Crabbox 授权问题漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained an authorization vulnerability. This vulnerability stemmed from an authentication bypass, allowing non-administrator token callers to impersona...

CVE-2026-33221 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...

📄 c3p0 Insecure Deserialization

A critical vulnerability in c3p0 prior to version 0.12.0 allows attackers to achieve remote code execution through insecure handling of the userOverridesAsString property in several ConnectionPoolDataSource implementations...

Audiobookshelf 安全漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 0.12.0-beta contained security vulnerabilities. These vulnerabilities were caused by malicious library metadata, leading to storage-side cross-site scripting attacks. Such attack...

Slackware Linux 15.0 / current libssh Multiple Vulnerabilities (SSA:2026-047-01)

The version of libssh installed on the remote host is prior to 0.11.4 / 0.12.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-047-01 advisory. New libssh packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

Apache Zeppelin 跨站脚本漏洞

Apache Zeppelin is an open source web-based laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. A cross-site scripting vulnerability exists in Apache Zeppelin versions prior to 0.12.0 that stems from an incomplete...

Microsoft Open Enclave SDK Information Disclosure Vulnerability (CNVD-2020-64264)

Microsoft Open Enclave SDK is a Microsoft SDK Software Development Kit for building secure zone applications in C and C ++. A security vulnerability exists in Open Enclave versions prior to 0.12.0 that stems from an information disclosure vulnerability that exists when an Enclave application uses...

JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...