Astra Linux - уязвимость в network-manager

It was found that nmcli, a command-line interface for NetworkManager, does not honor the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, authentication does not occur, and the connection is made insecurely...

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

CVE-2026-45000

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

GHSA-68W5-W573-Q2R8 MantisBT Has Authorization Bypass in Global Profile Creation

MantisBT allows a low-privileged authenticated user having addprofilethreshold to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a valid profile creation request. Impact Authentication bypass Patches -...

Authorization Bypass Through User-Controlled Key

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the userid parameter during the profile creation process. An attacker can gain unauthorized access to create global profiles by tampering wit...

CVE-2026-45000

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

CVE-2026-45000

OpenClaw before 2026.4.20 is affected by a server-side request forgery in the browser CDP profile creation flow. The vulnerability allows creation of stored profiles that can point to private-network or metadata endpoints and bypass strict-mode SSRF policy checks, with the sensitive endpoints pot...

NPM: OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks

NPM: OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Browser profile creation normalized cdpUrl values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the browser profile creation process. An attacker can cause unauthorized requests to internal network resources by storing a profile with a cdpUrl...

CVE-2026-32972

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993282)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993282 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL onl...

CVE-2025-56382

A stored Cross-site scripting XSS vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing customer profiles. This malicious input is...

EUVD-2019-2081

Malware in sbrugna...

EUVD-2021-11960

Malware in sbrugna...

CVE-2025-56382

A stored Cross-site scripting XSS vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing customer profiles. This malicious input is...

CVE-2025-56382

The CVE-2025-56382 entry describes a stored XSS in LionCoders SalePro POS 5.4.8, specifically in the Customer Management Module. An authenticated user can inject script or HTML via the 'Customer Name' field when creating or editing a customer profile. The input is not properly sanitized before st...

CVE-2025-8480

creationtimestamp| type| source ---|---|--- 2025-08-01 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-766/ 2025-08-01 21:57:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvengxf6w32z...