130931 matches found
TOTOLINK A950RG Stack Buffer Overflow Vulnerability
The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a stack buffer overflow vulnerability that stems from insufficient validation of the length of the comment parameter in the setIpQosRules interface, which can b...
Huawei HarmonyOS Media Subsystem Out-of-Bounds Read Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds read vulnerability exists in the Huawei HarmonyOS media subsystem, which can be exploited by attackers to cause confidentiality and...
Huawei HarmonyOS Camera Module Type Obfuscation Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A type confusion vulnerability exists in the Huawei HarmonyOS camera module, which can be exploited by an attacker to cause usability to be compromised...
WeKan has an unspecified vulnerability
WeKan is a Kanban application from WeKan open source. WeKan suffers from a security vulnerability that can be exploited by an attacker to spoof the author of a recorded comment by providing another user's identifier...
TOTOLINK A950RG Buffer Overflow Vulnerability
The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a buffer overflow vulnerability that originates from insufficient validation of the urlKeyword parameter in the setParentalRules interface and failure to perfor...
Huawei HarmonyOS OS Command Injection Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS 0.1.0 version exists operating system command injection vulnerability, the vulnerability stems from the function inputtext parameter text...
HCL AION Command Injection Vulnerability
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...
IBM Db2 Resource Management Error Vulnerability (CNVD-2026-13789)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a Resource Management Error vulnerability that originates from a misallocation of...
Huawei EMUI and Huawei HarmonyOS file system module out-of-bounds write vulnerability
Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei EMUI and Huawei HarmonyOS file system module, which can...
IBM Db2 Denial of Service Vulnerability (CNVD-2026-14674)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...
HCL AION Cross-Site Scripting Vulnerability
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a cross-site scripting vulnerability, which is caused by a lack of content security policy, no details of the vulnerability are provided at this time...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-13291)
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw there is an operating system command injection vulnerability , the vulnerability stems from the Docker sandbox execution mechanism when constructing shell commands on the PATH environment variable handling insecurity ,...
OpenClaw Information Disclosure Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...
Apache Syncope Cross-Site Scripting Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from a cross-site scripting vulnerability that stem...
Apache Syncope Code Issue Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope there is a code problem vulnerability , the vulnerability...
Cisco Meeting Management (CMM) Code Issues Vulnerability
Cisco Meeting Management CMM is a management tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A code issue vulnerability exists in Cisco Meeting Management that stems from improper input validation in certain parts of the web-based management interface, whic...
Google SentencePiece Buffer Overflow Vulnerability
Google SentencePiece is an unsupervised text splitter for neural network-based text generation from Google USA. Google SentencePiece suffers from a buffer overflow vulnerability that stems from an invalid memory access when using a vulnerable model file created by an unusual training process. No...
Dell PowerScale OneFS Resource Management Error Vulnerability
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. A resource management error vulnerability exists in Dell PowerScale OneFS that stems from improper allocation of critical resource privileges and can be exploited...
Multiple Apple Products Information Disclosure Vulnerability (CNVD-2026-14500)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. An information disclosure vulnerability exists in multiple Apple products, which can be exploited by an...
Google Android Information Disclosure Vulnerability (CNVD-2026-10641)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a key-pairing-based logic error that can be exploited by an attacker to obtain sensitive information...
Out-of-bounds read vulnerability in multiple Apple products (CNVD-2026-14499)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. An out-of-bounds read vulnerability exists in multiple Apple products, which can be exploited by an attacke...
Wondershare Driver Install Service Code Issue Vulnerability
Wondershare Driver Install Service is an auxiliary background service program from China Wondershare. A code issue vulnerability exists in Wondershare Driver Install Service, which stems from an unquoted service path, and can be exploited by an attacker to cause an elevation of privilege...
Google Chrome Information Disclosure Vulnerability (CNVD-2026-10645)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability, which is caused due to improper implementation in the backend fetch AP. An attacker can exploit the vulnerability to disclose cross-origin data...
Tenda D301 and Tenda D151 Access Control Error Vulnerabilities
Tenda D301 is a wireless router.Tenda D151 is a wireless router. An access control error vulnerability exists in the Tenda D301 and Tenda D151 that stems from the presence of an unauthenticated configuration download on the /goform/getimage endpoint, which can be exploited by an attacker to cause...
