Lucene search
K

131179 matches found

CNVD
CNVD
•added 2026/02/10 12:0 a.m.•1 views

OpenClaw OS Command Injection Vulnerability (CNVD-2026-13291)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw there is an operating system command injection vulnerability , the vulnerability stems from the Docker sandbox execution mechanism when constructing shell commands on the PATH environment variable handling insecurity ,...

8.8CVSS6AI score0.04773EPSS
Exploits1References1
CNVD
CNVD
•added 2026/02/10 12:0 a.m.•3 views

Apache Syncope Cross-Site Scripting Vulnerability

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from a cross-site scripting vulnerability that stem...

6.8CVSS5.7AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/10 12:0 a.m.•6 views

OpenClaw Information Disclosure Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...

6.5CVSS5.8AI score0.00745EPSS
Exploits1References1
CNVD
CNVD
•added 2026/02/06 12:0 a.m.•9 views

Cisco Meeting Management (CMM) Code Issues Vulnerability

Cisco Meeting Management CMM is a management tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A code issue vulnerability exists in Cisco Meeting Management that stems from improper input validation in certain parts of the web-based management interface, whic...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•7 views

Google Go Code Execution Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...

7.8CVSS6.8AI score0.00532EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•7 views

Google Go Code Execution Vulnerability (CNVD-2026-10650)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to an insecure construction of external VCS commands when handling untrusted module sources or malicious version strings in...

7CVSS6.9AI score0.00335EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•6 views

Mozilla Thunderbird Information Disclosure Vulnerability (CNVD-2026-11794)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. An information disclosure vulnerability exists in Mozilla Thunderbird, which can be...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•4 views

Wondershare Driver Install Service Code Issue Vulnerability

Wondershare Driver Install Service is an auxiliary background service program from China Wondershare. A code issue vulnerability exists in Wondershare Driver Install Service, which stems from an unquoted service path, and can be exploited by an attacker to cause an elevation of privilege...

8.5CVSS6AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•2 views

Tenda D301 and Tenda D151 Access Control Error Vulnerabilities

Tenda D301 is a wireless router.Tenda D151 is a wireless router. An access control error vulnerability exists in the Tenda D301 and Tenda D151 that stems from the presence of an unauthenticated configuration download on the /goform/getimage endpoint, which can be exploited by an attacker to cause...

8.7CVSS6AI score0.00612EPSS
Exploits1References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•6 views

TeamViewer DEX Client Command Injection Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

6.8CVSS6.1AI score0.00659EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•16 views

Google Chrome Information Disclosure Vulnerability (CNVD-2026-10645)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability, which is caused due to improper implementation in the backend fetch AP. An attacker can exploit the vulnerability to disclose cross-origin data...

6.5CVSS5.7AI score0.00224EPSS
Exploits1References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•2 views

TeamViewer DEX Client Buffer Overflow Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client prior to version 26.1 suffers from a buffer overflow vulnerability that stems from the Content Distribution Service's UDP command processor failing to correctly...

6.5CVSS6.1AI score0.00315EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•6 views

TeamViewer DEX Client Input Validation Error Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. An input validation error vulnerability exists in TeamViewer DEX Client versions prior to 26.1, which stems from a lack of validation of user control values in Content Distribution...

6.5CVSS5.8AI score0.00696EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•4 views

TeamViewer DEX Client Information Disclosure Vulnerability (CNVD-2026-16669)

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure or denial of service...

8.1CVSS5.8AI score0.00196EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•6 views

TeamViewer DEX Client Information Disclosure Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from an information disclosure vulnerability that can be exploited by an attacker to cause encrypted UDP traffic to be sent in plaintext, resulting in an...

6.5CVSS5.7AI score0.00134EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•2 views

Out-of-bounds read vulnerability in multiple Apple products (CNVD-2026-14499)

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. An out-of-bounds read vulnerability exists in multiple Apple products, which can be exploited by an attacke...

4.3CVSS6.6AI score0.00278EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•7 views

Google Chrome Code Execution Vulnerability (CNVD-2026-10652)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from the V8 engine's lack of effective protection against concurrent access to shared resources, which can be exploited by an attacker to execute arbitrary code on...

