9285 matches found
CVE-2026-25253
OpenClaw/OpenClaw (clawdbot/Moltbot) vulnerability CVE-2026-25253 arises from the Control UI reading gatewayUrl from the URL query and auto-opening a WebSocket to the attacker’s endpoint with the stored token, enabling token exfiltration and potential full gateway compromise. Root cause: applySet...
Exploit for Argument Injection in Gnu Inetutils
Tell Me Root Batch Scanning Tool for the CVE-2026-24061 Telne...
NETGEAR’s various products have security vulnerabilities
NETGEAR R6260 is a product of the American company NETGEAR. The NETGEAR R6260 is a router. The NETGEAR R6230 is also a router. Netgear R7000 is another product of NETGEAR. The Netgear R7000 is a wireless router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem fr...
CVE-2025-59100
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
A WhatsApp bug lets malicious media files spread through group chats
WhatsApp is going through a rough patch. Some users would argue it has been ever since Meta acquired the once widely trusted messaging platform. User sentiment has shifted from “trusted default messenger” to a grudgingly necessary Meta product. Privacy-aware users still see WhatsApp as one of the...
Delinea Secret Server On-Prem Security Vulnerability
Delinea Secret Server On-Prem is a privileged access management platform provided by the American company Delinea. Versions 11.8.1, 11.9.6, and 11.9.25 of Delinea Secret Server On-Prem contain security vulnerabilities. These vulnerabilities stem from improper authentication procedures, which may...
CVE-2025-59100
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
CVE-2026-24535
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...
CVE-2026-24535
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...
CVE-2026-24535
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...
CVE-2026-24535 WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...
CVE-2026-24535
CVE-2026-24535 affects the WordPress plugin Automatic Featured Images from Videos up to version 1.2.7) or applying vendor mitigation. Connected material notes the vulnerable plugin, the affected version range, and that public advisories converge on updating beyond 1.2.7; exploitation status and i...
PT-2026-4383
Name of the Vulnerable Software and Affected Versions Automatic Featured Images from Videos versions through 1.2.7 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update Automatic Featured Images from...
A Survey of Security Challenges and Solutions for Advanced Air Mobility and EVTOL Aircraft
This survey reviews the existing and envisioned security vulnerabilities and defense mechanisms relevant to Advanced Air Mobility AAM systems, with a focus on electric vertical takeoff and landing eVTOL aircraft. Drawing from vulnerabilities in the avionics in commercial aviation and the automate...
MedDream PACS Premium autoPurge reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2253 MedDream PACS Premium autoPurge reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54817 SUMMARY A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.87...
MiracleLinux 7 : realmd-0.16.1-5.el7 (AXSA:2015-654:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-654:01 advisory. realmd is a DBus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA. The control center uses realmd as t...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ACME TLS certificates' automatic generation. An attacker can exhaust system resources by opening multiple connections, sending minimal ClientHello messages with acme-tls/1, an...
EUVD-2026-2949
Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall...
CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...
PT-2026-3141
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.35 and 3.6.7 Description Traefik, an HTTP reverse proxy and load balancer, has a potential issue in its ACME TLS certificates' automatic generation. The ACME TLS-ALPN fast path can allow unauthenticated clients t...