130931 matches found
OpenClaw Resource Management Error Vulnerability (CNVD-2026-16893)
OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.13 that stems from the software reading and caching Webhook request bodies before validating the x-telegram-bot-api-secret-token request header. An attacker could use thi...
Totolink A3300R Command Injection Vulnerability (CNVD-2026-16680)
Totolink A3300R is a wireless router product from Totolink. A command injection vulnerability exists in the Totolink A3300R version 17.0.0cu.557b20221024, which stems from improper handling of the qosupbw parameter in the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file in its parameter...
Totolink A3300R Command Injection Vulnerability
The Totolink A3300R is a wireless router from Totolink. A command injection vulnerability exists in Totolink A3300R version 17.0.0cu.557b20221024, which originates from improper handling of the pptpPassThru parameter by the setVpnPassCfg function in the /cgi-bin/cstecgi.cgi file in the component...
OpenClaw has an unspecified vulnerability (CNVD-2026-16698)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an attacker with operator.pairing privileges to cast tokens with broader privileges to obtain an operator.admin token and execute...
OpenClaw License Issue Vulnerability (CNVD-2026-16679)
OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11 that stems from insufficient authorization checking of subagent control requests, resulting in a leaf child agent being able to access the subagent control plane and...
OpenClaw has an unspecified vulnerability (CNVD-2026-16695)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to bypass groupAllowFrom and requireMention protections in group chats...
OpenClaw has an unspecified vulnerability (CNVD-2026-16694)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated operator with only operator.write privileges to access the administrator-specific browser profile management rout...
OpenClaw Input Validation Error Vulnerability
OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the matchesExecAllowlistPattern function performing lowercase conversions and wildcard matching on POSIX paths when normalizing patterns, resulting in a...
OpenClaw has an unspecified vulnerability (CNVD-2026-16691)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the direct embedding of long-term shared gateway credentials in the pairing setup code, which can be exploited by an attacker to recover and reuse credentials v...
OpenClaw Access Control Error Vulnerability (CNVD-2026-16624)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in versions prior to OpenClaw 2026.3.12 that stems from a weak authorization issue in the Zalouser whitelisting schema that matches variable group display names instead of stable group...
OpenClaw has an unspecified vulnerability (CNVD-2026-16699)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to rebind the tool root path between validation and final write...
Memory Corruption Vulnerability in Multiple Mozilla Products (CNVD-2026-16994)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory corruption vulnerability exists in multiple Mozilla products,...
OpenClaw Access Control Error Vulnerability (CNVD-2026-16623)
OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the gateway proxy RPC interface failing to effectively restrict the spawnedBy and workspaceDir parameters when verifying permissions. The vulnerability...
OpenClaw has an unspecified vulnerability (CNVD-2026-16696)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause non-whitelisted guild members to trigger reactive events and inject reactive text into downstream session environments...
Endian Firewall group parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall group parameter, which stems from improper handling of the group parameter in /cgi-bin/proxygroup.cgi, and can be exploited by an attacker to inject malicious...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18403)
Endian Firewall is a network security firewall system from Endian. Cross-site scripting vulnerability in Endian Firewall remark parameterThe vulnerability stems from improper handling of the remark parameter in /cgi-bin/outgoingfw.cgi, which can be exploited by an attacker to inject malicious...
IBM Aspera Shares Stored Cross-Site Scripting Vulnerability
IBM Aspera Shares is an enterprise-class file sharing and collaboration platform that provides a Web user interface and content management capabilities. A stored cross-site scripting vulnerability exists in IBM Aspera Shares. The vulnerability occurs due to a failure of the system to effectively...
IBM DataPower Gateway Cross-Site Request Forgery Vulnerability (CNVD-2026-19180)
IBM DataPower Gateway is an enterprise-grade application security gateway that provides API management and traffic control capabilities. A cross-site request forgery vulnerability exists in IBM DataPower Gateway. The vulnerability arises because the system fails to effectively validate the source...
Endian Firewall remark parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which originates from improperly cleaning up the input of the remark parameter in /cgi-bin/routing.cgi, and can be exploited by an attacker to...
Endian Firewall remark parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dhcp/fixedleases/, and can be exploited by an attacker to...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18409)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/incoming.cgi, and can be exploited by an attacker to inject malicious...
Endian Firewall NAME Parameter Cross-Site Scripting Vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall NAME parameter, which originates from improperly cleaning up the input of the NAME parameter in /cgi-bin/uplinkeditor.cgi, and can be exploited by an attacker to...
