CVE-2026-53811

OpenClaw is affected up to version 2026.5.7. The vulnerability is a privilege escalation in the Matrix allowFrom feature caused by mutable display name metadata, allowing authenticated accounts to match policy entries and receive agent access intended for another Matrix identity. Depending on ope...

CVE-2026-44998

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

CVE-2026-27099

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

CVE-2026-24740

CVE-2026-24740 affects Dozzle before v9.0.3, where a flaw in agent-backed shell endpoints lets a label-filtered user obtain an interactive root shell in out-of-scope containers on the same agent. A patch exists in v9.0.3; upgrade to 9.0.3+ or apply the vendor fix to remediate. Exploitation detail...

Database inventory plugin 访问控制错误漏洞

Database inventory plugin is an open source database management plugin for GLPI Project Plugins. An access control error vulnerability exists in Database inventory plugin versions prior to 1.0.3, which originates from the fact that any authenticated user can send requests to the agent...

EUVD-2024-39887

Malicious code in bioql PyPI...

EUVD-2022-2538

Malicious code in bioql PyPI...

EUVD-2022-3513

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-18179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacke...

CVE-2020-14012

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...

Jenkins LTS < 2.492.3 / Jenkins weekly < 2.504 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.492.3 or Jenkins weekly prior to 2.504. It is, therefore, affected by multiple vulnerabilities: - A missing permission check in Jenkins 2.503 and earlier, LTS 2.492...

CVE-2024-9693

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations...

PT-2024-36793 · Stardust · Stardust

Name of the Vulnerable Software and Affected Versions: Stardust versions prior to 12/20/24 Description: The issue affects Stardust, a platform for streaming isolated desktop containers. It allows inter container communication ICC to remain enabled, potentially granting users within one container...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...

PT-2024-39060

Name of the Vulnerable Software and Affected Versions: VICIdial version 2.14-917a Description: An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. An...

DIRAC 安全漏洞

DIRAC is an open source software framework for distributed computing from the DIRAC Project. A security vulnerability exists in DIRAC versions prior to 8.0.41, which stems from the possibility that an unauthorized user could gain read access to the agent, allowing the user to perform any action...

PT-2024-2340 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.11 Description: The issue is related to the use of dangerous methods or functions in the continuous integration and delivery CI/CD system, which may allow an attacker to escalate their privileges. Use...

SUSE CVE-2013-4088

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...

Netdata 授权问题漏洞

Netdata is a high-fidelity infrastructure monitoring and troubleshooting application open-sourced by Netdata.Netdata suffers from an authorization issue vulnerability that stems from the fact that anyone with access to the Netdata agent can access its MACHINEGUID.No details of the vulnerability a...