131179 matches found
OpenClaw has an unspecified vulnerability (CNVD-2026-20009)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the failure of the OpenShell file system bridge to properly validate symbolic link exchanges when handling file system operations, which can be exploited by an...
OpenClaw Server-Side Request Forgery Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that stems from a server-side request forgery vulnerability in QQBot direct media uploads that skips URL authentication. An attacker can exploit this...
OpenClaw server-side request forgery vulnerability (CNVD-2026-19639)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...
OpenClaw has an unspecified vulnerability (CNVD-2026-20008)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to properly preserve the OPENCLAWRuntime Control Environment namespace in the workspace dotenv file, which can be exploited by an attacker to manipula...
OpenClaw has an unspecified vulnerability (CNVD-2026-19640)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to bypass permission list validation by embedding shell extension tokens in heredoc bodies to execute unapproved commands at runtime...
XATABoost CMS SQL Injection Vulnerability
XATABoost CMS is a content management system from XATABoost that provides website content publishing and management functions. A SQL injection vulnerability exists in XATABoost CMS version 1.0.0. The vulnerability stems from the application's lack of validation of externally entered SQL statement...
Cisco IoT Field Network Director command injection vulnerability
The Cisco IoT Field Network Director IoT-FND is a product used for managing IoT networks. It primarily provides features for remote device monitoring, configuration, and troubleshooting. The Cisco IoT Field Network Director has a command injection vulnerability. This vulnerability arises due to t...
Cisco IoT Field Network Director path traversal vulnerability
The Cisco IoT Field Network Director IoT-FND is a centralized management platform used to manage Cisco IoT networks. It primarily provides functions such as device configuration, monitoring, firmware updates, and troubleshooting. The Cisco IoT Field Network Director has a path traversal...
Google Chrome Network Integer Overflow Vulnerability
Google Chrome is a web browser developed by Google to provide web browsing, application running and internet communication features. Google Chrome suffers from an integer overflow vulnerability that stems from the Network component failing to properly handle certain data, which can be exploited b...
Cisco Enterprise Chat and Email cross-site scripting vulnerabilities
Cisco Enterprise Chat and Email is an enterprise-level chat and email communication platform that primarily provides real-time chat, email management, and customer interaction features. Cisco Enterprise Chat and Email has a cross-site scripting vulnerability. This vulnerability stems from...
OpenClaw has an unspecified vulnerability (CNVD-2026-19618)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the derivation of a loopback MCP owner context from a server-issued bearer token that can be spoofed in the request header, which can be exploited by an attacke...
IBM i Web Administration GUI Elevation of Privilege Vulnerability
IBM i is an integrated operating system developed by IBM for use on IBM Power Systems servers, providing database, network, and application services. An elevation of privilege vulnerability exists in IBM i. The vulnerability stems from an invalid authorization check in the Web Administration GUI...
IBM Turbonomic prometurbo agent elevation of privilege vulnerability
The IBM Turbonomic prometurbo agent is a component in IBM Turbonomic Application Resource Management that is used to manage resource configurations. An elevation of privilege vulnerability exists in IBM Turbonomic prometurbo agent. The vulnerability stems from an excessive cluster-wide permission...
Ollama GGUF Model Loader Heap Out-of-Bounds Read Vulnerability
Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...
FluentCMS TextHTML Plugin Cross-Site Scripting Vulnerability
FluentCMS is a .NET-based content management system CMS that is primarily used to quickly build websites and manage web content. A cross-site scripting vulnerability exists in the FluentCMS TextHTML plugin. The vulnerability stems from insufficient validation of user input and failure to properly...
Google Android ADB Authentication Bypass Vulnerability
Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...
OpenClaw has an unspecified vulnerability (CNVD-2026-19030)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to read arbitrary host files, thereby stealing sensitive credentials and accessing critical data...
OpenClaw has an unspecified vulnerability (CNVD-2026-19029)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to retrieve threaded messages that should be filtered by the sender's permission list...
OpenClaw has an unspecified vulnerability (CNVD-2026-19026)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to suppress legitimate events on different accounts by matching the eventname and messageid parameters...
OpenClaw Backlink Vulnerability (CNVD-2026-19028)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to upload a tar archive file containing a symbolic link to escape the sandbox and overwrite files on a remote host...
OpenClaw path traversal vulnerability (CNVD-2026-19027)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to bypass file system sandboxing restrictions to read arbitrary files...
IBM Security Verify Directory File Upload Vulnerability
IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. A file upload vulnerability exists in IBM Security Verify Directory versions 10.0.0 through 10.0.0.3. The vulnerability stems from an unverified file type and can be...
Delta Electronics AS320T Stack Buffer Overflow Vulnerability
Delta Electronics AS320T is a high-performance programmable logic controller device for industrial automation control from Delta Electronics China. The Delta Electronics AS320T suffers from a stack buffer overflow vulnerability that is caused by incorrect boundary checking of file names. An...
Delta Electronics AS320T Denial of Service Vulnerability
Delta Electronics AS320T is a high-performance programmable logic controller device for industrial automation control from Delta Electronics China. A denial of service vulnerability exists in the Delta Electronics AS320T, which can be exploited by an attacker to cause a denial of service...
