34 matches found
GHSA-5H2W-QMFP-GGP6 OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
Summary The chat.send path let authorized write-scoped callers persist /verbose session overrides even though the same stored session mutation is admin-only through sessions.patch. Impact A write-scoped gateway caller could persist verbose output for later runs and expose more reasoning or tool...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can persist verbose output for future sessions and expose additional internal reasoning or tool output by leveraging...
Amazon Linux 2023 : ansible (ALAS2023-2025-1330)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1330 advisory. A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when runni...
Important: ansible
Issue Overview: A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these...
EUVD-2025-201152
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
Ansible Community General Collection is vulnerable to exposure of sensitive information
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
CVE-2025-14010
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
UBUNTU-CVE-2025-14010
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
CVE-2025-14010
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
CVE-2025-14010 Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
CVE-2025-14010
CVE-2025-14010 affects the Ansible Community General collection, where a flaw in ansible-collection-community-general can cause information exposure of sensitive credentials (plaintext passwords) via verbose output when Ansible runs with debug. This means attackers with access to logs could poten...
CVE-2025-14010 Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
Exploit for SQL Injection in Anisha Car_Rental_System
CVE‑2025‑6907 SQLi Exploit Tool File: exploit.c Aut...
LingoLoop Attack: Trapping MLLMs via Linguistic Context and State Entrapment into Endless Loops
Multimodal Large Language Models MLLMs have shown great promise but require substantial computational resources during inference. Attackers can exploit this by inducing excessive output, leading to resource exhaustion and service degradation. Prior energy-latency attacks aim to increase generatio...
MGASA-2025-0102 Updated libarchive packages fix security vulnerability
listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...
Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024
CVE-2024-4358 An Vulnerability detection and Mass Exploitation...
CLZero - A Project For Fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors
A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. About Thank you to @albinowax, @defparam and @d3d else this tool would not exist. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 A scanning utility and PoC for CVE-2023-50164...
HEDnsExtractor - Raw Html Extractor From Hurricane Electric Portal
HEDnsExtractor Raw html extractor from Hurricane Electric portal Features Automatically identify IPAddr ou Networks through command line parameter or stdin Extract networks based on IPAddr. Extract domains from networks. Installation go install -v...
CVE-2022-20914
A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...