161488 matches found
PT-2026-38230
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.21 through 2026.4.9 Description An authentication bypass exists in the sandbox noVNC helper route, which exposes interactive browser session credentials. This allows attackers to access the noVNC helper route without...
CVE-2026-34474
CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...
PT-2026-38304
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI ALLOW LOCAL TOOLS=true in two files tool resolver.py, api/call.py. A third import sink in praisonai/templates/tool override.py was missed and...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from capturing a resolved bearer-auth configuration during initialization, which could allow revoked tokens ...
ZTE ZXHN H108N和ZTE ZXHN H298A 信息泄露漏洞
ZTE ZXHN H108N and ZTE ZXHN H298A are both products of China’s ZTE Corporation. ZTE ZXHN H108N is a modem. ZTE ZXHN H298A is a home gateway routing device. Both the ZTE ZXHN H298A version 1.1 and H108N version 2.6 have information leakage vulnerabilities. These vulnerabilities stem from specially...
CVE-2026-34474
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.21 to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a sandbox noVNC auxiliary routing mechanism that allowed authentication bypass, potentially...
PT-2026-38300
Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description The LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter...
ROS-20260506-73-0030
Vulnerability in tomcat-native related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...
ROS-20260506-73-0027
Vulnerability in tomcat related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...
AlmaLinux 10 : dovecot (ALSA-2026:13498)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13498 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...
Nginx-UI Settings API Exposes Protected Secrets
The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...
Palo Alto Networks PAN-OS 缓冲区错误漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a buffer overflow vulnerability in Palo Alto Networks PAN-OS, which stems from insufficient boundary checks during the processing of certain data packets by the User-ID Authenticati...
Google Android ADB Authentication Bypass Vulnerability
Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...
dovecot security update
1:2.3.16-15.1 - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161639 - fix CVE-2025-59032: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command RHEL-162287 - fix CVE-2026-27857: denial of service via specially crafted NOOP...
ROS-20260506-73-0029
Vulnerability in tomcat11 related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...
ROS-20260506-73-0028
Vulnerability in tomcat10 related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...
Linux Distros Unpatched Vulnerability : CVE-2026-6918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message. CVE-2026-6918 Note...
Oracle Linux 8 : dovecot (ELSA-2026-13830)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13830 advisory. - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161630 - fix CVE-2025-59032: ManageSieve: Denial of Service via...
ROS-20260506-73-0039
Vulnerability in tomcat11 related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...