PT-2026-51282

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.15.0 through 2.9.0 Description Authorization handling for component configuration verification requests allows clients with read access to submit proposed configuration properties. These proposed properties override the...

GHSA-5MH4-3RV3-FPCF Duplicate Advisory: OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg7q-fg22-4g98. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the actionApplyOverrideSettings function. An attacker can execute arbitrary code by injecting malicious...

CVE-2025-36857

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...

CVE-2025-24088

The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles...

CVE-2025-24088

The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles...

Emerson WirelessHART Gateway 安全漏洞

The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. A security vulnerability exists in Emerson WirelessHART Gateway that stems from the susceptibility of the affected product to an unsterilized system configuration unzipped folder. An attacker could exploit the vulnerability ...

Cloudbees Jenkins Input Validation Error Vulnerability (CNVD-2021-03561)

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . An input validation error...

PT-2006-5265 · Microsoft · Terminal Server

Name of the Vulnerable Software and Affected Versions: Microsoft Terminal Server affected versions not specified Description: The issue allows local users to execute arbitrary code by forcing an Explorer error when running an application session with specific options. These options, "Start progra...