@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

ROS-20260506-73-0032

Vulnerability in tomcat10 related to insufficient protection of registration data. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

ROS-20260506-73-0033

Vulnerability in tomcat11 related to insufficient protection of registration data. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

ROS-20260506-73-0031

Vulnerability in tomcat related to insufficient protection of registration data. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

ROS-20260410-73-0014

A vulnerability in the cURL server communication software is related to insufficient protection of registration data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

PT-2026-2058

Name of the Vulnerable Software and Affected Versions RICOH Streamline NX versions 3.5.1 through 24R3 Description An improper authorization issue exists in the software. If a man-in-the-middle attack is performed on communication between the product and a user, and a specially crafted request is...

EUVD-2021-23369

Malware in sbrugna...

EUVD-2025-8132

Malicious code in bioql PyPI...

EUVD-2025-30912

Malicious code in bioql PyPI...

ROS-20250806-11

A vulnerability in the HTTP Requests library of the Python Requests programming language is related to insufficient protection of registration data. inadequate protection of login credentials. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to...

The vulnerability of the diagnostic logs of the Docker Desktop platform for developing and delivering container applications allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the diagnostic logs of the Docker Desktop platform for developing and delivering container applications is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerability of the IAM authentication service for the Kubernetes MinIO Operator STS allows a perpetrator to escalate their privileges and expose protected information.

The vulnerability of the IAM authentication service for the Kubernetes MinIO Operator STS is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to increase their privileges and expose sensitive information...

The vulnerability of the CI/CD application integration and delivery system provided by JetBrains TeamCity, related to insufficient protection of registration data, allows attackers to disclose protected information.

The vulnerability of the Continuous Integration and Deployment application delivery system CI/CD of TeamCity in JetBrains is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of FortiOS operating systems, related to insufficient protection of registration data, allows attackers to disclose sensitive information.

The vulnerability of the FortiOS operating systems is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to disclose the protected information...

The vulnerability of microprogrammed software in Canon’s imageRUNNER ADVANCE, imageRUNNER, imagePRESS V, imagePRESS, Satera series printers relates to insufficient protection of registration data, allowing attackers to disclose protected information.

The vulnerability of microprogrammed software in Canon’s imageRUNNER ADVANCE, imageRUNNER, imagePRESS V, imagePRESS, and Satera series printers relates to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...

The vulnerability of microprogrammed software in Canon’s imageRUNNER ADVANCE, imageRUNNER, imagePRESS V, imagePRESS, Satera series printers relates to insufficient protection of registration data, allowing attackers to disclose protected information.

The vulnerability of microprogrammed software in Canon’s imageRUNNER ADVANCE, imageRUNNER, imagePRESS V, imagePRESS, and Satera series printers relates to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...