@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

ROS-20260506-73-0032

Vulnerability in tomcat10 related to insufficient protection of registration data. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

ROS-20260506-73-0033

Vulnerability in tomcat11 related to insufficient protection of registration data. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

ROS-20260506-73-0031

Vulnerability in tomcat related to insufficient protection of registration data. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

ROS-20260410-73-0014

A vulnerability in the cURL server communication software is related to insufficient protection of registration data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

PT-2026-2058

Name of the Vulnerable Software and Affected Versions RICOH Streamline NX versions 3.5.1 through 24R3 Description An improper authorization issue exists in the software. If a man-in-the-middle attack is performed on communication between the product and a user, and a specially crafted request is...

EUVD-2021-23369

Malware in sbrugna...

EUVD-2025-8132

Malicious code in bioql PyPI...

EUVD-2025-30912

Malicious code in bioql PyPI...

ROS-20250806-11

A vulnerability in the HTTP Requests library of the Python Requests programming language is related to insufficient protection of registration data. inadequate protection of login credentials. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to...

CVE-2021-36791

The datednews aka Dated News extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data...

PT-2025-1121 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient protection of registration data in the Windows kernel, which can be exploited to disclose protected information. This can allow an attacker to obtain...

PT-2024-9848 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue is related to insufficient protection of registration data in JetBrains TeamCity, a continuous integration and continuous delivery CI/CD system. This allows a remote attacker...

PT-2024-7903

Name of the Vulnerable Software and Affected Versions: OpenWRT Luci LTS affected versions not specified Description: An issue in the luci-mod-rpc package allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package. The...

PT-2024-6626 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.44799 Description: The issue is related to insufficient protection of registration data in JetBrains YouTrack, allowing a remote attacker to gain unauthorized access to protected information. The...

PT-2024-9568 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A series of related high-severity vulnerabilities in Veeam Backup & Replication enables remote code execution RCE as the service account and extraction of sensitive...