131179 matches found
Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2026-20171)
The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows Kernel, which can be exploited by attackers to obtain sensitive information...
Microsoft Windows SSDP Elevation of Privilege Vulnerability
Microsoft Windows SSDP is a simple service discovery provider program from Microsoft USA. Microsoft Windows SSDP suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Microsoft Desktop Windows Manager Resource Management Error Vulnerability (CNVD-2026-18596)
Microsoft Desktop Windows Manager is a desktop window manager from Microsoft USA. A security vulnerability exists in Microsoft Desktop Windows Manager. An attacker could exploit the vulnerability to elevate privileges...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2026-19432)
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...
Microsoft Office Code Execution Vulnerability (CNVD-2026-19434)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2026-20170)
The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to elevate privileges...
Microsoft Windows Shell Information Disclosure Vulnerability
The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft USA.Easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. On some versions of Windows, featur...
Microsoft Excel Buffer Overflow Vulnerability (CNVD-2026-18600)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to obtain sensitive information...
Fortinet FortiOS Access Control Vulnerability (CNVD-2026-25594)
Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering, and anti-spam...
Microsoft Word Code Execution Vulnerability (CNVD-2026-19751)
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2026-20168)
The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to elevate privileges...
Microsoft Azure Monitor Agent Code Issue Vulnerability (CNVD-2026-18594)
Microsoft Azure Monitor Agent is a monitoring agent program from Microsoft USA. A security vulnerability exists in Microsoft Azure Monitor Agent. An attacker can exploit the vulnerability to elevate privileges...
Microsoft Windows Shell Elevation of Privilege Vulnerability
The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...
Microsoft Excel Code Execution Vulnerability (CNVD-2026-19429)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Windows Shell Security Feature Bypass Vulnerability
The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A security feature bypass...
Microsoft Windows Shell Spoofing Vulnerability
The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A spoofing vulnerability exists in...
Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability
Dell PowerProtect Data Domain is a data protection specialized storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain...
Dell PowerProtect Data Domain Parameter Injection Vulnerability (CNVD-2026-18540)
Dell PowerProtect Data Domain is a data protection and de-duplication storage appliance. A parameter injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize parameter separators in commands and can be exploited by an attacker ...
Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18582)
Dell PowerProtect Data Domain is a data protection and backup storage product for enterprise-class data backup, deduplication and disaster recovery. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly hand...
PraisonAI OS Command Injection Vulnerability (CNVD-2026-18145)
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the fact that SubprocessSandbox relies on string pattern matching to block dangerous commands in all modes and the block list does not...
Dell PowerProtect Data Domain OS Command Injection Vulnerability
Dell PowerProtect Data Domain is a data protection and deduplication storage appliance. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize a specific element used for OS command injection, whic...
Dell PowerProtect Data Domain Cross-Site Scripting Vulnerability (CNVD-2026-18583)
The Dell PowerProtect Data Domain is a data protection-specific storage device designed for efficient backup, archiving and disaster recovery. A cross-site scripting vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly handle user input and can...
Dell PowerProtect Data Domain Information Disclosure Vulnerability (CNVD-2026-18586)
The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for backup, archiving and disaster recovery. An information disclosure vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from the system exposing sensitive information to...
PraisonAI SQL Injection Vulnerability
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...
PraisonAI Operating System Command Injection Vulnerability
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...
Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability (CNVD-2026-18584)
Dell PowerProtect Data Domain is a data protection storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain Operating...
Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18581)
The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for enterprise-class backup, archiving, and disaster recovery. An OS command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutrali...
Unspecified Vulnerability in PraisonAI (CNVD-2026-18147)
PraisonAI is a low-code multi-intelligence body collaboration framework by the individual developer Mervin Praison. PraisonAI suffers from a security vulnerability that stems from the OAuthManager.validatetoken function returning True for any token not found in its internal storage, which can be...
PraisonAI has an unspecified vulnerability
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...
PraisonAI Code Issue Vulnerability
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a code issue vulnerability that stems from the FileTools.downloadfile function validating the target path but not validating the url parameter, which can be exploited by an attacker to cause the attacke...
Google Chrome FileSystem Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome FileSystem component, which can be exploited by an attacker to leverage object corruption via specially crafted HTML pages...
D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17632)
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the tggl.asp script, which can be exploited by an attacker to cause a denial of service...
