CVE-2026-3943 H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-28512

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

EUVD-2025-208466

PROBLEMTYPE in COMPONENT in VENDOR PRODUCT VERSION on PLATFORMS allows ATTACKER to IMPACT via VECTOR...

EUVD-2025-208465

PROBLEMTYPE in COMPONENT in VENDOR PRODUCT VERSION on PLATFORMS allows ATTACKER to IMPACT via VECTOR...

EUVD-2026-10453

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's...

CVE-2026-2261 blocklistd(8) socket leak

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

Apache Airflow Log Message Disclosure Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...

EUVD-2026-9900

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to Denial Of Service DoS. The vulnerability is due to incorrect Content Length header validation, where an attacker can exploit this vulnerability to cause a denial of service...

GHSA-X82F-27X3-Q89C OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries

Summary A symlink-retarget TOCTOU race in writeFileWithinRoot could point an attacker-controlled path alias outside the configured root between resolution and write operations. Impact Affected versions could cause out-of-root write side effects including file creation or truncation before final...

EUVD-2026-8994

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

HTTP Header Injection

Overview org.webjars.npm:koa is a Koa web app framework Affected versions of this package are vulnerable to HTTP Header Injection via the hostname function in the. request.js file. An attacker can manipulate the value hostname by sending a specially crafted HTTP Host header containing an @ symbol...

CVE-2026-27615 ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

GHSA-GM37-QX7W-P258 ImageMagick: Possible memory leak in ASHLAR encoder

A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. ==880062== Memcheck, a memory error detector ==880062== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al...

CVE-2026-2697

CVE-2026-2697 is an IDOR vulnerability in Tenable Security Center prior to 6.8.0 where an authenticated remote attacker can escalate privileges via the owner parameter. Multiple sources (NVD, Red Hat, CVE listings, and Tenable advisory) confirm the issue and its association with Security Center. ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper escaping of user input in website and author fields before being inserted into an HTML attribute. An attacker can execute arbitrary JavaScript in the context of users viewing affected comment...

OpenClaw 代码问题漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a code issue vulnerability that stems from a Cron webhook delivery using fetch direct call, which can be exploited by an attacker to cause the webhook target to access private or internal endpoints...

CVE-2026-26993

CVE-2026-26993 affects the Flare file sharing platform (Next.js-based) up to version 1.7.0. An attacker can embed malicious JavaScript in an SVG (or HTML/XML) and trigger script execution in the app’s origin when a file is viewed in “raw” mode, enabling stored XSS and potential user data exfiltra...