Red Hat assisted-service 安全漏洞

Red Hat Assisted-Service is a backend service component provided by Red Hat Inc. in the United States, which offers REST APIs. It primarily serves the OpenShift ecosystem. There is a security vulnerability in Red Hat Assisted-Service. This vulnerability stems from the REST API component of...

Duplicate Advisory: OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qvr7-g57c-mrc7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and...

EUVD-2026-17377

OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...

CVE-2026-32970

OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...

PT-2026-29230

OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...

Exploit for CVE-2024-51348

CVE-2024-51348: Unauthenticated Remote Code Execution in BS Pe...

GHSA-QVR7-G57C-MRC7 OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode

Summary In affected versions of openclaw, local gateway helper credential resolution treated configured but unavailable gateway.auth.token and gateway.auth.password SecretRefs as if they were unset and could fall back to gateway.remote. credentials in local mode. Impact This could cause local CLI...

OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode

Summary In affected versions of openclaw, local gateway helper credential resolution treated configured but unavailable gateway.auth.token and gateway.auth.password SecretRefs as if they were unset and could fall back to gateway.remote. credentials in local mode. Impact This could cause local CLI...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the LocalMode's openlocalfile method, which allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server. Details A Directory Traversal attack also...

PT-2024-33098 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions v9.6 through the latest Description: A Path Traversal issue exists due to the lack of input sanitization in the add reference to local mode function. This allows an attacker to predict the folders, subfolders, a...

Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls

kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don't add new ones don't run privileged and more! tldr.kubeaudit makes sure you deploy secure...

CVE-2017-9657

Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor,...

Gitleaks - Searches Full Repo History For Secrets And Keys

Searches Full Repo History For Secrets And Keys. Installing go get -u github.com/zricethezav/gitleaks Usage and Explanation ./gitleaks options Gitleaks audits local and remote repos by running regex checks against all commits. Options usage: gitleaks options / Options: -u --user Git user mode -r...

CVE-2016-9221

A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points APs could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility...

pytbull - Intrusion Detection/Prevention System (IDS/IPS) Testing Framework

pytbull is an Intrusion Detection/Prevention System IDS/IPS Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to...

CVE-2015-2338

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause ...