Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2026-20169)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to elevate privileges...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2026-20167)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows Kernel, which can be exploited by attackers to obtain sensitive information...

Microsoft Windows Shell Spoofing Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A spoofing vulnerability exists in...

Microsoft Word Information Disclosure Vulnerability (CNVD-2026-19707)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability to obtain sensitive information...

Microsoft Word Code Execution Vulnerability (CNVD-2026-19748)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word due to an untrusted pointer dereference flaw. An attacker could exploit this vulnerability to execute arbitrary code on a system...

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2026-19432)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

Microsoft Office PowerPoint Code Execution Vulnerability

Microsoft Office PowerPoint is an American Microsoft Microsoft company's software for creating, presentations PPT. A code execution vulnerability exists in Microsoft Office PowerPoint, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Azure Monitor Agent Input Validation Error Vulnerability (CNVD-2026-18593)

Microsoft Azure Monitor Agent is a monitoring agent program from Microsoft USA. A security vulnerability exists in Microsoft Azure Monitor Agent. An attacker can exploit the vulnerability to elevate privileges...

Microsoft Office Code Execution Vulnerability (CNVD-2026-19434)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2026-19433)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-19430)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft PowerShell Elevation of Privilege Vulnerability

Microsoft PowerShell is a Microsoft-developed cross-platform task automation solution that includes a command-line shell, scripting language, and configuration management framework. An elevation of privilege vulnerability exists in Microsoft PowerShell, which is caused by incorrect input validati...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-19429)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. It is used for financial management, production management and business intelligence management. An information disclosure vulnerability exists in Microsoft Dynamics 365 On-Premises,...

Microsoft Desktop Windows Manager Resource Management Error Vulnerability (CNVD-2026-18598)

Microsoft Desktop Windows Manager is a desktop window manager from Microsoft USA. A security vulnerability exists in Microsoft Desktop Windows Manager. An attacker could exploit the vulnerability to elevate privileges...

Microsoft Desktop Windows Manager Resource Management Error Vulnerability (CNVD-2026-18596)

Microsoft Desktop Windows Manager is a desktop window manager from Microsoft USA. A security vulnerability exists in Microsoft Desktop Windows Manager. An attacker could exploit the vulnerability to elevate privileges...

Microsoft Azure Monitor Agent Code Issue Vulnerability (CNVD-2026-18594)

Microsoft Azure Monitor Agent is a monitoring agent program from Microsoft USA. A security vulnerability exists in Microsoft Azure Monitor Agent. An attacker can exploit the vulnerability to elevate privileges...

Microsoft Brokering File System Resource Management Error Vulnerability

Microsoft Brokering File System is a file system from the American company Microsoft. A security vulnerability exists in Microsoft Brokering File System. An attacker could exploit the vulnerability to elevate privileges...

Microsoft Desktop Windows Manager Resource Management Error Vulnerability

Microsoft Desktop Windows Manager is a desktop window manager from Microsoft USA. A security vulnerability exists in Microsoft Desktop Windows Manager. An attacker could exploit the vulnerability to elevate privileges...

Dell PowerProtect Data Domain Incorrect Authentication Vulnerability

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. An incorrect authentication vulnerability exists in Dell PowerProtect Data Domain with Data Domain Operating System DD OS, which can be...

Microsoft Windows Shell Elevation of Privilege Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...

Microsoft PowerShell Security Feature Bypass Vulnerability

Microsoft PowerShell is a Microsoft-developed cross-platform task automation solution that includes a command-line shell, scripting language, and configuration management framework. A security feature bypass vulnerability exists in Microsoft PowerShell, which can be exploited by an attacker to...

Microsoft Word Code Execution Vulnerability (CNVD-2026-19747)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

WordPress Plugin WCFM Marketplace SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WCFM Marketplace suffers from a SQL injection vulnerability that stems from th...

Microsoft .NET Framework Denial of Service Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A security vulnerability...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2026-20172)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows Kernel, which can be exploited by attackers to obtain sensitive information...

Microsoft Desktop Windows Manager Resource Management Error Vulnerability (CNVD-2026-18599)

Microsoft Desktop Windows Manager is a desktop window manager from Microsoft USA. A security vulnerability exists in Microsoft Desktop Windows Manager. An attacker could exploit the vulnerability to elevate privileges...

Microsoft Word Code Execution Vulnerability (CNVD-2026-19751)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

WordPress Plugin YouTube Showcase Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin YouTube Showcase, which ste...

Microsoft Windows Shell Information Disclosure Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft USA.Easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. On some versions of Windows, featur...

Microsoft Windows TCP/IP Remote Code Execution Vulnerability

Microsoft Windows TCP/IP is a Microsoft component that provides TCP/IP configuration capabilities for Windows. A remote code execution vulnerability exists in Microsoft Windows TCP/IP, which can be exploited by an attacker to execute code...

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2026-20170)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to elevate privileges...

Microsoft Windows Shell Security Feature Bypass Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A security feature bypass...

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2026-20168)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to elevate privileges...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-19428)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Word Code Execution Vulnerability (CNVD-2026-19750)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel Buffer Overflow Vulnerability (CNVD-2026-18600)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to obtain sensitive information...

Microsoft Windows Shell Elevation of Privilege Vulnerability (CNVD-2026-20176)

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...

Unspecified Vulnerability in PraisonAI (CNVD-2026-18147)

PraisonAI is a low-code multi-intelligence body collaboration framework by the individual developer Mervin Praison. PraisonAI suffers from a security vulnerability that stems from the OAuthManager.validatetoken function returning True for any token not found in its internal storage, which can be...

Dell PowerProtect Data Domain Parameter Injection Vulnerability (CNVD-2026-18540)

Dell PowerProtect Data Domain is a data protection and de-duplication storage appliance. A parameter injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize parameter separators in commands and can be exploited by an attacker ...

PraisonAI has an unspecified vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

PraisonAI Code Issue Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a code issue vulnerability that stems from the FileTools.downloadfile function validating the target path but not validating the url parameter, which can be exploited by an attacker to cause the attacke...

Dell PowerProtect Data Domain Information Disclosure Vulnerability (CNVD-2026-18586)

The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for backup, archiving and disaster recovery. An information disclosure vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from the system exposing sensitive information to...

Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability

Dell PowerProtect Data Domain is a data protection specialized storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain...

Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability (CNVD-2026-18584)

Dell PowerProtect Data Domain is a data protection storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain Operating...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18581)

The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for enterprise-class backup, archiving, and disaster recovery. An OS command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutrali...

PraisonAI Operating System Command Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...

Dell PowerProtect Data Domain Cross-Site Scripting Vulnerability (CNVD-2026-18583)

The Dell PowerProtect Data Domain is a data protection-specific storage device designed for efficient backup, archiving and disaster recovery. A cross-site scripting vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly handle user input and can...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18582)

Dell PowerProtect Data Domain is a data protection and backup storage product for enterprise-class data backup, deduplication and disaster recovery. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly hand...

Dell PowerProtect Data Domain OS Command Injection Vulnerability

Dell PowerProtect Data Domain is a data protection and deduplication storage appliance. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize a specific element used for OS command injection, whic...