131179 matches found
OpenClaw OS Command Injection Vulnerability (CNVD-2026-13291)
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw there is an operating system command injection vulnerability , the vulnerability stems from the Docker sandbox execution mechanism when constructing shell commands on the PATH environment variable handling insecurity ,...
Apache Syncope Cross-Site Scripting Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from a cross-site scripting vulnerability that stem...
OpenClaw Information Disclosure Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...
Cisco Meeting Management (CMM) Code Issues Vulnerability
Cisco Meeting Management CMM is a management tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A code issue vulnerability exists in Cisco Meeting Management that stems from improper input validation in certain parts of the web-based management interface, whic...
Google Go Code Execution Vulnerability
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...
Google Go Code Execution Vulnerability (CNVD-2026-10650)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to an insecure construction of external VCS commands when handling untrusted module sources or malicious version strings in...
Mozilla Thunderbird Information Disclosure Vulnerability (CNVD-2026-11794)
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. An information disclosure vulnerability exists in Mozilla Thunderbird, which can be...
Wondershare Driver Install Service Code Issue Vulnerability
Wondershare Driver Install Service is an auxiliary background service program from China Wondershare. A code issue vulnerability exists in Wondershare Driver Install Service, which stems from an unquoted service path, and can be exploited by an attacker to cause an elevation of privilege...
Tenda D301 and Tenda D151 Access Control Error Vulnerabilities
Tenda D301 is a wireless router.Tenda D151 is a wireless router. An access control error vulnerability exists in the Tenda D301 and Tenda D151 that stems from the presence of an unauthenticated configuration download on the /goform/getimage endpoint, which can be exploited by an attacker to cause...
TeamViewer DEX Client Command Injection Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...
Google Chrome Information Disclosure Vulnerability (CNVD-2026-10645)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability, which is caused due to improper implementation in the backend fetch AP. An attacker can exploit the vulnerability to disclose cross-origin data...
TeamViewer DEX Client Buffer Overflow Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client prior to version 26.1 suffers from a buffer overflow vulnerability that stems from the Content Distribution Service's UDP command processor failing to correctly...
TeamViewer DEX Client Input Validation Error Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. An input validation error vulnerability exists in TeamViewer DEX Client versions prior to 26.1, which stems from a lack of validation of user control values in Content Distribution...
TeamViewer DEX Client Information Disclosure Vulnerability (CNVD-2026-16669)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure or denial of service...
TeamViewer DEX Client Information Disclosure Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from an information disclosure vulnerability that can be exploited by an attacker to cause encrypted UDP traffic to be sent in plaintext, resulting in an...
Out-of-bounds read vulnerability in multiple Apple products (CNVD-2026-14499)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. An out-of-bounds read vulnerability exists in multiple Apple products, which can be exploited by an attacke...
Google Chrome Code Execution Vulnerability (CNVD-2026-10652)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from the V8 engine's lack of effective protection against concurrent access to shared resources, which can be exploited by an attacker to execute arbitrary code on...
Delta Electronics DIAView Authentication Bypass Vulnerability
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. Delta Electronics DIAView suffers from an authentication bypass vulnerability, no details of the vulnerability are provided at this time...
Unspecified Vulnerability in TeamViewer DEX Client (CNVD-2026-16662)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause log entries to be injected, altered, or forged, affecting log integrity...
Dell PowerScale OneFS Resource Management Error Vulnerability
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. A resource management error vulnerability exists in Dell PowerScale OneFS that stems from improper allocation of critical resource privileges and can be exploited...
TeamViewer DEX Client Denial of Service Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A denial of service vulnerability exists in TeamViewer DEX Client versions prior to 26.1, which can be exploited by an attacker to cause a termination of service, resulting in a denial...
Multiple Apple Products Information Disclosure Vulnerability (CNVD-2026-14500)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. An information disclosure vulnerability exists in multiple Apple products, which can be exploited by an...
SQL Injection Vulnerability in the Identity Management System of Xiamen Entropy Base Technology Co.
Human ID Magic Identity Authentication Management System is a "real person" verification software system independently developed by Entropy Base Technology for the "one person one ID". The software quickly reads the information of the second-generation ID card, Hong Kong and Macao residents'...
Google Go Information Disclosure Vulnerability (CNVD-2026-10646)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. Google Go suffers from an information disclosure vulnerability that stems from an issue with the order in which messages across cryptographic level boundaries are processed during...
TeamViewer DEX Client Denial of Service Vulnerability (CNVD-2026-16664)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A denial of service vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause a stack memory leak and denial of service...
Dell PremierColor Panel Driver Access Control Error Vulnerability
Dell PremierColor Panel Driver is a high-end monitor color management system from Dell USA. An Access Control Error vulnerability exists in Dell PremierColor Panel Driver versions prior to 1.0.0.1 A01, which stems from improper access control and can be exploited by an attacker to cause elevation...
Apache Continuum Command Injection Vulnerability
Apache Continuum is a continuous integration server from the Apache Foundation. Apache Continuum suffers from a command injection vulnerability that stems from improper neutralization of special elements in commands, which can be exploited by an attacker to invoke arbitrary commands on the server...
ChurchCRM SQL Injection Vulnerability (CNVD-2026-12565)
ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.7.2, which stems from the lack of validation of external input SQL statements in the PerID parameter in the /PaddleNumEditor.php endpoint. An attacker c...
Google Go Denial of Service Vulnerability (CNVD-2026-10647)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from the use of a hyperlinear filename indexing algorithm, and can be exploited by an attacker to cause a denial...
Unspecified Vulnerability in Delta Electronics DIAView
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...
Unspecified Vulnerability in TeamViewer DEX Client (CNVD-2026-16661)
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...
Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability
Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...
Google SentencePiece Buffer Overflow Vulnerability
Google SentencePiece is an unsupervised text splitter for neural network-based text generation from Google USA. Google SentencePiece suffers from a buffer overflow vulnerability that stems from an invalid memory access when using a vulnerable model file created by an unusual training process. No...
Mozilla Firefox Security Bypass Vulnerability (CNVD-2026-11795)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to bypass security restrictions...
OpenClaw has an unspecified vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. A security vulnerability exists in versions prior to OpenClaw 2026.1.29, which originates from automatically establishing a WebSocket connection and sending a token, and can be exploited by an attacker to cause an unauthorized...
Google Android Information Disclosure Vulnerability (CNVD-2026-10641)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a key-pairing-based logic error that can be exploited by an attacker to obtain sensitive information...
Google Go Denial of Service Vulnerability (CNVD-2026-10649)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2026-12674)
Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to regulate the network. The Cisco Identity Services Engine Cisco...
Unspecified vulnerability in WordPress plugin metasync
WordPress is a set of blogging platform developed using the PHP language, the platform has the ability to set up a personal blog site on a server based on PHP and MySQL, WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin metasync, which stems from a...
WordPress Plugin Simple User Registration Access Control Error Vulnerability
WordPress is a set of blogging platform developed using the PHP language, the platform has the ability to set up a personal blog site on a server based on PHP and MySQL, WordPress plugin is an application plugin. An access control error vulnerability exists in the WordPress plugin Simple User...
UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-72551)
U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...
UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69425)
U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...
StudioCMS Information Disclosure Vulnerability (CNVD-2026-18155)
StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an information disclosure vulnerability that stems from the presence of corrupted object-level authorization in the content management functionality, which can be exploited by an attacker to cause a user with...
Information Leakage Vulnerability in E3 Omni-Channel Central Platform of Shanghai Esaote Software Co.
E3 Omni-Channel Middle is an omni-channel new retail solution product for medium and large enterprises. Ltd. E3 Omni-Channel Middleware suffers from an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...
SQL Injection Vulnerability in SQLBot of Hangzhou Feizhiyun Information Technology Co.
SQLBot is an intelligent questioning system based on large models and RAG. Hangzhou Feizhiyun Information Technology Co., Ltd SQLBot suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...
UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69427)
U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...
Delta Electronics DIAView Command Injection Vulnerability
Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...
Mozilla Firefox Code Execution Vulnerability (CNVD-2026-11797)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability due to a use-after-release in the Layout: Scroll and Overflow component. An attacker can exploit this vulnerability to execute arbitrary code...
IBM ApplinX Cross-Site Scripting Vulnerability
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site scripting vulnerability that can be exploited by an attacker to cause credential disclosure...
Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16681)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a security vulnerability in MySQL Server that can be exploited by attackers to cause a denial of service...