67 matches found
CVE-2026-12814
A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...
CVE-2026-9860
The CVE-2026-9860 entry concerns the WordPress plugin “Offload, AI & Optimize with Cloudflare Images” (versions
PT-2026-49536
Name of the Vulnerable Software and Affected Versions browserstack-cypress-cli versions prior to 1.36.4 Description The browserstack-cypress-cli allows users to run Cypress tests on BrowserStack. An OS command injection is possible through the cypress config file configuration parameter. In the...
PT-2026-48442
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...
CVE-2026-11493 Tenda AC15 Samba smb.conf weak password
A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etcro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level ...
CVE-2026-41489 Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...
EUVD-2026-25323
OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...
GHSA-R7P2-R9G4-4XPH Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f7j-rp58-mr42. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin...
Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f7j-rp58-mr42. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin...
CVE-2026-41339
OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...
CVE-2026-41339 OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot
OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from exposing configPath and stateDir metadata to non-administrator authenticated clients during the Gateway...
GHSA-2F7J-RP58-MR42 OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Summary Before OpenClaw 2026.4.2, the Gateway connect success snapshot exposed local configPath and stateDir metadata to non-admin clients. Low-privilege authenticated clients could learn host filesystem layout and deployment details that were not needed for their role. Impact A non-admin client...
CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...
CVE-2026-5621 ChrisChinchilla Vale-MCP HTTP index.ts os command injection
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...
CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...
CVE-2026-5621
CVE-2026-5621 affects ChrisChinchilla Vale-MCP up to version 0.1.0. The vulnerability targets the HTTP Interface, specifically the file src/index.ts, where manipulation of the argument config_path enables an OS command injection. An attacker must be local to exploit it. The exploit is public, and...
Vale MCP Server 操作系统命令注入漏洞
The Vale MCP Server is an AI assistant protocol server with integrated syntax checking capabilities, developed by Chris Chinchilla. Versions of the Vale MCP Server prior to 0.1.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper...
PT-2026-30564
Name of the Vulnerable Software and Affected Versions ChrisChinchilla Vale-MCP versions up to 0.1.0 Description A vulnerability exists in ChrisChinchilla Vale-MCP up to version 0.1.0, specifically within the file src/index.ts of the HTTP Interface component. The manipulation of the config path...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the /status/config endpoint. An attacker can obtain plaintext S3 Server-Side Encryption with Customer-Provided Keys by sending a request to this endpoint, potentially allowing unauthorized...