7 matches found
CVE-2026-50209 MDM Server Registration Overriding
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
GHSA-524G-X36V-9WM6 Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...
CVE-2026-45003
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files...
CVE-2026-45003
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for the Matrix, Mattermost, IRC, and Synology connectors . An attacker with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files, enabling loc...
EUVD-2026-16058
Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL...
GHSA-C83F-3XP6-HFCP Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Impact Users providing user generated input into the resolveEndpoint method on requests. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description When building the request URL, Saloon combined the connector's base URL with the request...
Receiver | keyboard language set on VDA is over ridden by the one set on the endpoint
User from non domain joined endpoint logs on the VDA Language set on the VDA is overridden by the one set on endpoint machine Receiver. We want to ensure that the keyboard language set on the VDA is the one user gets inside the session. In other words, keyboard language set on the endpoint Receiv...