8 matches found
SUSE CVE-2003-0354
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job...
PT-2026-32486
Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.32.0 Description The library allows the execution of arbitrary commands through the manipulation of Git options. This occurs because the unsafe operations plugin uses a regular-expression-based blocklist to preve...
PT-2026-31966
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...
OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk
Summary Tlon media downloads can bypass core safety limits and exhaust disk Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 Tlon media downloads bypassed core size/count/cleanup limits, but this is availability-only resource exhaustion in a...
CVE-2026-26742
PX4 Autopilot versions 1.12.x–1.15.x have a protection mechanism failure in the Re-arm Grace Period logic. The system applies the in-air emergency re-arm logic to ground scenarios; if a pilot switches to Manual mode and re-arms within 5 seconds of an automatic landing, pre-flight safety checks (i...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition during rsync's handling of symbolic links which allows an attacker to bypass the default behavior and traverse symbolic links. Remediation A fix was pushed into the master branch but not yet published. References - GitHub...
ghostscript: missing attack vector protections for CVE-2019-6116
It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...
ghostscript: superexec operator is available (700585)
It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...