CVE-2026-3689

OpenClaw Canvas contains a path traversal information disclosure in the canvas gateway endpoint due to improper validation of user-supplied path parameters. The issue, affecting OpenClaw Canvas (various versions), can allow remote attackers to disclose sensitive information within the service acc...

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper...

CVE-2026-0760 Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability

Foundation Agents MetaGPT deserializemessage Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this...

CVE-2026-0755 gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability

gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-12487

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...

(0Day) Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the PatchHistory class. The issue results from the lack of proper validation of a...

(0Day) Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportRunPatch class. The issue results from the lack of proper validation of a...

GFI Archiver Telerik Web UI Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik We...

Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordGoodApp method. The issue results from the lack ...

DEBIAN-CVE-2023-42114

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling o...

Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wazuh. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Analysis Engine service, which listens on TCP port 1514 by default. The issue results from the...

SolarWinds Security Event Manager AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Security Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the AMF deserialization endpoints. The issue...

SolarWinds Access Rights Manager ExecuteAction Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteAction method. The issue results from the lack of proper...

Deserialization of untrusted data

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate...

Oracle WebLogic Server ForeignOpaqueReference JNDI Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ForeignOpaqueReference class. The issue results from the lack of proper...

Cacti poll_for_data Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pollfordata function. The issue results from the lack of proper validation of a user-supplied...

mariadb: lack of proper validation of a user-supplied string before using it as a format specifier

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue results from the lack of proper...

Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Data Node jobs. The issue results from the lack of proper...