131179 matches found
OpenClaw input validation error vulnerability (CNVD-2026-26890)
OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a vulnerability related to input validation. An attacker can exploit this vulnerability to match allowed list entries based on dialogue metadata rather than a stable sender identity. This allows them t...
OpenClaw input validation error vulnerability (CNVD-2026-26888)
OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a vulnerability related to input validation. This vulnerability stems from a lack of checks for combined POSIX inline command flags within the macOS Swift exec function. This allows for bypassing the...
OpenClaw permission licensing and access control vulnerabilities (CNVD-2026-26891)
OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has vulnerabilities related to permission management and access control. These vulnerabilities stem from environmental variable injection issues. The .env STATEDIRECTORY environment variable may affect the...
Adobe DNG Software Development Kit (SDK) heap buffer overflow vulnerability (CNVD-2026-26864)
The Adobe DNG Software Development Kit SDK is a software development toolkit launched by Adobe Inc. The Adobe DNG Software Development Kit SDK contains a heap buffer overflow vulnerability, allowing attackers to execute arbitrary code within the context of the current user...
Adobe DNG Software Development Kit (SDK) Out-of-Bounds Vulnerability (CNVD-2026-26857)
The Adobe DNG Software Development Kit SDK is a software development toolkit launched by Adobe Inc. The Adobe DNG Software Development Kit SDK has a out-of-bounds read vulnerability; this vulnerability stems from reading data from an out-of-bounds memory buffer. Attackers can exploit this...
Adobe DNG Software Development Kit (SDK) Out-of-Bounds Vulnerability (CNVD-2026-26859)
The Adobe DNG Software Development Kit SDK is a software development toolkit launched by Adobe Inc. The Adobe DNG Software Development Kit SDK has a out-of-bounds vulnerability, allowing attackers to access sensitive memory information...
Adobe DNG Software Development Kit (SDK) Out-of-Bounds Vulnerability (CNVD-2026-26858)
The Adobe DNG Software Development Kit SDK is a software development toolkit launched by Adobe Inc. The Adobe DNG Software Development Kit SDK has a out-of-bounds vulnerability, allowing attackers to access sensitive memory information...
OpenClaw Limited licensing and access control issues
OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has vulnerabilities related to limited permissions and access control. Attackers can exploit these vulnerabilities to replay the bootstrap token before it is approved, thereby increasing the paired...
OpenClaw processing logic error vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a processing logic vulnerability that attackers can exploit to use tail tokens in derived URLs within models or workpaces, thereby bypassing interception list comparisons. This allows them to use...
OpenClaw path traversal vulnerability (CNVD-2026-25114)
OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a path traversal vulnerability. This vulnerability arises because the maintenance task execution process allows workspace-derived service paths to affect the selection of the trash command. Attackers c...
OpenClaw Authorization Issue Vulnerability (CNVD-2026-25113)
OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a licensing issue vulnerability, which arises due to a lack of expected allowlist decisions in the shell inline command parsing path. Attackers can exploit this vulnerability to enable authenticated...
Multiple Mozilla product memory error-related vulnerabilities (CNVD-2026-26108)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have memory error exploitation...
Mozilla Firefox ESR and Mozilla Thunderbird buffer overflow vulnerabilities (CNVD-2026-26109)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Both Mozilla Firefox ESR and Mozilla Thunderbird have buffer...
Multiple Mozilla product code execution vulnerabilities (CNVD-2026-26107)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. Several Mozilla products have code execution vulnerabilities, and...
Multiple Mozilla Product Permissions Enhancement Vulnerabilities (CNVD-2026-26106)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. Several Mozilla products have vulnerabilities related to privilege...
OpenClaw input validation error vulnerability (CNVD-2026-26104)
OpenClaw is an intelligent artificial assistant open-sourced by the OpenClaw team. OpenClaw has a vulnerability related to input validation, which stems from insufficient cleaning in the host environment cleaner. This vulnerability allows Node.js control variables to bypass validation. Attackers...
