2885 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from an access control bypass vulnerability in the allowProfiles function. This allowed attackers to...
MAL-2026-3000 Malicious code in xinference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...
EUVD-2026-23450
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...
Arbitrary File Upload
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Arbitrary File Upload in the backup restoration, due to insufficient filtering of configuration files. An attacker with access to create...
EUVD-2026-23001
Weblate: Remote code execution during backup restoration...
GHSA-558G-H753-6M33 Weblate: Remote code execution during backup restoration
Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...
Weblate: Remote code execution during backup restoration
Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...
CVE-2026-33435 Weblate: Remote code execution during backup restoration
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
Security update for libssh
This update for libssh fixes the following issues: CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler bsc1259377. CVE-2026-0964: SCP protocol path traversal in sshscppullrequest bsc1258049. CVE-2026-0965: possible denial of service when parsing unexpected...
PT-2026-33116
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
Arbitrary Code Injection
Overview @openai/codex is a OpenAI Codex CLI Lightweight coding agent that runs in your terminal Affected versions of this package are vulnerable to Arbitrary Code Injection via the automatic loading of .env and .codex/config.toml files when executing the CLI in a compromised repository. An...
CVE-2025-61260
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...
CVE-2025-61260
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...
OpenAI Codex CLI 安全漏洞
OpenAI Codex CLI is a lightweight coding agent software developed by OpenAI and run in the terminal. OpenAI Codex CLI versions prior to v0.23.0 have security vulnerabilities; these vulnerabilities stem from automatically loading malicious MCP configuration files, which may allow arbitrary code to...
CVE-2025-61260
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...
[SECURITY] Fedora 42 Update: corosync-3.1.9-4.fc42
This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...
CVE-2021-47960
A flaw was found in Synology SSL VPN Client. This vulnerability allows remote attackers to access sensitive files within the installation directory. By leveraging user interaction with a specially crafted web page, attackers can exploit a local HTTP server bound to the loopback interface to...
CVE-2021-47960
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...
CVE-2021-47960
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...