ChurchCRM SQL Injection Vulnerability (CNVD-2026-12565)
ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.7.2, which stems from the lack of validation of external input SQL statements in the PerID parameter in the /PaddleNumEditor.php endpoint. An attacker c...
Unspecified Vulnerability in TeamViewer DEX Client (CNVD-2026-16662)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause log entries to be injected, altered, or forged, affecting log integrity...
SQL Injection Vulnerability in the Identity Management System of Xiamen Entropy Base Technology Co.
Human ID Magic Identity Authentication Management System is a "real person" verification software system independently developed by Entropy Base Technology for the "one person one ID". The software quickly reads the information of the second-generation ID card, Hong Kong and Macao residents'...
TeamViewer DEX Client Buffer Overflow Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client prior to version 26.1 suffers from a buffer overflow vulnerability that stems from the Content Distribution Service's UDP command processor failing to correctly...
TeamViewer DEX Client Input Validation Error Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. An input validation error vulnerability exists in TeamViewer DEX Client versions prior to 26.1, which stems from a lack of validation of user control values in Content Distribution...
Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability
Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...
TeamViewer DEX Client Denial of Service Vulnerability (CNVD-2026-16664)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A denial of service vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause a stack memory leak and denial of service...
TeamViewer DEX Client Information Disclosure Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from an information disclosure vulnerability that can be exploited by an attacker to cause encrypted UDP traffic to be sent in plaintext, resulting in an...
Unspecified Vulnerability in TeamViewer DEX Client (CNVD-2026-16661)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...
Google Go Code Execution Vulnerability
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...
Apache Continuum Command Injection Vulnerability
Apache Continuum is a continuous integration server from the Apache Foundation. Apache Continuum suffers from a command injection vulnerability that stems from improper neutralization of special elements in commands, which can be exploited by an attacker to invoke arbitrary commands on the server...
TeamViewer DEX Client Information Disclosure Vulnerability (CNVD-2026-16669)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure or denial of service...
OpenClaw has an unspecified vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. A security vulnerability exists in versions prior to OpenClaw 2026.1.29, which originates from automatically establishing a WebSocket connection and sending a token, and can be exploited by an attacker to cause an unauthorized...
Mozilla Thunderbird Information Disclosure Vulnerability (CNVD-2026-11794)
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. An information disclosure vulnerability exists in Mozilla Thunderbird, which can be...
Dell PremierColor Panel Driver Access Control Error Vulnerability
Dell PremierColor Panel Driver is a high-end monitor color management system from Dell USA. An Access Control Error vulnerability exists in Dell PremierColor Panel Driver versions prior to 1.0.0.1 A01, which stems from improper access control and can be exploited by an attacker to cause elevation...
Google Chrome Code Execution Vulnerability (CNVD-2026-10652)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from the V8 engine's lack of effective protection against concurrent access to shared resources, which can be exploited by an attacker to execute arbitrary code on...
TeamViewer DEX Client Denial of Service Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A denial of service vulnerability exists in TeamViewer DEX Client versions prior to 26.1, which can be exploited by an attacker to cause a termination of service, resulting in a denial...
Unspecified Vulnerability in Delta Electronics DIAView
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...
TeamViewer DEX Client Command Injection Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...
Mozilla Firefox Security Bypass Vulnerability (CNVD-2026-11795)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to bypass security restrictions...
Delta Electronics DIAView Authentication Bypass Vulnerability
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. Delta Electronics DIAView suffers from an authentication bypass vulnerability, no details of the vulnerability are provided at this time...
Google Go Information Disclosure Vulnerability (CNVD-2026-10646)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. Google Go suffers from an information disclosure vulnerability that stems from an issue with the order in which messages across cryptographic level boundaries are processed during...
Google Go Denial of Service Vulnerability (CNVD-2026-10649)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...
Google Go Code Execution Vulnerability (CNVD-2026-10650)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to an insecure construction of external VCS commands when handling untrusted module sources or malicious version strings in...
Google Go Denial of Service Vulnerability (CNVD-2026-10647)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from the use of a hyperlinear filename indexing algorithm, and can be exploited by an attacker to cause a denial...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2026-12674)
Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to regulate the network. The Cisco Identity Services Engine Cisco...