70 matches found
CVE-2026-26292 Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions
Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...
CVE-2026-56663
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...
Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords
Threat actors are deploying an updated SHub Stealer variant named Reaper that exploits the native macOS Script Editor to bypass OS-level protections and compromise cryptocurrency assets...
JLSEC-2026-549
A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to perform certain UI gestures to bypass download protections through a crafted HTML page. Chromium security severity: Low...
CVE-2026-8429
SPIP versions prior to 4.4.14 are affected by a remote code execution vulnerability in the private space, allowing an attacker to execute arbitrary code in the web server context. Affected component: SPIP core (private space); impact is high on confidentiality, integrity, and availability as desc...
GHSA-R747-33R4-RMJW Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were due to file-reading vulnerabilities, which could allow attackers to bypass navigation protections and create or...
CVE-2026-42430
OpenClaw before 2026.4.8 contains a server-side request forgery (SSRF) vulnerability in Playwright redirect handling that bypasses strict SSRF checks. Affected product: OpenClaw (npm package) with versions prior to 2026.4.8. Root cause: improper handling of Playwright redirects enabling request-t...
GHSA-F5FM-9JMP-C88R Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...
Improper Access Control
Hono is vulnerable to Improper Access Control. The vulnerability is due to inconsistent cookie parsing between browsers and the parse function, where differently formatted cookie names may be normalized to the same key, allowing attacker-controlled cookies to override legitimate ones and bypass...
CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu
OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chattype are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group...
CVE-2026-24640
A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection a...
Hono 安全漏洞
Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from inconsistent URL decoding when using serveStatic and routing-based middleware protections. This allowed paths containing...
CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
ElysiumVanguard
🌌 Elysium Vanguard: TITAN v13.0 Hardware-Bridged Kernel E...
CVE-2026-22269
CVE-2026-22269 affects Dell PowerProtect Data Manager
GHSA-83G3-92JG-28CX Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...
CVE-2020-37043
The CVE concerns 10-Strike Bandwidth Monitor 3.9. A buffer overflow in the registration key input allows exploitation that can bypass SafeSEH, ASLR and DEP, enabling remote code execution and arbitrary system commands. Connected sources confirm the targeted software and the exploitation path, but...
CVE-2020-37036
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching...