13661 matches found
CVE-2026-28429 Talishar: Critical Path Traversal in gameName Parameter
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone...
CVE-2026-28429
Talishar (Flesh and Blood fan project) has a path traversal flaw in the gameName parameter prior to commit 6be3871. ParseGamestate.php can be accessed as a standalone script, allowing directory traversal sequences (e.g., ../) to reach unauthorized files. The issue is mitigated by the patch in com...
EUVD-2026-9982
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone...
CVE-2026-28429 Talishar: Critical Path Traversal in gameName Parameter
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone...
CVE-2025-69653
A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 2025-12-11, in file gcdecrefchild in quickjs.c, when executed with the qjs interpreter using the -m option. This leads to an abort SIGABRT...
PT-2026-23648
Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to perform authenticated game actions β including sending chat messages and submitting game inputs β by...
PT-2026-23726
Name of the Vulnerable Software and Affected Versions Mesa versions prior to 3.5.1 Description Mesa is a Python library used for agent-based modeling and simulating complex systems. A flaw exists where checking out untrusted code within the benchmarks.yml workflow could allow for code execution...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-005841)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005841 advisory. jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function fstrflocaltime of /src/builtin.c. This issue has...
CVE-2026-28484
OpenClaw contains an option-injection vulnerability in the git-hooks/pre-commit hook in versions prior to 2026.2.15. The hook fails to use a -- separator when piping filenames through xargs to git add, enabling an attacker to inject git flags by supplying maliciously-named files beginning with da...
EUVD-2026-9929
OpenClaw versions prior to 2026.2.15 contain an option injection vulnerability in the git-hooks/pre-commit hook that allows attackers to stage ignored files by creating maliciously-named files beginning with dashes. The hook fails to use a -- separator when piping filenames through xargs to git...
CVE-2026-28484
...
CVE-2026-28484
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Incorrect Regular Expression
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Incorrect Regular Expression in the Content-Type header validation. An attacker can cause the server to incorrectly process requests with malformed Content-Type headers by sending value...
PT-2026-23558
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description The software contains an option injection flaw in the git-hooks/pre-commit hook. This allows attackers to stage files that are normally ignored by creating files that begin with dashes. The hook...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005641)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005641 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commi...
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
Summary After upgrading the library from 1.5.2 to 1.6.0 and the latest 1.6.5 it was noticed that previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was...
Incorrect Authorization
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the processing of Slack interactive callbacks, specifically blockaction, viewsubmission, and viewclosed. An attacker can inject unauthorized system-event text...
Incorrect Authorization
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the WebSocket connect process. An attacker can inject unauthorized node.event messages by connecting with a shared gateway token and claiming role=node without...
Incorrect Authorization
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the toolsBySender process when untyped sender keys are used. An attacker can gain unauthorized access to privileged group tool permissions by causing an...
Replay Attack
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack via the webhook replay handling. An attacker can cause duplicate inbound actions to be processed by replaying previously valid signed webhook requests after the replay windo...