Unspecified vulnerability in Apple macOS Sequoia (CNVD-2026-17904)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia has a security vulnerability that can be exploited by attackers to cause an application to break out of its sandbox...

Apple macOS Denial of Service Vulnerability (CNVD-2026-17906)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS. An attacker could exploit this vulnerability to cause an application to unexpectedly terminate the system...

TRENDnet TEW-657BRM vpn_drop Function OS Command Injection Vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM vpndrop function, which originates from a misuse of the vpndrop function parameter policyname in file /setup.cgi, and can be exploited by an attacker to cause OS command...

TRENDnet TEW-657BRM add_wps_client function OS command injection vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM addwpsclient function, which originates from a misuse of the addwpsclient function parameter wlenroleepin in the file /setup.cgi, and can be exploited by an attacker to...

OpenClaw has an unspecified vulnerability (CNVD-2026-17897)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to cause unauthorized senders to bypass authorization checks...

OpenClaw Approval Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an approval bypass vulnerability that stems from variable script operands in system.run not being bound between the approval and execution phases, which can be exploited by an attacker to cause an...

NanoMQ Buffer Overflow Vulnerability (CNVD-2026-16831)

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms. A buffer overflow vulnerability exists in NanoMQ versions prior to 0.24.8. The vulnerability stems from the MQTT-over-WebSocket transport failing to properly validate the receive buffer size when processing MQTT packets with...

OpenClaw has an unspecified vulnerability (CNVD-2026-17186)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a credential fallback issue that can be exploited by an attacker to bypass local authentication boundaries...

Discourse cross-site scripting vulnerability (CNVD-2026-17253)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary HTML and JavaScript...

Discourse authorization issue vulnerability (CNVD-2026-17259)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that stems from a category group moderator being able to perform privileged...

Discourse Information Disclosure Vulnerability (CNVD-2026-17250)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has an information leakage vulnerability , the vulnerability stems from the discourse-subscriptions plugin leaks stripe API key...

TRENDnet TEW-713RE Command Injection Vulnerability

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

Discourse Information Disclosure Vulnerability (CNVD-2026-17258)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from non-employee users having access to read receipt informati...

Google Chrome Dawn Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the Dawn component responsible for freeing memory. An attacker can...

Discourse cross-site scripting vulnerability (CNVD-2026-17263)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the user and group display names not being HTML escaped in...

Discourse code issue vulnerability (CNVD-2026-17261)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a code issue vulnerability that can be exploited by an attacker to cause the server to initiate outbound connectio...

Google Chrome WebGL Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the WebGL component. An attacker can...

WordPress Plugin ElementsKit Elementor Addons and Templates Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ElementsKit Elementor Addon...

Discourse Input Validation Error Vulnerability (CNVD-2026-17260)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an input validation error vulnerability that originates when the enter operation in StaticController reads the...

OpenClaw has an unspecified vulnerability (CNVD-2026-19641)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from automatically discovering and loading plugins from .OpenClaw/extensions/ without explicit trust validation, which can be exploited by an attacker to cause arbitrar...

Google Chrome WebCodecs Component Out-of-Bounds Read Vulnerability

Google Chrome is a web browser from Google, an American company. An out-of-bounds read vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the WebCodecs component to properly validate the boundaries of input data, which can be...

OpenClaw elevation of privilege vulnerability (CNVD-2026-17893)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an invoker with pairing privileges but no administrator privileges to approve pending device requests that request ...

OpenClaw has an unspecified vulnerability (CNVD-2026-17185)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to redirect files outside of a container's mounted namespace using a contention condition...

Google Chrome Compositing Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a mix-up in the instructions responsible for freeing memory in the Compositing component. An attacker can...

OpenClaw Sandbox Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sandbox bypass vulnerability that can be exploited by an attacker to read arbitrary local files using mediaUrl and fileUrl alias parameters that bypass localRoots validation...