IBM Langflow Desktop Deserialization Vulnerability
IBM Langflow Desktop is an AI process orchestration desktop application from International Business Machines IBM. A deserialization vulnerability exists in IBM Langflow Desktop versions 1.8.2 and earlier. The vulnerability stems from an insecure default setting that allows deserialization of...
D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17656)
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability caused by incorrect bounds checking of parameters in the /xwglref.asp endpoint, which can be exploited by an attacker to cause a denial of service...
D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17633)
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the thdgroup.asp script and can be exploited by an attacker to cause a denial of service...
D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17650)
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the usergroup.asp script and can be exploited by an attacker to cause a denial of service...
D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17698)
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the user.asp script and can be exploited by an attacker to cause a denial of service...
IBM Tivoli Netcool Impact Log Information Disclosure Vulnerability
IBM Tivoli Netcool Impact is a suite of network management software from International Business Machines IBM. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. IBM Tivoli Netcool Impac...
Unspecified Vulnerability in Google Chrome (CNVD-2026-17821)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from insufficient policy enforcement in the Passwords component, which can be exploited by an attacker to disclose cross-domain data via specially crafted HTML pages...
Cisco Webex Contact Center Desktop Agent Cross-Site Scripting Vulnerability
Cisco Webex Contact Center is a cloud contact center solution for customer service and call center management. A cross-site scripting vulnerability exists in Cisco Webex Contact Center. The vulnerability stems from a failure of the Desktop Agent feature to properly handle HTML and scripted conten...
Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2026-19167)
Google Chrome is a web browser developed by Google with a V8 engine for executing JavaScript code. A type confusion vulnerability exists in Google Chrome's V8 engine. The vulnerability stems from the engine's failure to properly handle object types and can be exploited by an attacker to perform...
Google Chrome XR Memory Misreference Vulnerability
Google Chrome is a web browser developed by Google. Google Chrome suffers from a memory misreference vulnerability. The vulnerability stems from a memory object misreference in the XR component of the Android version and can be exploited by an attacker to perform an out-of-bounds memory read via ...
Google Chrome Cast Memory Misreference Vulnerability
Google Chrome is a web browser developed by Google. Google Chrome suffers from a memory misreference vulnerability. The vulnerability stems from a failure of the Cast component to properly handle memory objects and can be exploited by an attacker to execute arbitrary code via a specially crafted...
Google Chrome GPU out-of-bounds write vulnerability (CNVD-2026-19171)
Google Chrome is a web browser developed by Google. Google Chrome suffers from a GPU out-of-bounds write vulnerability. The vulnerability stems from a failure of the GPU component to properly handle boundary checks and can be exploited by an attacker to achieve sandbox escape via specially crafte...
Google Chrome Media Component Out-of-Bounds Read Vulnerability
Google Chrome is a web browser developed by Google. An out-of-bounds read vulnerability exists in the Media component of Google Chrome. The vulnerability stems from a failure of the Media component to properly handle certain UI gestures and can be exploited by an attacker to execute arbitrary cod...
Google Chrome Skia Component Out-of-Bounds Read Vulnerability
Google Chrome is a web browser from Google, an American company. An out-of-bounds read vulnerability exists in the Google Chrome Skia component, which can be exploited by attackers to obtain sensitive information...
Google Chrome Codecs Component Memory Misreference Vulnerability (CNVD-2026-17817)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome Codecs component, which can be exploited by an attacker to execute arbitrary code in a sandbox via specially crafted HTML pages...
Google Chrome on Windows Uninitialized Usage Vulnerability
Google Chrome is a web browser from Google, an American company. An uninitialized use vulnerability exists in Google Chrome on Windows, which can be exploited by an attacker to perform a sandbox escape via a specially crafted HTML page...
Google Chrome Payments Memory Misreference Vulnerability
Google Chrome is a web browser developed by Google. A memory misreference vulnerability exists in Google Chrome. The vulnerability stems from a failure of the Payments component for Android to properly handle memory objects, which can be exploited by an attacker to execute arbitrary code by...
Google Chrome Viz Component Memory Misreference Vulnerability
Google Chrome is a web browser developed by Google. A memory misreference vulnerability exists in the Viz component of Google Chrome. The vulnerability stems from a failure of the Viz component to properly handle memory objects, which can be exploited by an attacker to potentially sandbox escape ...