114 matches found
CVE-2026-43569
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...
EUVD-2026-27289
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...
GHSA-939R-RJ45-G2RJ OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
Summary Workspace provider auth choices could auto-enable untrusted provider plugins. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Non-interactive onboarding could select a provider auth choice shadowed by an untrusted workspace plugin,...
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
Summary Workspace provider auth choices could auto-enable untrusted provider plugins. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Non-interactive onboarding could select a provider auth choice shadowed by an untrusted workspace plugin,...
PT-2026-37024
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An authentication bypass allows untrusted workspace plugins to be automatically enabled during non-interactive onboarding when provider authentication choices are shadowed. This occurs because th...
EUVD-2026-23108
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions...
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions
Summary The choices and counts query parameters in the Apostrophe CMS REST API allow unauthenticated users to extract distinct field values for any schema field that has a registered query builder, completely bypassing publicApiProjection restrictions that are intended to limit which fields are...
GHSA-C276-FJ82-F2PQ ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions
Summary The choices and counts query parameters in the Apostrophe CMS REST API allow unauthenticated users to extract distinct field values for any schema field that has a registered query builder, completely bypassing publicApiProjection restrictions that are intended to limit which fields are...
Human Trust of AI Agents
Interesting research: "Humans expect rationality and cooperation from LLM opponents in strategic games." Abstract: As Large Language Models LLMs integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings. ...
CVE-2026-39857
CVE-2026-39857 – ApostropheCMS (Node.js) : Versions 4.28.0 and earlier contain an authorization bypass in the REST API (choices and counts query parameters) where MongoDB distinct() is used in a way that ignores publicApiProjection restrictions. This allows an unauthenticated attacker to retrieve...
CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...
PT-2026-33173
Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description An authorization bypass exists in the REST API of this open-source Node.js content management system. Unauthenticated attackers can extract all distinct field values for any schema field type...
GHSA-FCPV-W245-R2Q7 DotNetNuke.Core security code analysis rules triggered
The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices...
DotNetNuke.Core security code analysis rules triggered
The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices...
What a Secure Setup Really Looks Like for Storing Digital Assets
How you choose to store your assets is one of the most important decisions you’ll make when you…...
CVE-2025-61601
BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...
EUVD-2025-33564
BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...
EUVD-2015-1415
Malware in sbrugna...
EUVD-2022-3477
Malicious code in bioql PyPI...
EUVD-2022-5188
Malicious code in bioql PyPI...