341 matches found
OpenClaw Access Control Error Vulnerability (CNVD-2026-14390)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from a browser-initiated WebSocket connection that can bypass origin authentication under certain configurations, which can be exploited by an attacker ...
SUSE-SU-2026:0579-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection bsc1257440. - CVE-2026-1761: Check length of bytes read in soupfilterinputstreamreaduntil to avoid a stack-based buffer overflow...
Ubuntu: Security Advisory (USN-8011-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source that can circumvent the trusted dependencies list. An attacker can cause unintended dependencies to be loaded by including malicious file:, link:, git:, or github: URLs to import packages whose names also exis...
CVE-2026-0770
Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-23645 SiYuan Vulnerable to Stored Cross-Site Scripting (XSS) via Unrestricted SVG File Upload
SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an...
PT-2026-3304
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4-dev2 Description SiYuan Note does not properly sanitize uploaded SVG files. This allows a user to upload a malicious SVG file, such as one obtained from an untrusted source, which can then execute arbitrary...
PT-2026-26327
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...
Inclusion of Web Functionality from an Untrusted Source
Overview github.com/mindersec/minder/internal/datasources/rest is an implementation of a REST data source Affected versions of this package are vulnerable to Inclusion of Web Functionality from an Untrusted Source via the http.send function in Rego programs. A user can access internal network...
Siemens SIMATIC S7-1500 Excessive Iteration (CVE-2023-3817)
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...
Inclusion of Web Functionality from an Untrusted Source
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Inclusion of Web Functionality from an Untrusted Source via the execute event handler used by the Direct Connections feature. An attacker can gain access to authentication tokens, take over user accounts, and...
EUVD-2020-27352
Malware in sbrugna...
EUVD-2019-1169
Malware in sbrugna...
EUVD-2020-19515
Malware in sbrugna...
EUVD-2017-2730
Malware in sbrugna...
EUVD-2021-0034
Malware in sbrugna...
EUVD-2017-17794
Malware in sbrugna...
EUVD-2022-0882
Malicious code in bioql PyPI...
EUVD-2022-32671
Malicious code in bioql PyPI...
EUVD-2022-52840
Malicious code in bioql PyPI...