EUVD-2026-36320

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes ...

CVE-2026-53814

OpenClaw before 2026.5.20 contains a privilege-escalation vulnerability in which a hook-triggered agent runs with owner-scoped MCP loopback authority instead of the hook-appropriate scope. Attackers with a valid hook token can use the /hooks/agent endpoint to cause spawned CLI runtimes to access ...

CVE-2026-25905 Lack of isolation in mcp-run-python leads to MCP server takeover

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

PT-2026-7090

Name of the Vulnerable Software and Affected Versions MCP affected versions not specified Description The Python code executed by the 'runPython' or 'runPythonAsync' functions lacks isolation from other JavaScript code. This allows Python code to utilize Pyodide APIs to alter the JavaScript...

CVE-2023-4699

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series,...

EUVD-2013-0941

Malware in sbrugna...

Mitsubishi Electric MELSEC-Q Series 安全漏洞

The Mitsubishi Electric MELSEC-Q Series is a family of programmable logic controllers from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC-Q Series that arises from improper handling of the length parameter, which could result in an integer overflow th...

ASUS AiCloud 安全漏洞

ASUS AiCloud is a router control program from Asus China. A security vulnerability exists in ASUS AiCloud. An attacker could execute arbitrary commands by exploiting the vulnerability...

ASUS AiCloud 安全漏洞

ASUS AiCloud is a router control program from Asus China. A security vulnerability exists in ASUS AiCloud that stems from the presence of incorrect input insertion, which could lead to arbitrary command execution...

The vulnerability of the Modbus terminal protocol implementation in the EKRA 200 microprocessor series allows a hacker to execute any Modbus command and alter the controller’s configuration, including modifying the control program and executing arbitrary code.

The vulnerability of the Modbus microprogramming software for ECUs exists due to the lack of authentication for any Modbus protocol commands. Exploiting this vulnerability allows a malicious actor to execute any Modbus command remotely and alter the controller’s configuration, including modifying...

Network Time Protocol ntpq decodearr Stack-based Buffer Overflow (CVE-2018-7183)

A buffer overflow vulnerability has been discovered in the monitoring and control program ntpq of Network Time Protocol daemon. A successful attack would result in arbitrary code execution in the security context of the user...

CVE-2018-19093

An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClientsetCommandTerminationHandler in client/clientcontrol.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the clientexamplecontrol program...

CVE-2018-19093

An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClientsetCommandTerminationHandler in client/clientcontrol.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the clientexamplecontrol program...

CVE-2018-8872

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory...

Design/Logic Flaw

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory...

EMC AlphaStor buffer overflow

Buffer overflow on commands parsing in AlphaStor Library Control Program...

Buffer overflow

Buffer overflow in Drive Control Program DCP in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name...

Linux Kernel 2.6.x /proc Rootkit Backdoor (Unix/Darbe-A)

Linux Kernel 2.6.x /proc rootkitUnix/Darbe-A Date: ===== 2012-11-21 Introduction: ============= Unix/Darbe-A is a new kernel rootkit based /proc file system., modification is made in order to support kernel 2.6.x Detected ========...

[SECURITY] Fedora 12 Update: hamlib-1.2.10-2.fc12

Hamlib provides a standardised programming interface that applications can use to send the appropriate commands to a radio. Also included in the package is a simple radio control program 'rigctl', which lets one control a radio transceiver or receiver, either from command line interface or in a...

GoodTech Telnet Server <= 5.0.6 Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'GoodTech...