192244 matches found
EUVD-2026-11573
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation
A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users...
CVE-2026-4041 Tenda i12 exeCommand vos_strcpy stack-based overflow
A security flaw has been discovered in Tenda i12 1.0.0.62204. Impacted is the function vosstrcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and m...
Symlink Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack through improper handling of symlink alias resolution during workspace boundary checks. An attacker can gain unauthorized write access to files outside the intended workspa...
Symlink Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the workspace path validation. An attacker can gain unauthorized access to files and potentially modify or create files outside the intended workspace boundary by...
CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
USN-8087-1 python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys...
USN-8087-1: python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys...
UBUNTU-CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
SUSE CVE-2026-3917
Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-3941
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2026-3099
Affects Libsoup’s server-side Digest authentication in SoupAuthDomainDigest. The vulnerability arises from failure to properly track issued nonces and increment nonce-count (nc), enabling a remote attacker to capture a single valid authentication header and replay it to bypass authentication and ...
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references. Original Description A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function...
EUVD-2026-11563
A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...