20 matches found
CVE-2026-53810
OpenClaw is affected by a code execution vulnerability present before version 2026.5.18. The issue arises from marketplace runtime extension metadata that can redirect loading to unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin co...
EUVD-2022-28996
Malicious code in bioql PyPI...
ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy
A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden,…...
The vulnerability of the Extensions component of the Google Chrome browser allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Google Chrome browser’s Extensions component is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows an attacker who operates remotely to gain unauthorized access to protected information...
CVE-2019-10805
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...
CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
The vulnerability of Google Chrome’s Autofill function for Android allows attackers to circumvent existing security restrictions.
The vulnerability of Google Chrome’s Autofill function for Android relates to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created HTML page...
Google Nest 授权问题漏洞
Google Nest is a smart home product by Google, an American company. Google Nest has a security vulnerability. The vulnerability allows unauthenticated nodes to forge radio frames using "Key ID Mode 2", a special mode that uses a static encryption key to bypass security checks, allowing arbitrary ...
UBUNTU-CVE-2023-23604
A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...
Dell BIOS 安全漏洞
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. The Dell BIOS has a security vulnerability that stems from the inclusion of a competitive condition vulnerability that can be exploited by a local attacker by sending malicious input via SMI to bypass...
CVE-2022-26859
Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM...
CVE-2021-40872
The CVE-2021-40872 issue affects Softing Industrial Automation uaToolkit Embedded prior to version 1.40. Affected component: the OPC/UA server implemented by uaToolkit Embedded. Root cause: invalid type cast leading to server process crash on crafted messages. Impact: remote attacker can cause a ...
Hanno's projects: blind sql injection
Summary: There exists a possibility that your Serendipity installation is vulnerable to a blind sql injection. Description: By sending specially crafted SQL commands to /plugin/tag/ and timing how long it takes for the server to respond, it is quite possible that the blog backend is interepreting...
TrendNet AUTHORIZED_GROUP Information Disclosure Vulnerability
Exploit for hardware platform in category web applications TrendNet AUTHORIZEDGROUP Information Disclosure Full report: https://blogs.securiteam.com/index.php/archives/3627 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes an information disclosur...
GHSA-JXHW-MG8M-2PJ8 Devise does not properly perform type conversion when performing database queries
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...
Microsoft Windows Task Manager Elevation of Privilege Vulnerability (CNVD-2015-05975)
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows, which can be exploited by a local attacker to bypass analog level security checks and elevate privileges...
The vulnerability of the Windows operating system, which allows a remote attacker to escalate their privileges
The Microsoft Windows operating system contains a vulnerability related to improper verification and application of impersonation levels. This allows attackers to bypass security checks and elevate their privileges, including gaining administrator account information. If exploited successfully,...
Local Java applets may read contents of local file system — Mozilla
Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on...
Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01)
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnwin01feb12.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 Windows 01 Authors:...
CVE-2008-1862
ExBB Italia 0.22 and earlier are affected by PHP remote file inclusion vulnerabilities. The CVE-2008-1862 family describes checks on GET requests via QUERY_STRING that can be bypassed using POST or COOKIE variables, enabling RFI through URLs in the exbb[home_path] or new_exbb[home_path] parameter...