2332 matches found
GHSA-73J8-2GCH-69RQ vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-C8GQ-RHQH-WGWM vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-4VGM-C2WM-63MW vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26127 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26130 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
GHSA-7H7G-X2PX-94HJ OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
GHSA-C8GQ-RHQH-WGWM vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26127 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-4VGM-C2WM-63MW vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-73J8-2GCH-69RQ vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-VH8F-65QG-3M8J vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26130 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
Exploit for Out-of-bounds Write in Netapp Bootstrap_Os
Typeform DevSecOps Pipeline POC !Pythonhttps://img.shields...
CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
EUVD-2026-11321
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
CVE-2026-29610
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...
SUSE CVE-2026-25791
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored...
AZL-79343 CVE-2026-27601 affecting package cyrus-sasl-bootstrap 2.1.28-8
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...