6.8AI score0.00297EPSS
Exploits1References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•5 views

Delta Electronics DIAView Authentication Bypass Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. Delta Electronics DIAView suffers from an authentication bypass vulnerability, no details of the vulnerability are provided at this time...

9.8CVSS5.7AI score0.00525EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•5 views

Unspecified Vulnerability in TeamViewer DEX Client (CNVD-2026-16662)

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause log entries to be injected, altered, or forged, affecting log integrity...

6.5CVSS5.7AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•6 views

Dell PowerScale OneFS Resource Management Error Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. A resource management error vulnerability exists in Dell PowerScale OneFS that stems from improper allocation of critical resource privileges and can be exploited...

5.5CVSS5.4AI score0.00116EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•7 views

TeamViewer DEX Client Denial of Service Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A denial of service vulnerability exists in TeamViewer DEX Client versions prior to 26.1, which can be exploited by an attacker to cause a termination of service, resulting in a denial...

6.5CVSS5.7AI score0.00168EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•4 views

Multiple Apple Products Information Disclosure Vulnerability (CNVD-2026-14500)

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. An information disclosure vulnerability exists in multiple Apple products, which can be exploited by an...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•9 views

SQL Injection Vulnerability in the Identity Management System of Xiamen Entropy Base Technology Co.

Human ID Magic Identity Authentication Management System is a "real person" verification software system independently developed by Entropy Base Technology for the "one person one ID". The software quickly reads the information of the second-generation ID card, Hong Kong and Macao residents'...

5.9AI score
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•6 views

Google Go Information Disclosure Vulnerability (CNVD-2026-10646)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. Google Go suffers from an information disclosure vulnerability that stems from an issue with the order in which messages across cryptographic level boundaries are processed during...

5.3CVSS5.7AI score0.00276EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•7 views

TeamViewer DEX Client Denial of Service Vulnerability (CNVD-2026-16664)

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A denial of service vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause a stack memory leak and denial of service...

7.5CVSS5.7AI score0.00341EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•6 views

Dell PremierColor Panel Driver Access Control Error Vulnerability

Dell PremierColor Panel Driver is a high-end monitor color management system from Dell USA. An Access Control Error vulnerability exists in Dell PremierColor Panel Driver versions prior to 1.0.0.1 A01, which stems from improper access control and can be exploited by an attacker to cause elevation...

7.8CVSS5.3AI score0.00095EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•5 views

Apache Continuum Command Injection Vulnerability

Apache Continuum is a continuous integration server from the Apache Foundation. Apache Continuum suffers from a command injection vulnerability that stems from improper neutralization of special elements in commands, which can be exploited by an attacker to invoke arbitrary commands on the server...

9.9CVSS6.1AI score0.03732EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•4 views

ChurchCRM SQL Injection Vulnerability (CNVD-2026-12565)

ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.7.2, which stems from the lack of validation of external input SQL statements in the PerID parameter in the /PaddleNumEditor.php endpoint. An attacker c...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•8 views

Google Go Denial of Service Vulnerability (CNVD-2026-10647)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from the use of a hyperlinear filename indexing algorithm, and can be exploited by an attacker to cause a denial...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•4 views

Unspecified Vulnerability in Delta Electronics DIAView

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

9.8CVSS5.8AI score0.00485EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•8 views

Unspecified Vulnerability in TeamViewer DEX Client (CNVD-2026-16661)

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...

7.1CVSS5.7AI score0.00195EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•8 views

Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

9.8CVSS7.8AI score0.00532EPSS
Exploits0
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•5 views

Google SentencePiece Buffer Overflow Vulnerability

Google SentencePiece is an unsupervised text splitter for neural network-based text generation from Google USA. Google SentencePiece suffers from a buffer overflow vulnerability that stems from an invalid memory access when using a vulnerable model file created by an unusual training process. No...

8.5CVSS6AI score0.00163EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•4 views

Mozilla Firefox Security Bypass Vulnerability (CNVD-2026-11795)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to bypass security restrictions...

6.5CVSS5.9AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•5 views

OpenClaw has an unspecified vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. A security vulnerability exists in versions prior to OpenClaw 2026.1.29, which originates from automatically establishing a WebSocket connection and sending a token, and can be exploited by an attacker to cause an unauthorized...

