Lucene search
K

131179 matches found

CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

OpenClaw input validation error vulnerability (CNVD-2026-26890)

OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a vulnerability related to input validation. An attacker can exploit this vulnerability to match allowed list entries based on dialogue metadata rather than a stable sender identity. This allows them t...

5.4CVSS6.1AI score0.00171EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

OpenClaw input validation error vulnerability (CNVD-2026-26888)

OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a vulnerability related to input validation. This vulnerability stems from a lack of checks for combined POSIX inline command flags within the macOS Swift exec function. This allows for bypassing the...

9.8CVSS6.2AI score0.0024EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

OpenClaw permission licensing and access control vulnerabilities (CNVD-2026-26891)

OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has vulnerabilities related to permission management and access control. These vulnerabilities stem from environmental variable injection issues. The .env STATEDIRECTORY environment variable may affect the...

7.1CVSS6.1AI score0.00124EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

Adobe DNG Software Development Kit (SDK) heap buffer overflow vulnerability (CNVD-2026-26864)

The Adobe DNG Software Development Kit SDK is a software development toolkit launched by Adobe Inc. The Adobe DNG Software Development Kit SDK contains a heap buffer overflow vulnerability, allowing attackers to execute arbitrary code within the context of the current user...

7.8CVSS7.3AI score0.00199EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

Adobe DNG Software Development Kit (SDK) Out-of-Bounds Vulnerability (CNVD-2026-26857)

The Adobe DNG Software Development Kit SDK is a software development toolkit launched by Adobe Inc. The Adobe DNG Software Development Kit SDK has a out-of-bounds read vulnerability; this vulnerability stems from reading data from an out-of-bounds memory buffer. Attackers can exploit this...

5.5CVSS6.2AI score0.00165EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

Adobe DNG Software Development Kit (SDK) Out-of-Bounds Vulnerability (CNVD-2026-26859)

The Adobe DNG Software Development Kit SDK is a software development toolkit launched by Adobe Inc. The Adobe DNG Software Development Kit SDK has a out-of-bounds vulnerability, allowing attackers to access sensitive memory information...

5.5CVSS6.2AI score0.00165EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

Adobe DNG Software Development Kit (SDK) Out-of-Bounds Vulnerability (CNVD-2026-26858)

The Adobe DNG Software Development Kit SDK is a software development toolkit launched by Adobe Inc. The Adobe DNG Software Development Kit SDK has a out-of-bounds vulnerability, allowing attackers to access sensitive memory information...

5.5CVSS6.2AI score0.00165EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

OpenClaw Limited licensing and access control issues

OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has vulnerabilities related to limited permissions and access control. Attackers can exploit these vulnerabilities to replay the bootstrap token before it is approved, thereby increasing the paired...

5.4CVSS6.1AI score0.00088EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.2 views

OpenClaw processing logic error vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a processing logic vulnerability that attackers can exploit to use tail tokens in derived URLs within models or workpaces, thereby bypassing interception list comparisons. This allows them to use...

6.5CVSS6.1AI score0.0021EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.4 views

OpenClaw path traversal vulnerability (CNVD-2026-25114)

OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a path traversal vulnerability. This vulnerability arises because the maintenance task execution process allows workspace-derived service paths to affect the selection of the trash command. Attackers c...

7.2CVSS6AI score0.00119EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.4 views

OpenClaw Authorization Issue Vulnerability (CNVD-2026-25113)

OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a licensing issue vulnerability, which arises due to a lack of expected allowlist decisions in the shell inline command parsing path. Attackers can exploit this vulnerability to enable authenticated...

8.1CVSS5.8AI score0.0026EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.4 views

Multiple Mozilla product memory error-related vulnerabilities (CNVD-2026-26108)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have memory error exploitation...

8.8CVSS6.4AI score0.00382EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.3 views

Mozilla Firefox ESR and Mozilla Thunderbird buffer overflow vulnerabilities (CNVD-2026-26109)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Both Mozilla Firefox ESR and Mozilla Thunderbird have buffer...

7.5CVSS6.2AI score0.00326EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.3 views

Multiple Mozilla product code execution vulnerabilities (CNVD-2026-26107)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. Several Mozilla products have code execution vulnerabilities, and...

8.1CVSS6.7AI score0.00397EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.3 views

Multiple Mozilla Product Permissions Enhancement Vulnerabilities (CNVD-2026-26106)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. Several Mozilla products have vulnerabilities related to privilege...

8.8CVSS6AI score0.00395EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.4 views

OpenClaw input validation error vulnerability (CNVD-2026-26104)

OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a vulnerability related to input validation, which stems from insufficient cleaning in the host environment cleaner. This vulnerability allows Node.js control variables to bypass validation. Attackers...

8.1CVSS6AI score0.00246EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.4 views

Dell PowerFlex Manager SQL injection vulnerability

Dell PowerFlex Manager is an infrastructure management platform developed by Dell Corporation, used to manage powerflex storage and computing resources. Dell PowerFlex Manager has a SQL injection vulnerability. This vulnerability stems from improper filtering of submitted SQL statements. A remote...

