131179 matches found
Adobe Substance 3D Stager suffers from an out-of-bounds read vulnerability (CNVD-2026-12699)
Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds read vulnerability exists in Adobe Substance 3D Stager, which can be exploited by an attacker ...
Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14273)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial-of-service vulnerability exists in several Apple products, which can be exploited by attackers to...
Multiple Apple Products Path Traversal Vulnerability
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A path traversal vulnerability exists in several Apple products. The vulnerability stems from a program's...
WordPress plugin Aardvark cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Aardvark has a cross-site scripting vulnerability, the vulnerability stems fro...
Adobe Substance 3D Stager suffers from an out-of-bounds read vulnerability
Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated 3D scene set, lighting setup and high-quality rendering of professional software. An out-of-bounds read vulnerability exists in Adobe Substance 3D Stager, which can be exploited by an attacker to execute...
Adobe After Effects has a binary vulnerability
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A binary vulnerability exists in Adobe After Effects 25.6 and earlier...
Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14374)
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the preferences.cgi script on the HOSTNAME, KEYMAP and OPENNESS parameters of the user-supplied data lack of...
Log injection vulnerability in IBM MQ Operator and IBM-supplied MQ Advanced container images
IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable, proven messaging backbone for Service Oriented Architecture SOA. IBM-supplied MQ Advanced container images are standard container images officially provided by IBM,...
Apple macOS Information Disclosure Vulnerability (CNVD-2026-14974)
Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has an information disclosure vulnerability that can be exploited by attackers to access sensitive user data...
Mozilla Firefox for Android information leakage vulnerability (CNVD-2026-23777)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox for Android has a vulnerability where information can be leaked; attackers can exploit this vulnerability to obtain sensitive data...
IBM Concert has a weak cryptographic algorithm vulnerability
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by International Business Machines IBM Corporation at the IBM Think conference in Boston, USA. A weak cryptographic algorithm vulnerability exis...
Apple macOS Tahoe Information Disclosure Vulnerability (CNVD-2026-14994)
Apple macOS Tahoe is an operating system from the American company Apple. Apple macOS Tahoe suffers from an information disclosure vulnerability that can be exploited by attackers to cause an application to access protected user data...
Multiple Apple Product Code Execution Vulnerabilities (CNVD-2026-26099)
Apple iOS is an operating system developed for mobile devices. Apple macOS is a dedicated operating system developed specifically for Mac computers. Apple iPadOS is an operating system used for iPad tablets. Several Apple products have code execution vulnerabilities, and attackers can exploit the...
OpenClaw has an unspecified vulnerability (CNVD-2026-13383)
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has a security vulnerability that stems from the fact that under iMessage groupPolicy=allowlist, the identity of the sender from the DM pairing store can satisfy the group authorization, which can be exploited by an...
OpenClaw Resource Management Error Vulnerability (CNVD-2026-13374)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Resource Management Error vulnerability that stems from an ACP bridge accepting too large a block of prompt text, which can be exploited by an attacker to cause problems with the processing of abnorm...
OpenClaw Code Issues Vulnerabilities
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that stems from the Gateway tool being under-restricted when accepting a gatewayUrl provided by the tool, which can be exploited by an attacker to cause an OpenClaw host to...
Microsoft Hyper-V Buffer Overflow Vulnerability
Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A buffer overflow vulnerability exists in Microsoft Hyper-V. The vulnerability stems from a failure to properly validate the length and size of...
OpenClaw has an unspecified vulnerability (CNVD-2026-13376)
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a security vulnerability that stems from logging not desensitizing Telegram bot tokens, which can be exploited by an attacker to cause token disclosure...
Security Bypass Vulnerability in Multiple Apple Products (CNVD-2026-14492)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products and is caused by a logic issue in a kerne...
XML External Entity Injection Vulnerability in IBM Db2
IBM Db2 is the United States International Business Machines IBM company developed a set of relational database management system, it is the main operating environment for UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. An XML external entit...
Apache Shiro Authentication Bypass Vulnerability
Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...
Adobe After Effects suffers from an out-of-bounds write vulnerability (CNVD-2026-12691)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds write vulnerability exists in Adobe After Effects 25.6 and...
OpenClaw Cross-Site Request Forgery Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a cross-site request forgery vulnerability that stems from a browser-oriented local host change route accepting cross-domain browser requests without explicit Origin/Referer validation, which can be...
Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14284)
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the timedaccess.cgi endpoint MACHINES parameter on the user-supplied data lack of effective filtering and escaping , an...
Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14272)
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple macOS Sequoia is an operating system.... A denial-of-service vulnerability exists in multiple Apple products, which can be exploited by an attacker to cause a malicious HID...
OpenClaw has an unspecified vulnerability (CNVD-2026-13377)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an unspecified vulnerability that stems from insufficient validation of the targetDir value during download skill installation, which can be exploited by an attacker to cause files to be written outsid...
