PT-2026-31966

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...

CVE-2025-27919

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later...

CVE-2025-27919

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later...

CVE-2025-27919

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later...

EUVD-2020-19895

Malware in sbrugna...

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...

CVE-2025-23367

The CVE-2025-23367 issue affects WildFly’s Server RBAC provider: Suspend and Resume handlers fail to perform authorization checks, allowing a user with Monitor/Auditor roles to suspend or resume the server. The vulnerability is tied to WildFly core/WildFly-server components and is acknowledged in...

Jenkins Enterprise and Operations Center < 2.277.43.0.2 / 2.303.3.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-11-04)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.2, or 2.x prior to 2.303.3.3. It is, therefore, affected by multiple vulnerabilities, including the following: - Agent processes are able to completely bypass file path...

Design/Logic Flaw

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link...

Cisco Unity Connection 7.1远程权限提升漏洞

BUGTRAQ ID: 52216 CVE ID: CVE-2012-0366 Cisco Unity Connection是运行在Linux-based Cisco Unified Communications操作系统上的功能强大的语音消息通讯平台。 Cisco Unity Connection在验证"Help Desk Administrator"和分配权限时在实现上存在安全漏洞，攻击者可利用此漏洞获取完全控制权限 0 Cisco Unity Connection 7.1 厂商补丁： Cisco -----...

CVE-2007-0819

HP Network Node Manager NNM Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the H...