5.7CVSS6.1AI score0.00192EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.4 views

OpenBSD src mpls_do_error function out-of-bounds read vulnerability

OpenBSD src is a base source code package used for building the OpenBSD operating system, containing implementations of the kernel and core components. OpenBSD src has a out-of-bounds read vulnerability. This vulnerability stems from the mplsdoerror function failing to properly handle a specially...

6.9CVSS6.2AI score0.00423EPSS
Exploits2
CNVD
CNVD
added 2026/06/22 12:0 a.m.4 views

Microsoft 365 Copilot Command Injection Vulnerability (CNVD-2026-26512)

Microsoft 365 Copilot is an AI assistant integrated into the Microsoft 365 office suite. It offers features such as intelligent writing, data analysis, and content generation. Microsoft 365 Copilot has a command injection vulnerability. This vulnerability arises from the failure to properly...

7.5CVSS6.6AI score0.00399EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.3 views

Microsoft Azure Synapse permission licensing and access control issue vulnerabilities

Microsoft Azure Synapse is a cloud data analysis service provided by the American company Microsoft. There are vulnerabilities related to permission licensing and access control in Microsoft Azure Synapse. These vulnerabilities stem from issues with privilege escalation; attackers can exploit the...

9.9CVSS7.2AI score0.005EPSS
Exploits0
CNVD
CNVD
added 2026/06/22 12:0 a.m.5 views

Mozilla Firefox for iOS: Input validation error vulnerability (CNVD-2026-26110)

Mozilla Firefox for iOS is a mobile web browser developed by the Mozilla Foundation. Mozilla Firefox for iOS has a vulnerability related to input validation. This vulnerability arises from using partial domain matching when attaching cookies to PDF requests. An attacker can exploit this...

6.5CVSS6AI score0.00096EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.5 views

Google Chrome Resource Management Error Vulnerability (CNVD-2026-25123)

Google Chrome is a web browser developed by Google. It primarily provides features for web browsing, extension support, and multi-platform synchronization. There is a resource management vulnerability in Google Chrome. This vulnerability stems from the Cast component’s failure to properly handle...

8.3CVSS5.7AI score0.00174EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.5 views

Google Chrome Codecs Heap Buffer Overflow Vulnerability (CNVD-2026-25119)

Google Chrome is a web browser based on the Chromium kernel, primarily offering web browsing capabilities and a rich ecosystem of plugins. Google Chrome has a heap buffer overflow vulnerability. This vulnerability stems from the Codecs component failing to properly handle carefully crafted HTML...

8.3CVSS6AI score0.00253EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.5 views

Google Chrome Video Component Buffer Overflow Vulnerability (CNVD-2026-25118)

Google Chrome Video is a component that handles video decoding and rendering, primarily used to support video playback in the Chrome browser on ChromeOS. The Google Chrome Video component has a security vulnerability. This vulnerability stems from an improper check of boundaries during video data...

6.5CVSS5.8AI score0.00236EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.6 views

Google Chrome Views component resource management error vulnerability (CNVD-2026-25115)

Google Chrome is a web browser developed by Google. Its main features include providing a fast, secure, and stable browsing experience. Google Chrome has a resource management vulnerability. This vulnerability stems from the Views component failing to properly handle the object lifecycle when...

8.8CVSS5.8AI score0.00187EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.2 views

TP-Link Tapo C110 has a vulnerability related to formatted string errors

The TP-Link Tapo C110 is an indoor network camera produced by TP-Link Corporation. The TP-Link Tapo C110 v2 has a vulnerability related to formatted string handling. This vulnerability stems from improper processing of user control inputs in the ONVIF service. Attackers can exploit this...

8.1CVSS6.1AI score0.00463EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.8 views

Google Chrome VideoCapture Out-of-Bounds Reading Vulnerability (CNVD-2026-25116)

Google Chrome is a cross-platform web browser developed by Google. It primarily offers functions such as web browsing, extension support, and multi-tab management. Google Chrome has a privilege escalation vulnerability, which stems from the VideoCapture component failing to properly validate memo...

5.3CVSS5.8AI score0.00189EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.7 views

Google Chrome Input Validation Vulnerability (CNVD-2026-25120)

Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing the internet and running web applications. Google Chrome has a security vulnerability that stems from improper handling of implementation logic in extensions. A remote attacker can exploit this...

3.1CVSS5.7AI score0.00208EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.7 views

Google Chrome GPU resource management error vulnerability (CNVD-2026-25117)

Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing web pages, running web applications, and providing various extended features. There is a resource management vulnerability in Google Chrome, which stems from improper handling of references after...

8.3CVSS5.7AI score0.00229EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.6 views

Google Chrome Input Validation Vulnerability (CNVD-2026-25121)

Google Chrome is a web browser developed by Google, offering fast and secure web browsing features. Google Chrome has a vulnerability related to input validation, which stems from improper implementations in the DevTools component. Attackers can exploit this vulnerability to achieve sandbox escap...

8.3CVSS5.7AI score0.00229EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.5 views

Google Chrome Resource Management Error Vulnerability (CNVD-2026-25122)

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a resource management vulnerability, which stems from a problem with reusing resources after they are released in the Autofill component. A remote attacker can exploit this vulnerability to destroy the...