8.8CVSS5.8AI score0.08016EPSS
Exploits5References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•4 views

Google Android Information Disclosure Vulnerability (CNVD-2026-10641)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a key-pairing-based logic error that can be exploited by an attacker to obtain sensitive information...

7.1CVSS5.7AI score0.06942EPSS
Exploits14References1
CNVD
CNVD
•added 2026/02/05 12:0 a.m.•9 views

Google Go Denial of Service Vulnerability (CNVD-2026-10649)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...

7.5CVSS5.7AI score0.01945EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/04 12:0 a.m.•4 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2026-12674)

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to regulate the network. The Cisco Identity Services Engine Cisco...

4.8CVSS5.7AI score0.00238EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/04 12:0 a.m.•4 views

Unspecified vulnerability in WordPress plugin metasync

WordPress is a set of blogging platform developed using the PHP language, the platform has the ability to set up a personal blog site on a server based on PHP and MySQL, WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin metasync, which stems from a...

8.8CVSS5.5AI score0.00372EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/04 12:0 a.m.•3 views

WordPress Plugin Simple User Registration Access Control Error Vulnerability

WordPress is a set of blogging platform developed using the PHP language, the platform has the ability to set up a personal blog site on a server based on PHP and MySQL, WordPress plugin is an application plugin. An access control error vulnerability exists in the WordPress plugin Simple User...

8.8CVSS5.5AI score0.00292EPSS
Exploits0References1
CNVD
CNVD
•added 2026/02/04 12:0 a.m.•5 views

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-72551)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

5.8AI score
Exploits0
CNVD
CNVD
•added 2026/02/03 12:0 a.m.•4 views

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69425)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

5.8AI score
Exploits0
CNVD
CNVD
•added 2026/02/03 12:0 a.m.•5 views

StudioCMS Information Disclosure Vulnerability (CNVD-2026-18155)

StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an information disclosure vulnerability that stems from the presence of corrupted object-level authorization in the content management functionality, which can be exploited by an attacker to cause a user with...

6.5CVSS5.3AI score0.00295EPSS
Exploits2
CNVD
CNVD
•added 2026/02/03 12:0 a.m.•3 views

Information Leakage Vulnerability in E3 Omni-Channel Central Platform of Shanghai Esaote Software Co.

E3 Omni-Channel Middle is an omni-channel new retail solution product for medium and large enterprises. Ltd. E3 Omni-Channel Middleware suffers from an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...

5.8AI score
Exploits0
CNVD
CNVD
•added 2026/02/03 12:0 a.m.•1 views

SQL Injection Vulnerability in SQLBot of Hangzhou Feizhiyun Information Technology Co.

SQLBot is an intelligent questioning system based on large models and RAG. Hangzhou Feizhiyun Information Technology Co., Ltd SQLBot suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...

5.9AI score
Exploits0
CNVD
CNVD
•added 2026/02/03 12:0 a.m.•5 views

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69427)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

5.8AI score
Exploits0
CNVD
CNVD
•added 2026/02/02 12:0 a.m.•4 views

Delta Electronics DIAView Command Injection Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...

9.8CVSS7.4AI score0.01356EPSS
Exploits0
CNVD
CNVD
•added 2026/02/02 12:0 a.m.•7 views

Mozilla Firefox Code Execution Vulnerability (CNVD-2026-11797)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability due to a use-after-release in the Layout: Scroll and Overflow component. An attacker can exploit this vulnerability to execute arbitrary code...

8.8CVSS6.6AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/30 12:0 a.m.•3 views

IBM ApplinX Cross-Site Scripting Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site scripting vulnerability that can be exploited by an attacker to cause credential disclosure...

5.4CVSS5.3AI score0.00147EPSS
Exploits0References1
CNVD
CNVD
•added 2026/01/30 12:0 a.m.•6 views

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16681)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a security vulnerability in MySQL Server that can be exploited by attackers to cause a denial of service...

4.9CVSS5.7AI score0.00337EPSS
Exploits0
Total number of security vulnerabilities131179