validateSignature Loop Variable Capture Signature Bypass in goxmldsig

Details The validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version, there is a loop variable capture issue. The code takes the address of the...

CVE-2026-22174

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the...

CTFd 安全漏洞

CTFd is an open-source Capture The Flag framework developed by CTFd. A security vulnerability exists in the version 3.8.1-18-gdb5a18c4 of CTFd. This vulnerability stems from a ZIP Slip issue in the administrator import function, which may allow attackers to write arbitrary files into directories...

PT-2026-26773

Name of the Vulnerable Software and Affected Versions goxmlsig versions prior to 1.6.0 goxmlsig versions prior to 1.22 when using older Go versions or go.mod versions Description The validateSignature function in validate.go has a loop variable capture issue in Go versions before 1.22, or when...

CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

PT-2026-26021

CVE-2026-30345 A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via … https://t.co/FJ70VBbzI8...

EUVD-2025-208707

Raytha CMS allows an attacker to spoof X-Forwarded-Host or Host headers to attacker controlled domain. The attacker who knows the victim's email address can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser...

Exploit for Race Condition in Canonical Ubuntu_Linux

Privilege Escalation using the Dirty Cow Kernel Exploit By...

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted b...

CTF

No d...

Raytha CMS 安全漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained security vulnerabilities. These vulnerabilities stemmed from allowing attackers to manipulate the X-Forwarded-Host or Host header to point to a domain controlled by...

linux-security-tools

Linux Security Tools Linux security tools, scanners, crackers...

EUVD-2025-208631

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

EUVD-2025-208633

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

CVE-2025-13777

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

CVE-2025-13777

CVE-2025-13777 describes an authentication bypass via capture-replay in ABB AWIN GW100 rev.2 and GW120. Affected firmware: AWIN GW100 rev.2 (2.0-0, 2.0-1) and GW120 (1.2-0, 1.2-1). Root cause: improper session validation leading to authentication bypass. CVSS vectors indicate high impact with adj...

CVE-2025-13777 Authentication Bypass due to Improper Session Validation

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

CVE-2025-13777 Authentication Bypass due to Improper Session Validation

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

Exploit for Race Condition in Canonical Ubuntu_Linux

Privilege Escalation using the Dirty Cow Kernel Exploit By...

[SECURITY] Fedora 44 Update: task-3.4.2-3.fc44

Taskwarrior is a command-line TODO list manager. It is flexible, fast, efficient, unobtrusive, does its job then gets out of your way. Taskwarrior scales to fit your workflow. Use it as a simple app that captures tasks, shows you the list, and removes tasks from that list. Leverage its capabiliti...