CVE-2026-43581

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration...

PT-2026-33929

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

GHSA-X34H-54CW-9825 act: actions/cache server allows malicious cache injection

act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local...

act: actions/cache server allows malicious cache injection

act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local...

Authentication Bypass

Ollama is vulnerable to an Authentication Bypass. The vulnerability is due to where critical model management APIs are exposed without access controls, allowing remote attackers to perform unauthorized operations without authentication...

EUVD-2025-202153

A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...

CVE-2025-12807

A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...

CVE-2025-12807

DataMosaix Private Cloud (FactoryTalk) is affected by CVE-2025-12807. The vulnerability arises from API endpoints that allow low-privilege users to perform sensitive database operations, indicating an authorization/exposure flaw in the product’s API surface. Reported impact includes the potential...

EUVD-2021-27553

Malicious code in bioql PyPI...

Off Your Docker: Exposed APIs Are Targeted in New Malware Strain

...

Exploit for CVE-2025-7771

CVE-2025-7771 – ThrottleStop.sys Privilege Escalation Vuln...

K000150185: TCP/IP protocol vulnerabilities CVE-2024-7595, CVE-2024-7596, CVE-2025-23018, and CVE-2025-23019

Security Advisory Description CVE-2024-7595 GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected...

Microsoft SharePoint Exposed Interfaces

Due to a misconfiguration in Microsoft SharePoint Server. An attacker with anonymous privileges can access to the SharePoint interface page. No source data...

GHSA-P7V2-P9M8-QQG7 Electron context isolation bypass via nested unserializable return value

Impact Apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds This issue is exploitable under eithe...

Code injection

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

Xiaomi community 安全漏洞

Xiaomi Community, an official user community application of Xiaomi, China, is vulnerable to an authorization issue in versions prior to 3.0.210809, which stems from the exposure of some js interfaces. An attacker could use this vulnerability to maliciously invoke sensitive functions...

CVE-2018-0262

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which...

Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability

A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...

rhosp-director: libvirtd is deployed with no authentication

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...

Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule OperatingSystems::Match::ANDROID, :arch = ARCHARMLE, :javascript = true, :rank =...