Dell PowerFlex Manager SQL injection vulnerability
Dell PowerFlex Manager is an infrastructure management platform developed by Dell Corporation, used to manage powerflex storage and computing resources. Dell PowerFlex Manager has a SQL injection vulnerability. This vulnerability stems from improper filtering of submitted SQL statements. A remote...
OpenBSD src mpls_do_error function out-of-bounds read vulnerability
OpenBSD src is a base source code package used for building the OpenBSD operating system, containing implementations of the kernel and core components. OpenBSD src has a out-of-bounds read vulnerability. This vulnerability stems from the mplsdoerror function failing to properly handle a specially...
Microsoft 365 Copilot Command Injection Vulnerability (CNVD-2026-26512)
Microsoft 365 Copilot is an AI assistant integrated into the Microsoft 365 office suite. It offers features such as intelligent writing, data analysis, and content generation. Microsoft 365 Copilot has a command injection vulnerability. This vulnerability arises from the failure to properly...
Microsoft Azure Synapse permission licensing and access control issue vulnerabilities
Microsoft Azure Synapse is a cloud data analysis service provided by the American company Microsoft. There are vulnerabilities related to permission licensing and access control in Microsoft Azure Synapse. These vulnerabilities stem from issues with privilege escalation; attackers can exploit the...
Mozilla Firefox for iOS: Input validation error vulnerability (CNVD-2026-26110)
Mozilla Firefox for iOS is a mobile web browser developed by the Mozilla Foundation. Mozilla Firefox for iOS has a vulnerability related to input validation. This vulnerability arises from using partial domain matching when attaching cookies to PDF requests. An attacker can exploit this...
Google Chrome Resource Management Error Vulnerability (CNVD-2026-25123)
Google Chrome is a web browser developed by Google. It primarily provides features for web browsing, extension support, and multi-platform synchronization. There is a resource management vulnerability in Google Chrome. This vulnerability stems from the Cast component’s failure to properly handle...
Google Chrome Codecs Heap Buffer Overflow Vulnerability (CNVD-2026-25119)
Google Chrome is a web browser based on the Chromium kernel, primarily offering web browsing capabilities and a rich ecosystem of plugins. Google Chrome has a heap buffer overflow vulnerability. This vulnerability stems from the Codecs component failing to properly handle carefully crafted HTML...
Google Chrome Video Component Buffer Overflow Vulnerability (CNVD-2026-25118)
Google Chrome Video is a component that handles video decoding and rendering, primarily used to support video playback in the Chrome browser on ChromeOS. The Google Chrome Video component has a security vulnerability. This vulnerability stems from an improper check of boundaries during video data...
Google Chrome Views component resource management error vulnerability (CNVD-2026-25115)
Google Chrome is a web browser developed by Google. Its main features include providing a fast, secure, and stable browsing experience. Google Chrome has a resource management vulnerability. This vulnerability stems from the Views component failing to properly handle the object lifecycle when...
TP-Link Tapo C110 has a vulnerability related to formatted string errors
The TP-Link Tapo C110 is an indoor network camera produced by TP-Link Corporation. The TP-Link Tapo C110 v2 has a vulnerability related to formatted string handling. This vulnerability stems from improper processing of user control inputs in the ONVIF service. Attackers can exploit this...
Google Chrome VideoCapture Out-of-Bounds Reading Vulnerability (CNVD-2026-25116)
Google Chrome is a cross-platform web browser developed by Google. It primarily offers functions such as web browsing, extension support, and multi-tab management. Google Chrome has a privilege escalation vulnerability, which stems from the VideoCapture component failing to properly validate memo...
Google Chrome Input Validation Vulnerability (CNVD-2026-25120)
Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing the internet and running web applications. Google Chrome has a security vulnerability that stems from improper handling of implementation logic in extensions. A remote attacker can exploit this...
Google Chrome GPU resource management error vulnerability (CNVD-2026-25117)
Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing web pages, running web applications, and providing various extended features. There is a resource management vulnerability in Google Chrome, which stems from improper handling of references after...
Google Chrome Input Validation Vulnerability (CNVD-2026-25121)
Google Chrome is a web browser developed by Google, offering fast and secure web browsing features. Google Chrome has a vulnerability related to input validation, which stems from improper implementations in the DevTools component. Attackers can exploit this vulnerability to achieve sandbox escap...