5.3CVSS5.8AI score0.00227EPSS
Exploits0
CNVD
CNVD
added 2026/06/15 12:0 a.m.8 views

Google Chrome Input Validation Vulnerability (CNVD-2026-25124)

Google Chrome is a cross-platform web browser developed by Google, primarily used for accessing internet content. Google Chrome has a vulnerability related to input validation. This vulnerability stems from the Accessibility module’s failure to properly validate untrusted inputs. Attackers can...

8.3CVSS5.8AI score0.00246EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Tenda W20E formCropAndSetWewifiPic function: PicCropName parameter buffer overflow vulnerability

Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E has a buffer overflow vulnerability in the formCropAndSetWewifiPic function, specifically with respect to the picCropName parameter. An attacker can exploit this vulnerability to cause a denial-of-service attack...

7.5CVSS7.4AI score0.00309EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Microsoft Hyper-V Code Execution Vulnerability (CNVD-2026-24918)

Microsoft Hyper-V is an application developed by Microsoft Corporation in the United States. It is a system management program that enables desktop virtualization. There is a code execution vulnerability present in Microsoft Hyper-V. Attackers can exploit this vulnerability to execute arbitrary...

8.4CVSS8AI score0.00307EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.10 views

Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24185)

Adobe InDesign Desktop is a professional desktop publishing software, primarily used for page design, printing, and digital publishing. Adobe InDesign Desktop has a heap buffer overflow vulnerability, which stems from improper handling of certain file data, leading to out-of-bound writes to the...

7.8CVSS6.4AI score0.00175EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.9 views

Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2026-24183)

Adobe InDesign Desktop is a professional desktop publishing and design software, primarily used for page layout, graphic design, and publishing in print and digital media. There is a security vulnerability in Adobe InDesign Desktop. This vulnerability stems from an improper validation of the read...

5.5CVSS5.3AI score0.00155EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Microsoft Excel code execution vulnerability (CNVD-2026-24915)

Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS7.8AI score0.00372EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.10 views

Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2026-24186)

Adobe InDesign Desktop is a professional desktop publishing and typesetting design software, primarily used for creating print and digital publications. There is a security vulnerability in Adobe InDesign Desktop, which stems from improper handling of data writing boundaries. Attackers can exploi...

7.8CVSS6AI score0.00139EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24910)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00283EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.4 views

Microsoft Excel information leakage vulnerability (CNVD-2026-24914)

Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is an information leakage vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to obtain sensitive information...

8.2CVSS7.2AI score0.00518EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24905)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00283EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.4 views

Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24900)

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS6AI score0.00224EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.4 views

Huawei HarmonyOS Authorization Issues Vulnerability (CNVD-2026-25139)

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There are vulnerabilities related to authorization in HUAWEI HarmonyOS. These vulnerabilities stem from the permission control...

4.4CVSS5.8AI score0.00075EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.4 views

Huawei HarmonyOS IPC Module Out-of-Bounds Write Vulnerability (CNVD-2026-25137)

Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing seamless collaboration across devices. The IPC module of Huawei HarmonyOS has a out-of-bounds write vulnerability. This vulnerability arises from improper handling of certain input data. Attacke...

5.3CVSS5.8AI score0.00072EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.4 views

NVIDIA DALI heap buffer overflow vulnerability

NVIDIA DALI is an open-source library for data loading and preprocessing, primarily used to accelerate image and video processing in deep learning workflows. NVIDIA DALI has a heap buffer overflow vulnerability. This vulnerability stems from improper handling of input data within certain...

7.3CVSS6.1AI score0.00154EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.5 views

Huawei EMUI and Huawei HarmonyOS authorization issue vulnerabilities

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. There are authorization...

6.6CVSS5.8AI score0.00079EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.7 views

Microsoft Excel information leakage vulnerability (CNVD-2026-24917)

Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is an information leakage vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to obtain sensitive information...

4.3CVSS5.8AI score0.00629EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.2 views

Huawei HarmonyOS file preview module permission control vulnerability

Huawei HarmonyOS is a distributed operating system developed by Huawei. It is primarily used for intelligent terminal devices, providing cross-device collaboration and a unified experience. The Huawei HarmonyOS file preview module has a permission control vulnerability. This vulnerability stems...

5.5CVSS6.1AI score0.00087EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.2 views

Tenda W20E fromSetDhcpRules function buffer overflow vulnerability

The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a buffer overflow vulnerability. This vulnerability stems from the incorrect validation of the input data length in the bindMACAddr parameter of the fromSetDhcpRules function...

7.5CVSS7.1AI score0.00309EPSS
Exploits0
CNVD
CNVD
added 2026/06/11 12:0 a.m.2 views

Microsoft Win32k Input Validation Vulnerability (CNVD-2026-26514)

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows. There are security vulnerabilities in Microsoft Win32k. Attackers can exploit these vulnerabilities to execute unauthorized code...

7.8CVSS7AI score0.00437EPSS
Exploits0
Total number of security vulnerabilities131179