OpenClaw Access Control Error Vulnerability (CNVD-2026-13392)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that can be exploited by an attacker to cause session content disclosure in a multi-user environment...
WordPress plugin Aardvark cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin Aardvark cross-site scripting vulnerability can be exploited by an attacke...
Zyxel EX3510-B0 TR-369 certificate download script command injection vulnerability
The Zyxel VMG3625-T50B is a VDSL2/ADSL2+ modem router produced by Zyxel Technologies. The Zyxel VMG3625-T50B has a command injection vulnerability as indicated by the TR-369 certification download script. This vulnerability stems from incorrect filtering of input parameters, allowing remote...
OpenClaw has an unspecified vulnerability (CNVD-2026-13381)
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has a security vulnerability that originates from the BlueBubbles iMessage channel plugin accepting webhook requests as authenticated based only on the TCP peer address as the loopback address i.e., when a missing or...
GFI MailEssentials AI IP Blocklist Administration Page Cross-Site Scripting Vulnerability
GFI MailEssentials AI is a U.S. GFI open source anti-spam and data leakage protection software. A cross-site scripting vulnerability exists in the GFI MailEssentials AI IP Blocklist administration page, which can be exploited by an attacker to execute script in the context of a logged-in user...
WordPress Plugin Context Blog Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Context Blog. The...
Multiple Apple Products Information Disclosure Vulnerability (CNVD-2026-14480)
AApple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. apple macOS is a specialized operating system developed for Mac computers. An information disclosure vulnerability exists in multiple Apple products.The vulnerability is caused due to an error in the...
OpenClaw Access Control Error Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from an Access Control Error vulnerability that stems from the @openclaw/voice-call plugin Telnyx webhook handler accepting unsigned inbound webhook requests when telnyx.publicKey is not configured, which can b...
Microsoft Excel Elevation of Privilege Vulnerability (CNVD-2026-16158)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Excel, which can be exploited by an attacker to elevate privileges...
Security Bypass Vulnerability in Multiple Apple Products
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products, which can be exploited by an attacker to...
Elevation of Privilege Vulnerability in Multiple Apple Products (CNVD-2026-14475)
Apple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. apple macOS is a specialized operating system developed for Mac computers. An elevation of privilege vulnerability exists in multiple Apple products and is due to a race condition in the CoreServices...
Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14283)
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...
Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14276)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial-of-service vulnerability exists in several Apple products, which can be exploited by attackers to...
Apple macOS out-of-bounds read vulnerability (CNVD-2026-14975)
Apple macOS is a specialized operating system developed by Apple for Mac computers. An out-of-bounds read vulnerability exists in Apple macOS, which can be exploited by an attacker to cause the system to unexpectedly terminate or read kernel memory...
Apple macOS Tahoe Elevation of Privilege Vulnerability
Apple macOS Tahoe is an operating system from the American company Apple. Apple macOS Tahoe suffers from an elevation of privilege vulnerability that is caused due to an issue in the Installation Assistant component when using a specially crafted application. An attacker can exploit the...
OpenClaw Code Injection Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code injection vulnerability. The vulnerability stems from the fact that channel metadata may be included in the model's system prompts when the Slack integration is enabled, increasing the attack...
Smoothwall Express Cross-Site Scripting Vulnerability
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the modem.cgi script for INIT, HANGUP, SPEAKERON, SPEAKEROFF, TONEDIAL and PULSEDIAL parameters of the user-supplied data...
OpenClaw has an unspecified vulnerability (CNVD-2026-13375)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that the confirmation dialog box for openclaw://agent deep links only displays the first 240 characters of the message but executes the full message,...
Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability (CNVD-2026-12697)
Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager, which can be exploited by attackers t...
Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14271)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial-of-service vulnerability exists in several Apple products, which can be exploited by attackers to...
Multiple Apple Product Permissions Enhancement Vulnerabilities (CNVD-2026-26098)
Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system used for iPad tablets. Apple macOS Sonoma is also an operating system. Several Apple products have vulnerabilities related to privilege escalation, and attackers can exploit these vulnerabilities to...
Microsoft Excel Buffer Overflow Vulnerability (CNVD-2026-12552)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A buffer overflow vulnerability exists in Microsoft Excel. The vulnerability stems from the program's failure to properly validate the length and size of input data, which can be exploited by an attacker ...
OpenClaw path traversal vulnerability (CNVD-2026-13428)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the browser download assistant accepting uncleaned output paths, which can be exploited by an attacker to traverse a directory on a system t...
Microsoft Windows Kernel Competitive Conditions Vulnerability
The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. A competitive condition vulnerability exists in Microsoft Windows Kernel. The vulnerability stems from a competitive condition in the kernel's handling of certain operations and can be...