CVE-2026-10291

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

CVE-2026-10281

The CVE-2026-10281 affects Enderfga claw-orchestrator

CVE-2026-10281 Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

EUVD-2026-33743

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

Claw Orchestrator security vulnerabilities

Claw Orchestrator is a multi-agent coding agent runtime platform developed by Guian Fang personally. Versions of Claw Orchestrator 3.7.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter body.pattern in the validateRegex functio...

CVE-2026-40022

A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...

U-SPEED N300 资源管理错误漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a resource management vulnerability. This vulnerability stems from a denial-of-service attack on the embedded Boa HTTP server. It is possible for attackers to exhaust system resources...

Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

EUVD-2026-25807

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

CVE-2026-40022

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

PT-2026-35385

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

CVE-2025-64298

CVE-2025-64298 affects NMIS/BioDose V22.02 and earlier where embedded Microsoft SQL Server Express is used. The vulnerability arises from insecure Windows share directory paths by default, enabling local users on networked client workstations to access the SQL Server database and configuration fi...

Brother Printers Debut Embedded HTTP Server Denial of Service (CVE-2017-16249)

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying 300 seconds with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web...

EUVD-2016-0488

Malware in sbrugna...

HTTP/3 support in Reactor 2024.0 Release Train

HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...

com.github.vzakharchenko:chillispot-radius-plugin (>=1.3.2 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.3.2 <=1.4.11) +28 more potentially affected by CVE-2022-2232 via org.keycloak:keycloak-ldap-federation (>=10.0.0 <=23.0.0)

org.keycloak:keycloak-ldap-federation MAVEN version =10.0.0, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =0.1.0, =0.2, =1.0.0, =12.0.0, =1.0-beta-4, =18.0.0, =23.0.0 and more Source cves: CVE-2022-2232 Source advisory: OSV:GHSA-8HC5-RMGF-QX6P...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries from the Irish company Cesanta, which includes features such as TCP, HTTP client and server, and WenSocket client and server. A security vulnerability exists in Cesanta Mongoose version 6.18, which stems from a buffer overflow in...

SUSE CVE-2018-10583

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt...