158 matches found
Orca Energija Orca heat pump security vulnerabilities
Orca Energija Orca heat pump is a series of air-to-water heat pump systems developed by Orca Energija. There are security vulnerabilities in Orca Energija Orca heat pumps. These vulnerabilities stem from the lack of authentication and plaintext data transmission. Combined with the absence of...
CVE-2026-7480
An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...
EUVD-2026-33245
An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...
CVE-2026-7480
CVE-2026-7480 : An Incorrect Permission Assignment for Critical Resource vulnerability affects the ASUS System Control Interface. A local user can elevate privileges to SYSTEM and execute arbitrary code by sending a crafted RPC call that bypasses the validation mechanism. This description is supp...
USN-8299-1: Rclone vulnerabilities
It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix for streaming cleanup upon release. The current implementation mxcisivideocleanupstreaming in mxcisivideorelease. This can lead to a situation where any release call such as from a simple v4l2-ctl -l may...
Command Injection
mcp-server-semgrep is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the ID argument in multiple MCP interface functions, which allows an attacker to inject and execute arbitrary OS commands remotely...
CVE-2026-44994 OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint
OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Attackers can access the bootstrap config route without a valid Gateway token to expose sensitive...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypass in the Control UI bootstrapping endpoint, allowing unauthenticated attackers to...
CVE-2026-3508
An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash BSOD via a read size that exceeds the buffer size.Refer to the ' Security Update for MyASUS ' section on the ASUS Security Advisory for more information...
CVE-2026-3508
An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash BSOD via a read size that exceeds the buffer size.Refer to the ' Security Update for MyASUS ' section on the ASUS Security Advisory for more information...
CVE-2026-3508
The CVE-2026-3508 entry describes an Out-of-bounds Read in the IOCTL handler of ASUS System Control Interface. This allows a local user to trigger a system crash (BSOD) by issuing a read size larger than the internal buffer. Affected component: IOCTL handling within ASUS System Control Interface;...
PT-2026-38640
Name of the Vulnerable Software and Affected Versions ASUS System Control Interface affected versions not specified Description An Out-of-bounds Read in the IOCTL handler allows a local user to cause a system crash BSOD. This occurs when a read size is requested that exceeds the allocated buffer...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpipd-name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Check mailbox/SMT channel for consistency On reception of a completion interrupt the shared memory area is accessed to retrieve the message header at first and then, if the message sequence number identifies a...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A issue was discovered in the Linux kernel before version 6.6.8. The dovccioctl function in net/atm/ioctl.c has a use-after-free issue due to a race condition involving vccrecvmsg...
Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hr8g-2q7x-3f4w. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON th...
GHSA-FJM8-MGC9-MF65 Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hr8g-2q7x-3f4w. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON th...