CVE-2026-7505

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

CVE-2026-7505

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

CVE-2026-7505 nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

EUVD-2026-26453

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the loadmodel function, which uses pickle for serialization. An attacker can execute code even if safemode is set to True, by supplyi...

OESA-2025-1250 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSION...

PT-2023-8404 · Htmlunit · Htmlunit

Name of the Vulnerable Software and Affected Versions: HtmlUnit versions prior to 3.9.0 Description: HtmlUnit is a GUI-less browser for Java programs that is vulnerable to Remote Code Execution RCE via XSTL when browsing an attacker's webpage. The reason for the vulnerability is that the FEATURE...

Server-side Request Forgery (SSRF)

Overview osm-static-maps is a Create a static image of a map with the features you want Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an...

PT-2020-8455

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.9.0 Description: An issue was discovered when SAML is used, where encryption and signature verification are not mandatory. Recommendations: For versions prior to 3.9.0, update to version 3.9.0 or later to...