7 matches found
CVE-2026-35491
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
GHSA-J425-WHC4-4JGC OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots
Summary system.run env override sanitization allowed dangerous override-only helper-command pivots to reach subprocesses. A caller who could invoke system.run with env overrides could bypass allowlist/approval intent by steering an allowlisted tool through helper-command or config-loading...
qdrant has arbitrary file write via `/logger` endpoint
Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...
OPENSUSE-SU-2021:1370-1 Security update for systemd
This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa on a path bsc1188063. - logind: terminate cleanly on SIGTERM/SIGINT bsc1188018. - Adopting BFQ to control I/O jscSLE-21032, bsc1134353. - Rules weren't applied to dm devices multipath bsc1188713. - Ignore...
OPENSUSE-SU-2021:3348-1 Security update for systemd
This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa on a path bsc1188063. - logind: terminate cleanly on SIGTERM/SIGINT bsc1188018. - Adopting BFQ to control I/O jscSLE-21032, bsc1134353. - Rules weren't applied to dm devices multipath bsc1188713. - Ignore...
SUSE-SU-2021:3348-1 Security update for systemd
This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa on a path bsc1188063. - logind: terminate cleanly on SIGTERM/SIGINT bsc1188018. - Adopting BFQ to control I/O jscSLE-21032, bsc1134353. - Rules weren't applied to dm devices multipath bsc1188713. - Ignore...
Grammarly: Config override using non-validated query parameter allows at least reflected XSS by injecting configuration into state
Hi, First, I just want to say after spending a few days on your assets that I'm really impressed by the high security standard of the apps exposed. It has not been easy to find issues. I really like the way you've structured your API-routes in a way that almost eliminates a bunch of access issues...