CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by...

CVE-2026-36608

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...

CVE-2025-1614

A vulnerability classified as problematic has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected is an unknown function of the file /goform/portForwardingCfg of the component Port Forwarding Submenu. The manipulation of the argument pfDescription leads to cross site scripting. It is...

EUVD-2021-1649

Malware in sbrugna...

EUVD-2010-0713

Malware in sbrugna...

EUVD-2011-4425

Malware in sbrugna...

EUVD-2023-29477

Malicious code in bioql PyPI...

EUVD-2022-30656

Malicious code in bioql PyPI...

CVE-2024-20319

A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane SNMP server of an affected device. This vulnerability is due to incorrect...

CVE-2019-14724

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...

CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding...

CVE-2025-2908 Insufficiently Protected Credentials vulnerability in MeetMe products

The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files...

CVE-2025-1614 FiberHome AN5506-01A ONU GPON Port Forwarding Submenu portForwardingCfg cross site scripting

A vulnerability classified as problematic has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected is an unknown function of the file /goform/portForwardingCfg of the component Port Forwarding Submenu. The manipulation of the argument pfDescription leads to cross site scripting. It is...

CVE-2022-23000

The Western Digital My Cloud Web App https://os5.mycloud.com/ uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation,...

The vulnerability of the Daemon Routing Protocols (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause service interruptions.

The vulnerability of the Demon Routing Protocols Daemon RPD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to insufficient handling of exceptional states during packet forwarding based on the Class-of-Service CoS-based forwarding mechanism. Exploiting this...

SUSE-SU-2023:2950-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...

Sysaid Technologies Sysaid 输入验证错误漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. Sysaid Technologies Sysaid suffers from a security vulnerability that stems from a lack of validation of the input accepted by the program.Unauthenticated redirection and forwarding may occu...

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

MDaemon Webmail 跨站脚本漏洞

MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. A cross-site scripting vulnerability exists in MDaemon webmail 19.5.5 that allows an attacker to execute code on the email recipient's end while forwarding an email...

Cisco IOS Frame Forwarding Denial of Service Vulnerability

Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. A security vulnerability in Cisco IOS on Catalysts Switches and Nexus 9300 switches allows a remote attacker to exploit the vulnerability to submit a special request for a denial of...