1935 matches found
CVE-2026-35660
OpenClaw is affected by a vulnerability in the Gateway agent’s /reset endpoint, prior to version 2026.3.23. The flaw grants callers with operator.write permission the ability to reset admin sessions by invoking /reset or /new with an explicit sessionKey, bypassing operator.admin requirements and ...
EUVD-2026-21193
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
CVE-2026-33771
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
CVE-2026-33771
CVE-2026-33771 affects Juniper CTP OS (CTP OS) and its password management function, where password complexity requirements configured in the admin menu are not saved, allowing weak passwords. This could enable an unauthenticated, network-based attacker to exploit weak local passwords and potenti...
PT-2026-31344
Name of the Vulnerable Software and Affected Versions Kibana versions affected versions not specified Description Kibana One Workflow contains a Server-Side Request Forgery CWE-918 issue that can lead to information disclosure. An authenticated user with workflow creation and execution privileges...
CVE-2026-35208
lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...
PT-2026-30726
lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...
redhound-arsenal
Red Hound Arsenal Agent-consumable security skill library for...
PT-2026-30240
Name of the Vulnerable Software and Affected Versions util-linux versions prior to 2.41.4 Description A Time-of-Check-Time-of-Use TOCTOU vulnerability exists in the SUID binary /usr/bin/mount within util-linux. When setting up loop devices, the binary validates a file path with user privileges bu...
Architectural Implications of the UK Cyber Security and Resilience Bill
The UK Cyber Security and Resilience CS&R Bill represents the most significant reform of UK cyber legislation since the Network and Information Systems NIS Regulations 2018. While existing analysis has addressed the Bill's regulatory requirements, there is a critical gap in guidance on the...
RegPwnBOF
🛡️ RegPwnBOF - Simple Registry Action Tool !Download RegPwn...
Weak Password Requirements
Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient rate limiting in the webhook authentication process. An attacker can repeatedly guess weak webhook tokens by sending...
Weak Password Requirements
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Weak Password Requirements in the authentication process for Telegram webhooks due to missing rate limiting on secret guesses. An attacker can repeatedly attempt to guess weak secrets by...
CSTS: A Canonical Security Telemetry Substrate for AI-Native Cyber Detection
AI-driven cybersecurity systems often fail under cross-environment deployment due to fragmented, event-centric telemetry representations. We introduce the Canonical Security Telemetry Substrate CSTS, an entity-relational abstraction that enforces identity persistence, typed relationships, and...
Exploit for Type Confusion in Apple Ipados
🛡️ corunaanalysis - Understand Malware Exploit Behavior Simpl...
denkair-lab
DenkAir - Windows AD Pentesting Lab A comprehensive Windows A...
Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities
Summary This release addresses multiple security vulnerabilities across various components of IBM Engineering Requirements Management DOORS and DOORS Web Access product. Many vulnerabilities are rated Critical CVSS ≥ 9.0, including a Tomcat rewrite rule bypass CVE-2025-31651, Tomcat Improper...
CVE-2025-13734
IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...