@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +21 more potentially affected by CVE-2026-43570 via openclaw (>=2026.3.22 <=2026.4.29)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-43570 Source advisory: SNYK:JS-OPENCLAW-16420272...

CVE-2026-43570

creationtimestamp| type| source ---|---|--- 2026-05-05 13:12:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml4bawkgn42i...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +21 more potentially affected by CVE-2026-43570 via openclaw (>=2026.3.22 <=2026.4.29)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-43570 Source advisory: OSV:GHSA-35MW-5VVR-VRXC...

CVE-2026-43570

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...

EUVD-2025-43570

Malicious code in kurniawan-nasiuduk58-ruro npm...

Exploit for Use After Free in Microsoft

KTMPOCS This repo contains reports for CVE 2024-43570http...

CVE-2025-43570

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-43570

creationtimestamp| type| source ---|---|--- 2025-05-13 20:30:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16220 2025-05-13 21:02:18+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp3e3z5aapb2 2025-05-14 00:07:23+00:00| seen|...

CVE-2025-43570 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-43570

Windows Kernel Elevation of Privilege Vulnerability...

CVE-2024-43570

Windows Kernel Elevation of Privilege Vulnerability...

CVE-2024-43570

CVE-2024-43570 is a Windows Kernel Elevation of Privilege vulnerability. Connected sources confirm affected software as Windows kernel components and indicate fixes released in October 2024 through MSRC advisories and OS updates (KB5044280/KB5044281/KB5044285) covering multiple Windows builds, wi...

CVE-2023-43570

The CVE-2023-43570 entry involves the OemSmi driver, specifically its SMI callback function, where a local attacker with elevated privileges could execute arbitrary code. Documents consistently identify the vulnerable component as the OemSmi driver’s SMI callback, indicating local privilege escal...

CVE-2023-43570

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code...

CVE-2022-43570 XML External Entity Injection through a custom View in Splunk Enterprise

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language XML external entity XXE injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error...

CVE-2022-43570

CVE-2022-43570 affects Splunk Enterprise prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can perform an XML External Entity (XXE) injection via a custom View, causing Splunk Web to embed incorrect documents into an error page. Root cause: XXE vulnerability in the handling of XML in custo...

CVE-2022-43570 XML External Entity Injection through a custom View in Splunk Enterprise

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language XML external entity XXE injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error...

Splunk Enterprise 8.1 < 8.1.12, 8.2.0 < 8.2.9, 9.0.0 < 9.0.2 (SVD-2022-1110)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2022-1110 advisory. - In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language...

com.starkbank.sdk:sdk-java (>=0.2.3 <=0.3.0), com.starkbank:sdk (>=0.3.0 <=2.8.0) potentially affected by CVE-2021-43570 via com.starkbank.ellipticcurve:starkbank-ecdsa (=1.0.0)

com.starkbank.ellipticcurve:starkbank-ecdsa MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.starkbank.ellipticcurve:starkbank-ecdsa and may be impacted: - com.starkbank.sdk:sdk-java =0.2.3, =0.3.0, =2.8.0 Source cves:...

CVE-2021-43570

creationtimestamp| type| source ---|---|--- 2021-11-10 00:35:23+00:00| seen| https://t.me/cibsecurity/32122...