CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

CVE-2026-22175

creationtimestamp| type| source ---|---|--- 2026-03-20 07:40:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhhz7ovcr42i...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-22175 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-22175 Source advisory: OSV:GHSA-GWQP-86Q6-W47G...

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

AlmaLinux 9 : expat (ALSA-2025:22175)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:22175 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 Tenable ha...

Oracle Linux 9 : expat (ELSA-2025-22175)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-22175 advisory. - Fix CVE-2025-59375 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested fo...

CVE-2025-22175

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist...

CVE-2025-22175

creationtimestamp| type| source ---|---|--- 2025-10-22 17:13:11+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115418935503212847 2025-10-22 18:11:42+00:00| seen| https://infosec.exchange/users/BugBountyShorts/statuses/115419165528094230 2025-10-22 18:55:06+00:00| seen|...

CVE-2021-22175

creationtimestamp| type| source ---|---|--- 2025-03-12 12:59:04+00:00| exploited| https://t.me/thehackernews/6480 2025-03-12 14:06:29+00:00| exploited| Telegram/EJVapW3YwD9OOaKa1fWPumeFOQoWT3EVkVH6tC9Mg2CJrg 2025-03-12 14:21:18+00:00| exploited| https://t.me/CyberBulletin/2595 2025-03-14...

GitLab 10.5 < 13.6.7 / 13.7 < 13.7.7 / 13.8 < 13.8.4 (CVE-2021-22175)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an...

CVE-2022-22175

The CVE covers an Improper Locking vulnerability in the SIP ALG of Juniper Junos OS on MX Series and SRX Series, causing the flowd daemon to crash and trigger DoS when specific SIP traffic is processed with SIP ALG enabled. Affected versions include Junos OS: 20.4 (before 20.4R3‑S1), 21.1 (before...

Juniper Junos OS Vulnerability (JSA11281)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11281 advisory. - An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a...

CVE-2020-22175

CVE-2020-22175 affects PHPGurukul Hospital Management System v4.0, with a SQL injection in hms\admin\betweendates-detailsreports.php. The vulnerability allows remote unauthenticated attackers to obtain sensitive database information. CVSS v3.1 base score 7.5 (HIGH) and CVSS v2.0 base 5.0; impact ...

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

CVE-2021-22175

CVE-2021-22175 affects GitLab 10.5 and later and is a server-side request forgery (SSRF) in the handling of webhook requests to the intranet. An unauthenticated attacker could exploit enabled internal webhooks to make arbitrary requests from the GitLab server to internal resources. The issue is t...

CVE-2021-22175

Removed by vendor...