS device security management module, which can be exploited by an attacker to cause...
Google Android elevation of privilege vulnerability (CNVD-2026-13149)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from a logic error in multiple functions of KeyguardViewMediator.java, which can be exploited by an attacker to gain elevated privileges on...
Google Android Information Disclosure Vulnerability (CNVD-2026-16154)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability. The vulnerability is caused by a possible way to access the GPU cache due to side channel information leakage in drawLayersInternal of SkiaRenderEngine.cp...
Google Android elevation of privilege vulnerability (CNVD-2026-16155)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which stems from a lack of privilege checking in the relayoutWindow function of WindowManagerService.java, which can be exploited by an attacker to gain...
Google Android suffers from unspecified vulnerability (CNVD-2026-14648)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from improper input validation of the loadDescription function in DeviceAdminInfo.java, and can be exploited by an attacker to cause a local elevation of...
Google Android elevation of privilege vulnerability (CNVD-2026-13790)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability. An attacker can exploit the vulnerability to cause a local elevation of privilege...
D-Link DIR-513 Stack Buffer Overflow Vulnerability (CNVD-2026-16146)
D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a stack buffer overflow vulnerability that originates from the failure of the parameter curTime in the file goform/formSetQoS to properly validate the length size of the input data, which can be...
Google Android elevation of privilege vulnerability (CNVD-2026-14650)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...
Chamilo import.php file OS command injection vulnerability
Chamilo is a learning management system open source by Chamilo. Chamilo import.php file exists operating system command injection vulnerability , the vulnerability stems from /plugin/vchamilo/views/import.php POST tomaindatabase parameter fails to correctly filter constructive commands special...
Chamilo copy_course_session_selected.php file SQL injection vulnerability
Chamilo is a learning management system open source by Chamilo. Chamilo copycoursesessionselected.php file contains a SQL injection vulnerability that can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data...
Chamilo check_parse_lang.php file OS command injection vulnerability
Chamilo is a learning management system open source by Chamilo. Chamilo checkparselang.php file has an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...
Unspecified vulnerability in Discourse (CNVD-2026-17486)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a security vulnerability that stems from a lack of validatebeforecreate authorization in Data Explorer's...
Huawei HarmonyOS Window Module Double Release Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A double-release vulnerability exists in the Huawei HarmonyOS window module, which can be exploited by an attacker to cause availability to be compromised...
Google Android elevation of privilege vulnerability (CNVD-2026-13148)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from a logic error in exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, which can be exploited by an attacker...
Google Chrome WebAudio Memory Out-of-Bounds Access Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome WebAudio suffers from a memory out-of-bounds access vulnerability that stems from an improper implementation and can be exploited by remote attackers to execute arbitrary code...
Apache Airflow Log Message Disclosure Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...
Google Chrome DevTools Heap Corruption Vulnerability
Google Chrome is a free web browser developed by Google Inc. A heap corruption vulnerability exists in Google Chrome DevTools, which stems from improper object destructuring and can be exploited by remote attackers to execute arbitrary code...
Google Chrome WebCodecs Heap Overflow Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome WebCodecs suffers from a heap overflow vulnerability that originates from a partial overwrite of heap memory and can be exploited by remote attackers to execute arbitrary code...
Google Android Denial of Service Vulnerability (CNVD-2026-14647)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that stems from improper input validation in multiple locations, which can be exploited by an attacker to cause a denial of service...
Discourse Access Control Error Vulnerability (CNVD-2026-17484)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from a Chat::AddUsersToChannel add member that bypasses private...
Unspecified Vulnerability in Google Android (CNVD-2026-14652)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which originates from a logic error in the onStart function of CompanionDeviceManagerService.java, which can be exploited by an attacker to cause a local elevation of...
Chamilo editinstance.php file OS command injection vulnerability
Chamilo is a learning management system open source by Chamilo. Chamilo editinstance.php file has an operating system command injection vulnerability , the vulnerability stems from the file /plugin/vchamilo/views/editinstance.php on the POST parameter maindatabase improperly handled , an attacker...
Google Chrome V8 Memory Out-of-Bounds Access Vulnerability (CNVD-2026-13792)
Google Chrome is a free web browser developed by Google Inc. Google Chrome V8 suffers from a memory out-of-bounds access vulnerability that stems from improper memory buffer access control and can be exploited by remote attackers to execute arbitrary code...
Chamilo hotpotatoes.php File SQL Injection Vulnerability
Chamilo is a learning management system open source by Chamilo. Chamilo hotpotatoes.php file contains a SQL injection vulnerability that can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...
Chamilo add_users_to_session.php file cross-site scripting vulnerability
Chamilo is a learning management system open source by Chamilo. A cross-site scripting vulnerability exists in the Chamilo adduserstosession.php file, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Microsoft ACI Confidential Containers is a Microsoft credentials container. A security vulnerability exists in Microsoft ACI Confidential Containers that stems from a poor design and can be exploited by a local attacker to elevate privileges...
Google Android Denial of Service Vulnerability (CNVD-2026-13150)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that is caused due to a path traversal error in multiple functions of MmsProvider.java resulting in a possible way of arbitrarily deleting files affecting phone...
Microsoft Devices Pricing Program Code Issue Vulnerability
The Microsoft Devices Pricing Program is Microsoft's exclusive device purchasing and pricing mechanism for enterprise customers, partners, or select channels to enjoy customized pricing, terms of business, and support for volume purchases of Surface Series devices such as Surface Laptop, Surface...
Google Android suffers from unspecified vulnerability (CNVD-2026-14645)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...
Google Android suffers from unspecified vulnerability (CNVD-2026-14651)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from a logic error in the loadDataAndPostValue function for multiple files, which may mask the use of permissions and can be exploited by an attacker to cause a...
Google Android elevation of privilege vulnerability (CNVD-2026-14644)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from a logic error in multiple functions of TaskFragmentOrganizerController.java, which can be exploited by an attacker to elevate privileg...
Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Microsoft ACI Confidential Containers is a Microsoft credentials container. A security vulnerability exists in Microsoft ACI Confidential Containers that stems from an improper design and can be exploited by an attacker to obtain sensitive information...
Apache Superset Security Bypass Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to execute sensitive SQL functions...
Apache Superset Security Bypass Vulnerability (CNVD-2026-13252)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to bypass data access controls...
Apache Superset SQL Injection Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete arbitrary files on the database...
Apache Superset Information Disclosure Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset has an information disclosure vulnerability that can be exploited by an attacker to retrieve sensitive user information...