OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypass in the Control UI bootstrapping endpoint, allowing unauthenticated attackers to...

PT-2026-39714

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

HireFlow 安全漏洞

HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the direct concatenation of user inputs into SQL queries through endpoints like /login and...

bitwarden 安全漏洞

Bitwarden is an open-source password management backend service developed by Bitwarden. Versions of Bitwarden prior to 2026.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of a master password re-authentication requirement when retrieving or rotating organizati...

OpenClaw 授权问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.1.24 contained an authorization issue vulnerability. This vulnerability originated from the handleBlueBubblesWebhookRequest function in the extensions/bluebubbles/src/monitor.ts...

PT-2026-39655

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.5 had a security vulnerability; this vulnerability was caused by an additional authentication issue that led to information leakage, potentially allowing...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...

PT-2026-39683

OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Attackers can access the bootstrap config route without a valid Gateway token to expose sensitive...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

CVE-2026-38567

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...

@workos/authkit-session 输入验证错误漏洞

@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...

WSO2 Identity Server 资源管理错误漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. There is a resource management vulnerability in WSO2 Identity Server. This vulnerability arises from accepting multiple invalid authentication requests without proper rate limiting or resource contro...

Meari Alibaba OSS 安全漏洞

Meari Alibaba OSS is an IoT cloud data storage solution developed by Meari Company, which integrates object storage services. There is a security vulnerability in Meari Alibaba OSS. This vulnerability arises from the lack of authentication, signed URLs, and expiration controls in Meari IoT Cloud...

PT-2026-39582

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to...

CVE-2026-38567

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User input is concatenated directly into SQL queries without parameterization, enabling an unauthenticated attacker to bypass authentication (e.g., by using a crafted username) or to extract the full contents of the...

PT-2026-39756

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

PT-2026-39593

Name of the Vulnerable Software and Affected Versions WSO2 Identity Server affected versions not specified Description In multi-organization deployments, the software fails to validate the organization context during the execution of adaptive authentication flows. This allows a malicious actor wi...

PT-2026-39873

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions 2.28.0 through 2.28.1 Description A low-privileged authenticated user with the add profile threshold permission can create a global profile even without the manage global profile threshold permission. This ...

s3-proxy 路径遍历漏洞

s3-proxy is a multi-functional S3 bucket proxy tool developed by Havrileck Alexandre. Versions of s3-proxy prior to 5.0.0 contained a path traversal vulnerability. This vulnerability stemmed from inconsistent URL path interpretations between the authentication middleware and the bucket processor,...