31205 matches found
CVE-2026-33151
A flaw was found in Socket.IO, an open-source, real-time communication framework. A remote attacker could exploit this vulnerability by sending specially crafted Socket.IO packets that cause the server to buffer a large number of binary attachments. This excessive buffering can lead to the server...
PT-2026-27242
OpenClaw before 2026.3.1 contains an approval bypass vulnerability in system.run where non-path-like argv0 tokens fail to bind executable identity, allowing post-approval executable rebind. Attackers can modify PATH resolution after approval to execute a different binary than the operator approve...
PT-2026-27135
A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can caus...
Linux Distros Unpatched Vulnerability : CVE-2026-4647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when...
PT-2026-27176
Name of the Vulnerable Software and Affected Versions cbor2 versions prior to 5.9.0 Description The cbor2 library is susceptible to a Denial of Service DoS attack due to uncontrolled recursion when decoding deeply nested CBOR structures. This affects both the pure Python implementation and the C...
Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered...
GHSA-MXMG-3P7M-2GHR Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered...
CVE-2026-32065
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...
CVE-2026-32065
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...
EUVD-2026-13966
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...
CVE-2026-32065
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...
CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...
CVE-2026-33151
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...
CVE-2026-33151
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...
UBUNTU-CVE-2026-33151
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...
CVE-2026-33151 socket.io allows an unbounded number of binary attachments
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...
CVE-2026-33151
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...
CVE-2026-33151
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...
CVE-2026-33151
CVE-2026-33151 affects Socket.IO. In affected releases (prior to 3.3.5, 3.4.4, and 4.2.6) a crafted Socket.IO packet can cause the server to buffer a large number of binary attachments, potentially exhausting memory. The vulnerability is patched in 3.3.5, 3.4.4, and 4.2.6. Some connected IBM bull...
CVE-2026-33151 socket.io allows an unbounded number of binary attachments
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...