CVE-2026-41358 OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context

OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model context...

CVE-2026-6587

Vibrantlabsai RAGAS (up to 0.4.3) is affected in the Collections Module. The vulnerability lies in the function _try_process_local_file/_try_process_url (src/ragas/metrics/collections/multi_modal_faithfulness/util.py). Manipulating the argument retrieved_contexts can trigger a server-side request...

PT-2026-20397

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

Securing AI Agents against Prompt Injection Attacks

Retrieval-augmented generation RAG systems have become widely used for enhancing large language model capabilities, but they introduce significant security vulnerabilities through prompt injection attacks. We present a comprehensive benchmark for evaluating prompt injection risks in RAG-enabled A...

Context Manipulation Attacks : Web Agents Are Susceptible to Corrupted Memory

Autonomous web navigation agents, which translate natural language instructions into sequences of browser actions, are increasingly deployed for complex tasks across e-commerce, information retrieval, and content discovery. Due to the stateless nature of large language models LLMs, these agents...

Advisory ROSA-SA-2021-1982

Software: system 219 OS: Cobalt 7.9 CVE-ID: CVE-2013-4392 CVE-Crit: HIGH CVE-DESC: systemd when updating file permissions allows local users to change SELinux permissions and security contexts for arbitrary files via a symbolic link attack on unspecified files. CVE-STATUS: default CVE-REV: defaul...

CVE-2016-10529

Droppy versions 3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under hi...

Sitefinity Enterprise v7.2.53 - Persistent Vulnerability

Document Title: =============== Sitefinity Enterprise v7.2.53 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1369 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ====================================...

TP Link Gateway 3.12.4 - Multiple Vulnerabilities

No description provided by source. Title: ====== TP Link Gateway v3.12.4 - Multiple Web Vulnerabilities Date: ===== 2012-06-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=613 VL-ID: ===== 613 Common Vulnerability Scoring System: ====================================...

Social Engine 4.2.5 - Multiple Vulnerabilities

No description provided by source. Title: ====== Social Engine v4.2.5 - Multiple Web Vulnerabilities Date: ===== 2012-07-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=672 VL-ID: ===== 672 Common Vulnerability Scoring System: ==================================== 3...

ILIAS eLearning CMS 4.3.4 & 4.4 - Persistent XSS

No description provided by source. Document Title: =============== ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1122 Release Date: ============= 2013-10-27 Vulnerability Laboratory I...

ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities

No description provided by source. Title: ====== ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Date: ===== 2012-11-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=689 VL-ID: ===== 689 Common Vulnerability Scoring System: ====================================...

ILIAS eLearning 4.3.4 &amp; 4.4 CMS - Persistent Notes Web Vulnerability

Document Title: =============== ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1122 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID:...

Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 CVE-ID: 2013-6793 CVE-ID: 2013-6794 Release Date: ============= 2013-10-28 Vulnerability Laboratory ID VL-ID:...

Zikula CMS 1.3.5 - Multiple Vulnerabilities

Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID: ==================================== 1114 Comm...

Dell PacketTrap MSP RMM 6.6.x - Multiple Vulnerabilities

Document Title: =============== Dell PacketTrap MSP RMM 6.6.x - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=791 Release Date: ============= 2013-07-16 Vulnerability Laboratory ID VL-ID: ==================================== 79...

Barracuda Backup - Cross Site Scripting Vulnerability

Document Title: =============== Barracuda Backup - Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=799 BARRACUDA NETWORK SECURITY ID: BNSEC-1949 Release Date: ============= 2013-06-10 Vulnerability Laboratory ID VL-ID:...

Sony PSN Community Lithium Forums 2012 Q4 XSS

Title: ====== Sony PSN Community - Persistent Web Vulnerability Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=746 VL-ID: ===== 746 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities

Title: ====== Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=824 ID: SWIFT-3119 URL: http://dev.kayako.com/browse/SWIFT-3119 VL-ID: ===== 824 Common Vulnerability Scoring System:...

Microsoft Skype Shop Cross Site Scripting

Title: ====== Microsoft Skype Shop - GiftCards Persistent Vulnerability Date: ===== 2013-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=826 MICROSOFT SECURITY RESPONSE CENTER MSRC ID: 13603 MICROSOFT SECURITY RESPONSE CENTER MSRC MANAGER: CL VL-ID: ===== 826 Comm...