OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that is caused by an arbitrary shell execution flaw in the shell environment fallback. An attacker can exploit the vulnerability to execute arbitrary commands on the system...

Microsoft Azure Cloud Shell 代码问题漏洞

Microsoft Azure Cloud Shell is a browser-based cloud command-line environment developed by Microsoft Corporation. There is a code vulnerability in Microsoft Azure Cloud Shell, which stems from a server-side request forgeing issue. This vulnerability could allow unauthorized attackers to escalate...

PT-2026-26278

🔴 CVE-2026-27067 - Critical Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through ... https://t.co/2PmcdZjLPe https://t.co/HOIpzGKqJA...

WordPress plugin Mobile App Editor 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

KLA90946 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Cloud Shell can be exploited remotely to gai...

📄 AVideo getImage.php Unauthenticated Command Injection

This Metasploit module exploits an unauthenticated OS command injection vulnerability in the AVideo encoder getImage.php endpoint. This affects versions prior to 7.0. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any...

PT-2026-26363

Name of the Vulnerable Software and Affected Versions Azure Cloud Shell affected versions not specified Description A server-side request forgery SSRF issue exists in Azure Cloud Shell. This allows an unauthorized attacker to elevate privileges over a network. Server-side request forgery is a web...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the Windows shell backtracking mechanism used in the Lobster...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

SUSE-SU-2026:20738-1 Security update for vim

This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip bsc1246602. - CVE-2026-26269: Netbeans specialKeys stack buffer overflow bsc1258229. - CVE-2026-28417: crafted URL parsed by netrw plugin...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

EUVD-2025-208815

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

CVE-2026-22321 Stack-Based Buffer Overflow in CLI Login Username Handling over CLI

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...

CVE-2026-22320

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

CVE-2025-31703

Dahua NVR/XVR devices are affected. A third‑party with physical access may access a restricted shell through the serial port and bypass shell authentication to escalate privileges. The CVSS assessment indicates low impact across confidentiality and integrity, no impact on availability. The provid...

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...