Endian Firewall domain parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall domain parameter, which originates from improper handling of the domain parameter in /manage/smtpscan/domainrouting/, and can be exploited by an attacker to inject...
IBM Verify Identity Access Authentication Bypass Vulnerability (CNVD-2026-16876)
IBM Verify Identity Access and Security Verify Access are a family of identity and access management solutions that provide user authentication and access control capabilities. An authentication bypass vulnerability exists in IBM Verify Identity Access. The vulnerability arises due to a flaw in t...
IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2026-16875)
IBM Content Navigator is an enterprise content management and collaboration platform for document management, workflow and content retrieval. A cross-site scripting vulnerability exists in IBM Content Navigator. The vulnerability stems from a failure to properly process user input and can be...
Endian Firewall DATE Parameter OS Command Injection Vulnerability
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logssmtp.cgi, and can be exploited by an...
Endian Firewall DATE Parameter OS Command Injection Vulnerability (CNVD-2026-18422)
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...
Endian Firewall name parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall name parameter, which stems from improper cleanup of the name parameter input in /manage/qos/classes/, and can be exploited by an attacker to inject malicious...
Endian Firewall name parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall name parameter, which stems from improper cleanup of the name parameter input in /manage/qos/classes/, and can be exploited by an attacker to inject malicious...
Endian Firewall dscp Parameter Cross-Site Scripting Vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall dscp parameter, which stems from improper handling of the dscp parameter in /manage/qos/rules/, and can be exploited by an attacker to inject malicious JavaScript...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18400)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/xtaccess.cgi, and can be exploited by an attacker to inject malicious...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18401)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/vpnfw.cgi, and can be exploited by an attacker to inject malicious...
Endian Firewall user parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall user parameter, which stems from improper handling of the user parameter in /cgi-bin/proxyuser.cgi, and can be exploited by an attacker to inject malicious...
Endian Firewall DOMAIN Parameter Cross-Site Scripting Vulnerability
Endian Firewall is a network security firewall system from Endian. Endian Firewall DOMAIN Parameter Cross-Site Scripting VulnerabilityThe vulnerability stems from improper handling of the DOMAIN parameter in /cgi-bin/smtpdomains.cgi, which can be exploited by an attacker to inject malicious...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18377)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/dnsmasq/localdomains/, and can be exploited by an attacker to inject...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18375)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/ipsec/, and can be exploited by an attacker to inject malicious script and...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18373)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/vpnauthentication/user/, and can be exploited by an attacker to inject...
Endian Firewall DATE Parameter OS Command Injection Vulnerability (CNVD-2026-18423)
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logslog.cgi, and can be exploited by an...
Endian Firewall ADDRESS BCC Parameter Cross-Site Scripting Vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall ADDRESS BCC parameter, which originates from improper handling of the ADDRESS BCC parameter in /cgi-bin/smtprouting.cgi, and can be exploited by an attacker to...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18410)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/snat.cgi, and can be exploited by an attacker to inject malicious JavaScri...
Endian Firewall remark parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/password/web/, and can be exploited by an attacker to inject malicious scri...
Endian Firewall DATE Parameter OS Command Injection Vulnerability
Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsids.cgi, and can be exploited by an...
Endian Firewall REMARK Parameter Cross-Site Scripting Vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall REMARK parameter, which stems from improper handling of the REMARK parameter in /cgi-bin/openvpnclient.cgi, and can be exploited by an attacker to inject malicious...
Endian Firewall mimetypes parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. Endian Firewall mimetypes parameter cross-site scripting vulnerability, which stems from improper handling of the mimetypes parameter in /cgi-bin/proxypolicy.cgi, can be exploited by an attacker to inject malicious JavaScript code...
Endian Firewall remark parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dnsmasq/hosts/, and can be exploited by an attacker to injec...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18411)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/dnat.cgi, and can be exploited by an attacker to inject malicious JavaScri...
Endian Firewall new_cert_name Parameter Cross-Site Scripting Vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall newcertname parameter, which stems from improper handling of the newcertname parameter in /manage/ca/certificate/, and can be exploited by an attacker to inject...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18402)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/zonefw.cgi, and can be exploited by an attacker to inject malicious...
FreeRDP Denial of Service Vulnerability (CNVD-2026-16035)
FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . A denial of service vulnerability exists in FreeRDP. The vulnerability arises because the IMA ADPCM audio decoding process does not validate the step index parameter, resulting in out-of-bounds access to the...
FreeRDP Double Release Vulnerability (CNVD-2026-16032)
FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . FreeRDP suffers from a double release vulnerability. The vulnerability is caused by a double release problem in the memory release process of the kerberosAcceptSecurityContext and...