CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4039

creationtimestamp| type| source ---|---|--- 2026-03-12 11:15:59+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4039 2026-03-12 16:38:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgutkdn3nc2n...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-4039 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-4039 Source advisory: OSV:GHSA-82G8-464F-2MV7...

EUVD-2026-4039

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through = 1.3...

Siemens SIMATIC and SCALANCE Protection Mechanism Failure (CVE-2023-4039)

A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

openSUSE Security Advisory (SUSE-SU-2025:4039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-20738

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435342; Issue ID: MSV-403...

PT-2025-44977

Name of the Vulnerable Software and Affected Versions Aruba WLAN AP Driver affected versions not specified Description An out-of-bounds write issue exists in the wlan AP driver due to an incorrect bounds check. Successful exploitation could allow a malicious actor with System privileges to escala...

USN-7700-1 gcc-10, gcc-11, gcc-12 vulnerability

It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as those created using C99 variable length arrays or alloca. As a result, an attacker who was able to trigger a buffer overflow in such cases could...

CVE-2024-4039

The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2011-4039

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...

CVE-2025-4039

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely...

Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.

Summary Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version. Vulnerability Details CVEID:CVE-2022-2923 DESCRIPTION: Vim is vulnerable t...

CVE-2025-4039

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely...

CVE-2025-4039 PHPGurukul Rail Pass Management System search-pass.php sql injection

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely...

CVE-2025-4039

creationtimestamp| type| source ---|---|--- 2025-04-28 08:14:03+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114414586655301204 2025-04-28 22:10:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13749 2025-04-28 23:45:40+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2023-4039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in...

Azure Linux 3.0 Security Update: gcc (CVE-2023-4039)

The version of gcc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4039 advisory. - DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacke...

CVE-2021-4039

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device...