253 matches found
EUVD-2026-31783
A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...
@antv/g6 (>=5.0.0-alpha.1 <=5.0.0-beta.28) potentially affected by unknown CVE via @antv/layout-gpu (=1.1.7)
@antv/layout-gpu NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/layout-gpu and may be impacted: - @antv/g6 =5.0.0-alpha.1, =5.0.0-beta.28 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLAYOUTGPU-16754486...
CVE-2025-32425
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...
EUVD-2025-209827
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...
Missing Authorization
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the browser snapshot, screenshot, and tab routes due to insufficient validation of the final browser target after navigation. An attacker can access internal or...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...
goshs θ·―εΎιεζΌζ΄
Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained a path traversal vulnerability. This vulnerability stemmed from the SFTP subsystemβs sanitizePath function, which used prefix-based path validation. As a result,...
Incorrect Authorization
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization due to the heartbeat owner downgrade not properly handling untrusted webhook wake events. An attacker can maintain elevated privileges by sending specially crafted...
Incorrect Authorization
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization when handling collect-mode queue batches, where messages from different senders could be processed together using the authorization context of the final sender. An...
GHSA-C29W-QQ4M-2GCV goshs has an empty-username SFTP password authentication bypass
Summary goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP password handler. As a result, an unauthenticated network...
org.webjars.npm:vitepress (=1.0.0-draft.8) potentially affected by CVE-2026-39365 via org.webjars.npm:vite (=3.0.0-beta.9)
org.webjars.npm:vite MAVEN version =3.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vite and may be impacted: - org.webjars.npm:vitepress =1.0.0-draft.8 Source cves: CVE-2026-39365 Source advisory:...
Linux Distros Unpatched Vulnerability : CVE-2026-20915
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject...
Information Exposure
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure in the config.get process. An attacker can obtain sensitive plaintext signing keys by accessing configuration views that expose the secret value. Remediation Upgrade...
EUVD-2026-18009
Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...
EUVD-2026-17429
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
CVE-2026-33276
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the request handling flow inside the Docker daemon. An attacker can bypass authorization checks by sending specially-crafted requests that cause the authorization plugin to receive the request without its body...
Reliance on Untrusted Inputs in a Security Decision
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision in the trusted-proxy Control UI session handling process. An attacker can retain privileged scopes without device identity by accessing...