192486 matches found
Radio-Frequency Side-Channel Analysis of a Trapped-Ion Quantum Computer
Analogously to classical computers, quantum processors exhibit side channels that may give attackers access to potentially proprietary algorithms. We identify and exploit a previously unexplored side channel in trapped-ion quantum processors that arises from the radio-frequency RF signals used to...
PT-2026-23681
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...
orpc 安全漏洞
orpc is an open-source RPC and OpenAPI integration framework developed by middleapi. Versions of oRPC prior to 1.13.6 contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the RPC JSON deserializer of the @orpc/client package. This could allow unauthenticat...
PT-2026-23668
Name of the Vulnerable Software and Affected Versions WooCommerce versions 5.4.0 through 10.5.2 Description The WooCommerce WordPress plugin does not properly handle batch requests, potentially allowing unauthenticated users to execute administrative actions on non-store REST endpoints. This coul...
NewStart CGSL MAIN 6.06 (SP) : ruby Multiple Vulnerabilities (NS-SA-2026-0023)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has ruby packages installed that are affected by multiple vulnerabilities: - CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
Cisco Nexus 3600 9500-R Series Switching Platforms Layer 2 Loop DoS (cisco-sa-nxos-ether-dos-Kv8YNWZ4)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability with the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated,...
NewStart CGSL MAIN 6.06 (SP) : openssh Vulnerability (NS-SA-2026-0031)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by a vulnerability: - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such...
ROS-20260306-73-0020
A vulnerability in the rcudereferencertnl function of the Linux kernel is related to a pointer dereference error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260306-73-0019
A vulnerability in the lecdattach function of the Linux operating system kernel relates to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260306-73-0027
A vulnerability in the patavia function of the Linux kernel is related to improper resource release. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
NewStart CGSL MAIN 6.06 (SP) : openssh Multiple Vulnerabilities (NS-SA-2026-0003)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by multiple vulnerabilities: - The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control...
RHEL 10 : grafana (RHSA-2026:3831)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3831 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509:...
PT-2026-23706
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com playjoom&view=genre&catid=SQL to extract sensitive...
PT-2026-23801
Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.3.0 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains a DNS rebinding issue in the web fetch tool. An unauthenticated attacker can bypass URL validation a...
CVE-2026-28475
OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...
CVE-2026-28475
OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...
UBUNTU-CVE-2026-3606
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function adddatasegment of the file src/ettercap/utils/etterfilter/efoutput.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this...
EUVD-2026-9936
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service...
CVE-2026-28475
OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...
CVE-2026-28475 OpenClaw < 2026.2.13 - Timing Attack via Hook Token Comparison
OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...