SUSE CVE-2021-21309

Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for...

CVE-2026-42316

kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...

CashDro 安全漏洞

CashDro is an intelligent device system developed by CashDro Corporation, designed for automated management of cash receipts and change dispensing at stores. Version 3.24.01.00.26 of CashDro contains a security vulnerability. This vulnerability stems from the platform’s ability to allow user...

PT-2026-38910

Name of the Vulnerable Software and Affected Versions CashDro 3 version 24.01.00.26 Description The web administration panel allows the use of numeric PINs for user authentication to maintain compatibility with POS software integrations deployed since 2012. This implementation enables attackers t...

GHSA-JJW7-3VJF-FG5J OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get

Summary OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still models Nostr privateKey as plain string so config views can expose it, and the secret-schema f...

CVE-2026-32914

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted ...

PT-2026-28484

Name of the Vulnerable Software and Affected Versions Frigate version 0.17.0 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated, non-administrator user can access the complete, unredacted Frigate configurati...

CSPro Users CSWeb 安全漏洞

CSPro Users CSWeb is a web application developed by CSPro Users Inc. It allows users to securely transfer cases or files between client devices and web servers. Version 8.0.1 of CSPro Users CSWeb contains a security vulnerability. This vulnerability stems from the ability to access app/config via...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

GHSA-R7VR-GR74-94P8 OpenClaw: Command-authorized non-owners could reach owner-only `/config` and `/debug` surfaces

Summary OpenClaw documented /config and /debug as owner-only commands, but the command handlers checked only whether the sender was command-authorized. A lower-trust sender who was intentionally allowed to run commands could still reach privileged configuration and debugging surfaces. Impact This...

OpenClaw: Command-authorized non-owners could reach owner-only `/config` and `/debug` surfaces

Summary OpenClaw documented /config and /debug as owner-only commands, but the command handlers checked only whether the sender was command-authorized. A lower-trust sender who was intentionally allowed to run commands could still reach privileged configuration and debugging surfaces. Impact This...

EUVD-2026-9904

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the transform module path resolution process. An attacker can execute arbitrary JavaScript code with gateway-process privileges by causing a symlinked entry t...

Census CSWeb multiple vulnerabilities

RISK EVALUATION Census CSWeb allows a remote, authenticated attacker to perform actions such as path traversal, arbitrary file upload and stored XSS. An unauthenticated attacker could also send requests to configuration files in some deployments. 2. RECOMMENDED PRACTICES Update to 8.1.0 alpha...

Exploit for Improper Privilege Management in Patriotmemory Viper_Rgb_Firmware

GenericDrv amigendrv64.sys - Proof of Concept Overview...

PT-2026-6859

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...

CVE-2025-68310

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pcicfgaccesslock when executing the s390 variant of PCI error recovery: Acquire just devicelock instead of pcidevlock as...

CVE-2025-68310 s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pcicfgaccesslock when executing the s390 variant of PCI error recovery: Acquire just devicelock instead of pcidevlock as...

CVE-2025-34180 NetSupport Manager < 14.12.0001 Gateway Key Reversible Encoding Credential Recovery

NetSupport Manager 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored...