OpenClaw Command Injection Vulnerability (CNVD-2026-13801)

OpenClaw is a tool for executing restricted commands that supports controlling command execution through a whitelisting mechanism. A command injection vulnerability exists in OpenClaw. An attacker could use this vulnerability to execute unauthorized commands bypassing command restrictions...

CVE-2026-25481

Langroid CVE-2026-25481: Prior to 0.59.32, TableChatAgent bypasses the fix for CVE-2025-46724 by enabling pandas_eval with unrestricted access to dangerous dunder attributes. This allows chaining DataFrame methods to leak eval and execute arbitrary code. The issue is patched in version 0.59.32. A...

EUVD-2019-6628

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-7921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to...

CVE-2025-6504

In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This vulnerability could be...

WhiteBeam 安全漏洞

WhiteBeam is a network threat protection software from WhiteBeam Open Source. A security vulnerability exists in WhiteBeam versions prior to 0.2.1 through 0.2.2, which stems from a file truncation operation that can bypass the whitelisting feature...

HONOR GameCenter 安全漏洞

HONOR GameCenter is a mobile game center program from China's Honor HONOR. A security vulnerability exists in Honor GameCenter that stems from a whitelisting mechanism bypass that could affect service confidentiality and integrity...

Regsvr32.exe (.sct) Command Delivery Server

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Regsvr32.exe .sct Command Delivery Server', 'Description' = %q This module uses the Regsvr32.exe Application Whitelisting Bypass technique as a w...

CVE-2024-34093

An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled...

Apache HugeGraph 安全漏洞

Apache HugeGraph-Server is the United States Apache Apache Foundation of a fast, scalable graph database. A security bypass vulnerability exists in Apache HugeGraph-Server, which can be exploited by an attacker to bypass whitelisting by sending specially crafted requests in authentication mode...

CVE-2023-29145

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LDLIBRARYPATH, set LDPRELOAD, or run an executable file in a debugger...

SUSE CVE-2020-7921

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...

IP Whitelisting Bypass

verbb/knock-knock is vulnerable to IP Whitelisting Bypass. It is due to the use of a flawed IP-Whitelisting mechanism of getting User IP , allowing bypass of IP whitelisting through X-Forwarded-For header manipulation...

MongoDB Server Security Mechanism Bypass Vulnerability

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in the authorization subsystem in MongoDB...

Design/Logic Flaw

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege...

CVE-2019-15689

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege...

CVE-2019-15689

CVE-2019-15689 affects Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, and Kaspersky Security Cloud prior to 2020 patch E. Root cause: DLL preloading/related DLL loading that allows a local attacker (with administrator rights) to place a compromised file to tri...

WebDAV Server Serving DLL

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Serve DLL via webdav server', 'Description' = %q This module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module...

CVE-2018-15591

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors...

Serve DLL via webdav server

This module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotly and execute the provided export function. The export...