Linux Distros Unpatched Vulnerability : CVE-2026-35093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypas...

DbGate 代码注入漏洞

DbGate is an open-source database manager developed by DbGate. Versions of DbGate from 7.0.0 to 7.1.5 had a code injection vulnerability. This vulnerability occurred because SVG icon strings controlled by attackers were rendered as raw HTML without being cleaned properly, which could lead to...

GHSA-35XM-QVJG-8M42 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...

Duplicate Advisory: OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rw39-5899-8mxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that display...

EUVD-2026-17379

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

CVE-2026-32971

CVE-2026-32971 (OpenClaw) affects OpenClaw prior to version 2026.3.11, in the node-host approval UI for system.run approvals. The root cause is an approval-integrity vulnerability that displays extracted shell payloads instead of the executed argv, enabling wrappers to be placed and wrapper-shape...

CVE-2026-32971

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

PT-2026-29231

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains an approval-integrity issue within the node-host system.run approvals functionality. This allows the display of extracted shell payloads instead of the executed arguments. ...

Linux Distros Unpatched Vulnerability : CVE-2016-20042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the...

Linux Distros Unpatched Vulnerability : CVE-2016-20043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument ...

Linux Distros Unpatched Vulnerability : CVE-2016-20038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long...

Linux Distros Unpatched Vulnerability : CVE-2018-25222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds...

Linux Distros Unpatched Vulnerability : CVE-2016-20041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized...

PT-2026-28458

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains an approval integrity issue that allows attackers to execute modified local code. This occurs by altering scripts between the approval stage and execution, specifically whe...

Linux Distros Unpatched Vulnerability : CVE-2016-20037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long...

EUVD-2016-10850

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

EUVD-2016-10829

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by...

EUVD-2016-10841

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...