OpenClaw Sender Policy Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a sender policy bypass vulnerability that can be exploited by an attacker to bypass sender restrictions and interact with the bot...

Discourse authorization issue vulnerability (CNVD-2026-17262)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...

IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

OpenClaw has an unspecified vulnerability (CNVD-2026-17187)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to modify the configuration of a protected peer account...

Google Chrome ANGLE Component Integer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. An integer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the ANGLE component to properly validate the length size of input data, which can be exploited ...

OpenClaw Input Validation Error Vulnerability (CNVD-2026-16690)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

Tenda AC6 goform/QuickIndex file buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.05.16. The vulnerability stems from the parameter PPPOEPassword in the file /goform/QuickIndex that fails to properly validate the length and size of the input data...

Fleet Denial of Service Vulnerability (CNVD-2026-16892)

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. A denial of service vulnerability exists in Fleet versions prior to...

Fleet OS Command Injection Vulnerability

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An operating system command injection vulnerability exists in Fleet...

TOTOLINK A3600R setNoticeCfg function command injection vulnerability

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A3600R version 4.1.2cu.5182B20201102. The vulnerability stems from the failure of the function setNoticeCfg in the file /cgi-bin/cstecgi.cgi in the...

OpenClaw has an unspecified vulnerability (CNVD-2026-16686)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a local user to read the contents of a record containing sensitive information...

Xenforo Authorization Issues Vulnerability (CNVD-2026-16832)

Xenforo is a forum software from Xenforo. XenForo suffers from an authorization issue vulnerability that originates from affecting Passkeys that have been added to a user's account, which can be exploited by an attacker to bypass the authentication process and take over the account of another web...

Fleet Access Control Error Vulnerability (CNVD-2026-16814)

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...

OpenUI Cross-Site Scripting Vulnerability

OpenUI is an open source UI program. A cross-site scripting vulnerability exists in OpenUI 1.0 and earlier versions. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the file frontend/public/annotator/index.html, which can be exploited by an...

Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability caused by incorrect boundary checking when parsing an incorrectly formatted .par file, which can be exploited by an attacker to execute...

OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-16689)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a data forgery issue vulnerability that can be exploited by an attacker to inject forged Feishu events and trigger execution by downstream tools...

Adobe Substance3D Stager Resource Management Error Vulnerability (CNVD-2026-16826)

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager. The vulnerability stems from a mix-up in the instructions responsible for freeing memory, which can be exploited by attacker...

Tenda AC7 SetSysTimeCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the parameter Time in the file /goform/SetSysTimeCfg that fails to properly validate the length and size of the input data, which can...

OpenClaw Authorization Bypass Vulnerability (CNVD-2026-16685)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that can be exploited by an attacker to access administrator-specific session reset logic to reset the state of a target session...

Apache ActiveMQ Broker Jolokia MBeans Remote Code Execution Vulnerability

Apache ActiveMQ Broker is an open source message broker and integration pattern server . A security vulnerability exists in Apache ActiveMQ Broker. The vulnerability stems from the Jolokia JMX-HTTP bridge default policy that allows exec operations on MBeans, which can be exploited by an attacker ...

OpenClaw Authorization Problem Vulnerability (CNVD-2026-16622)

OpenClaw is a command line tool for rights management. An improper access control vulnerability exists in OpenClaw versions prior to 2026.3.12, which stems from a lack of owner-level permission checking in the /config and /debug command handlers. An attacker can use this vulnerability to read or...

OpenClaw has an unspecified vulnerability (CNVD-2026-16697)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause a sandboxed agent to access the state of a parent or sibling session to read or modify session data outside the scope of the sandb...

Mozilla Firefox and Mozilla Thunderbird Buffer Overflow Vulnerability (CNVD-2026-16992)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...

Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-16993)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

OpenClaw Authorization Problem Vulnerability (CNVD-2026-16621)

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11, which stems from the failure of the system.run approval function to properly bind variable file operands for specific script runners such as tsx, jiti, and others. An...