Google Chrome Resource Management Error Vulnerability (CNVD-2026-25122)
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a resource management vulnerability, which stems from a problem with reusing resources after they are released in the Autofill component. A remote attacker can exploit this vulnerability to destroy the...
Google Chrome Input Validation Vulnerability (CNVD-2026-25124)
Google Chrome is a cross-platform web browser developed by Google, primarily used for accessing internet content. Google Chrome has a vulnerability related to input validation. This vulnerability stems from the Accessibility module’s failure to properly validate untrusted inputs. Attackers can...
Tenda W20E formCropAndSetWewifiPic function: PicCropName parameter buffer overflow vulnerability
Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E has a buffer overflow vulnerability in the formCropAndSetWewifiPic function, specifically with respect to the picCropName parameter. An attacker can exploit this vulnerability to cause a denial-of-service attack...
Microsoft Hyper-V Code Execution Vulnerability (CNVD-2026-24918)
Microsoft Hyper-V is an application developed by Microsoft Corporation in the United States. It is a system management program that enables desktop virtualization. There is a code execution vulnerability present in Microsoft Hyper-V. Attackers can exploit this vulnerability to execute arbitrary...
Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24185)
Adobe InDesign Desktop is a professional desktop publishing software, primarily used for page design, printing, and digital publishing. Adobe InDesign Desktop has a heap buffer overflow vulnerability, which stems from improper handling of certain file data, leading to out-of-bound writes to the...
Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2026-24183)
Adobe InDesign Desktop is a professional desktop publishing and design software, primarily used for page layout, graphic design, and publishing in print and digital media. There is a security vulnerability in Adobe InDesign Desktop. This vulnerability stems from an improper validation of the read...
Microsoft Excel code execution vulnerability (CNVD-2026-24915)
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute arbitrary code on the system...
Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2026-24186)
Adobe InDesign Desktop is a professional desktop publishing and typesetting design software, primarily used for creating print and digital publications. There is a security vulnerability in Adobe InDesign Desktop, which stems from improper handling of data writing boundaries. Attackers can exploi...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24910)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft Excel information leakage vulnerability (CNVD-2026-24914)
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is an information leakage vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to obtain sensitive information...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24905)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24900)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Huawei HarmonyOS Authorization Issues Vulnerability (CNVD-2026-25139)
Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There are vulnerabilities related to authorization in HUAWEI HarmonyOS. These vulnerabilities stem from the permission control...
Huawei HarmonyOS IPC Module Out-of-Bounds Write Vulnerability (CNVD-2026-25137)
Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing seamless collaboration across devices. The IPC module of Huawei HarmonyOS has a out-of-bounds write vulnerability. This vulnerability arises from improper handling of certain input data. Attacke...
NVIDIA DALI heap buffer overflow vulnerability
NVIDIA DALI is an open-source library for data loading and preprocessing, primarily used to accelerate image and video processing in deep learning workflows. NVIDIA DALI has a heap buffer overflow vulnerability. This vulnerability stems from improper handling of input data within certain...
Huawei EMUI and Huawei HarmonyOS authorization issue vulnerabilities
Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. There are authorization...
Microsoft Excel information leakage vulnerability (CNVD-2026-24917)
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is an information leakage vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to obtain sensitive information...
Huawei HarmonyOS file preview module permission control vulnerability
Huawei HarmonyOS is a distributed operating system developed by Huawei. It is primarily used for intelligent terminal devices, providing cross-device collaboration and a unified experience. The Huawei HarmonyOS file preview module has a permission control vulnerability. This vulnerability stems...
Tenda W20E fromSetDhcpRules function buffer overflow vulnerability
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a buffer overflow vulnerability. This vulnerability stems from the incorrect validation of the input data length in the bindMACAddr parameter of the fromSetDhcpRules function...
Microsoft Win32k Input Validation Vulnerability (CNVD-2026-26514)
Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows. There are security vulnerabilities in Microsoft Win32k. Attackers can exploit these vulnerabilities to execute unauthorized code...