8146 matches found
PT-2026-26018
Summary OpenClaw accepted prototype-reserved keys in runtime /debug set override object values proto , constructor, prototype. Impact /debug is disabled by default, and exploitation requires an already authorized /debug set caller. No unauthenticated vector was identified. This issue affects...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-27900
The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...
EUVD-2026-8977
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
GO-2026-4562 Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure in github.com/linode/terraform-provider-linode
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure in github.com/linode/terraform-provider-linode...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
XWEB Pro is affected by an OS command injection vulnerability (CVE-2026-25105) in versions prior to 1.12.1. The flaw allows an authenticated attacker to achieve remote code execution by injecting malicious input into the Modbus command tool parameters in the debug route. Multiple sources (Red Hat...
PT-2026-22276
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is achieved by injecting malicious input into parameters of the Modbus command tool within a debug route. T...
EUVD-2026-8798
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure...
GHSA-5RC7-2JJ6-MP64 Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure
Impact The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, object storage data, and NodeBalancer TLS keys in debug logs without redaction. Important: Provider debug logging is not enabled by default. This issue is...
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure
Impact The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, object storage data, and NodeBalancer TLS keys in debug logs without redaction. Important: Provider debug logging is not enabled by default. This issue is...
curl: RTSP RTP Interleaved Parser Assertion Failure (Zero-Length RTP Payload)
Summary: I am submitting this as a security issue primarily due to how it was discovered and that it's my first Curl submission, but I suspect I might be overly cautious here. This issue was discovered as part of the AIXCC competition, and I am assisting on reporting true positive findings to...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...