27 matches found
CVE-2026-27008
OpenClaw (npm package openclaw) is affected by CVE-2026-27008 prior to version 2026.2.15, where a bug in the download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated, potentially writing files outside th...
CVE-2026-27008 OpenClaw hardened the skill download target directory validation
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...
vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-27008 via openclaw (=0.0.1)
openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-27008 Source advisory: OSV:GHSA-H7F7-89MM-PQH6...
MiracleLinux 9 : kernel-5.14.0-570.12.1.el9_6 (AXSA:2025-10392:38)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10392:38 advisory. kernel: drm: nv04: Fix out of bounds access CVE-2024-27008 kernel: Bluetooth: Fix use-after-free bugs caused by scosocktimeout CVE-2024-27398 kerne...
EUVD-2020-27008
Malware in sbrugna...
VulnCheck KEV: CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2022-27008
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat when a slow array appended element is fast array...
CVE-2025-27008
CVE-2025-27008 is a Missing Authorization vulnerability in the WordPress plugin Unlimited Timeline (unlimited-timeline) affecting versions prior to 1.6.1. The issue allows access to functionality not properly constrained by ACLs. Public sources (Patchstack) indicate a fix in Unlimited Timeline 1....
WordPress Unlimited Timeline < 1.6.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Unlimited Timeline versions 1.6.1...
Linux Distros Unpatched Vulnerability : CVE-2024-27008
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in fabricatedcboutput, there may be out of bounds access to dacusers array in...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2608)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2352)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6893-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. CVE-2024-24857, CVE-2024-24858, CVE-2024-24859 Several security issues we...
Fedora: Security Advisory (FEDORA-2024-bc0db39a14)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-5680-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-27008 drm: nv04: Fix out of bounds access
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in fabricatedcboutput, there may be out of bounds access to dacusers array in case dcb-or is zero because ffsdcb-or is used as index there. The 'or...
CVE-2023-27008
creationtimestamp| type| source ---|---|--- 2023-03-28 18:39:40+00:00| seen| https://t.me/cibsecurity/60894 2025-02-18 23:42:22+00:00| seen| Telegram/Dl3znzLPzoP-cgpG8oJgO7XtbOQC-5Y3c0eHZ-BL4-WM4pQb 2025-10-03 21:02:30+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m2cxppqm2...
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2023-27008
ATutor 2.2.1 is affected by CVE-2023-27008: a reflected XSS in login.tmpl.php (encrypt_password()) via the token parameter. Exploitation can inject script/HTML into pages viewed by users. Mitigation: upgrade to ATutor 2.2.2 or newer; consider restricting access to login.tmpl.php. No exploit detai...