TOTOLINK A3300R mode parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R mode parameter, which originates from /cgi-bin/cstecgi.cgi failing to properly filter the mode parameter, and can be exploited by an attacker to execute...
TOTOLINK A3300R pppoeMtu Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeMtu parameter suffers from a command injection vulnerability that stems from the firmware failing to properly validate user input for the pppoeMtu parameter in /cgi-bin/cstecgi.cgi, which can be...
TOTOLINK A3300R week parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R week parameter, which originates from the week parameter of /cgi-bin/cstecgi.cgi in firmware v17.0.0cu.557B20221024 that fails to properly handle user input...
Flowise Information Disclosure Vulnerability
Flowise is a FlowiseAI open source tool for easily building LLM applications. Flowise suffers from an information disclosure vulnerability caused by a flaw in the /api/v1/public-chatflows/:id endpoint that can be exploited by an attacker to obtain sensitive information...
TOTOLINK A3300R pppoeServiceName Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeServiceName parameter suffers from a command injection vulnerability that stems from the cstecgi.cgi file failing to properly validate the pppoeServiceName parameter, which can be exploited by an...
TOTOLINK A3300R stun_user parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunuser parameter, which originates from the failure of the stunuser parameter in the cstecgi.cgi file to properly validate user input, and can be exploite...
OpenClaw Remote Code Execution Vulnerability (CNVD-2026-18601)
OpenClaw is a software platform for device pairing and node management, with key features including device authentication, node-wide gateway control, and remote command execution. OpenClaw suffers from a remote code execution vulnerability that stems from a device pairing node failing to properly...
TOTOLINK A3300R ttlWay Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R ttlWay parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the ttlWay parameter of...
TOTOLINK A3300R recHour Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R recHour parameter, which originates from the failure of the recHour parameter in the /cgi-bin/cstecgi.cgi file to correctly filter user input, and can be...
TOTOLINK A3300R stunEnable Parameter Command Injection Vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunEnable parameter, which stems from the cstecgi.cgi file failing to properly handle the stunEnable parameter and can be exploited by an attacker to...
TOTOLINK A3300R user parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R user parameter, which originates from the failure of the user parameter in cstecgi.cgi to properly filter special characters, and can be exploited by an...
TOTOLINK A3300R informEnable Parameter Command Injection Vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R informEnable parameter, which stems from the cstecgi.cgi file failing to properly validate the informEnable parameter and can be exploited by an attacke...
TOTOLINK A3300R interval parameter command injection vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R interval parameter, which occurs when the /cgi-bin/cstecgi.cgi file fails to properly handle the interval parameter and can be exploited by an attacker ...
ToToLink A3300R cstecgi.cgi url Parameter Command Injection Vulnerability
ToToLink A3300R is a router product that provides network connectivity and data transfer. The ToToLink A3300R suffers from a command injection vulnerability that stems from failing to properly validate the input of the url parameter of /cgi-bin/cstecgi.cgi, which can be exploited by an attacker t...
TOTOLINK A3300R stunPort Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunPort parameter, which originates from /cgi-bin/cstecgi.cgi failing to properly validate the stunPort parameter, and can be exploited by an attacker to...
TOTOLINK A3300R password parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R password parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the password parameter of...
TOTOLINK A3300R provider parameter command injection vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R provider parameter, which can be exploited by an attacker to execute arbitrary commands by sending a malicious request to the parameter...
TOTOLINK A3300R hour parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R hour parameter, which originates from the cstecgi.cgi file failing to properly validate the hour parameter, and can be exploited by an attacker to execute...
TOTOLINK A3300R stunMinAlive Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunMinAlive parameter, which stems from a failure to properly handle the stunMinAlive parameter in cstecgi.cgi, and can be exploited by an attacker to...
TOTOLINK A3300R stunMaxAlive Parameter OS Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK A3300R stunMaxAlive parameter, which originates from the cstecgi.cgi file failing to handle the stunMaxAlive parameter correctly, and can be...
TOTOLINK A3300R stunServerAddr Parameter OS Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK A3300R stunServerAddr parameter, which originates from the cstecgi.cgi file failing to properly validate the stunServerAddr parameter, which can ...
TOTOLINK A3300R dhcpMtu Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R dhcpMtu parameter, which can be exploited by an attacker to execute arbitrary commands by sending a specially crafted request to /cgi-bin/cstecgi.cgi...
Microsoft Partner Center Access Control Vulnerability
Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...
IBM Guardium Data Protection Directory Traversal Vulnerability
IBM Guardium Data Protection is a data security and compliance monitoring platform for database activity monitoring, vulnerability assessment and sensitive data discovery. A directory traversal vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from a failure to properl...
IBM Verify Identity Access Container Weak Encryption Algorithm Vulnerability
IBM Verify Identity Access Container is an identity and access management solution for providing secure single sign-on and access control. A weak cryptographic algorithm vulnerability exists in IBM Verify Identity Access Container. The vulnerability stems from the product's use of a...
Linux kernel local elevation of privilege vulnerability (CNVD-2026-19044)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A local elevation of privilege vulnerability exists in the Linux kernel, which stems from a flaw in the logic of the crypto: algifaead module when handling AEAD operations, and...