PT-2026-30340

Name of the Vulnerable Software and Affected Versions pyLoad affected versions not specified Description The ADMIN ONLY OPTIONS protection mechanism, intended to restrict access to sensitive configuration values, is not applied to plugin configuration options. Specifically, the AntiVirus plugin...

ClawWorm: Self-Propagating Attacks across LLM Agent Ecosystems

Autonomous LLM-based agents increasingly operate as long-running processes forming densely interconnected multi-agent ecosystems, whose security properties remain largely unexplored. In particular, OpenClaw, an open-source platform with over 40,000 active instances, has stood out recently with it...

kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing

A flaw was found in the Linux kernel's USB core configuration parsing. Specifically, the usbparsessendpointcompanion function incorrectly checks the descriptor type before its length, which can lead to reading data beyond the intended buffer. This out-of-bounds read vulnerability could allow a...

kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing

A flaw was found in the Linux kernel's USB core configuration parsing. Specifically, the usbparsessendpointcompanion function incorrectly checks the descriptor type before its length, which can lead to reading data beyond the intended buffer. This out-of-bounds read vulnerability could allow a...

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

PT-2026-1439

Name of the Vulnerable Software and Affected Versions NJHYST HY511 POE core versions prior to 2.1 NJHYST HY511 POE plugins versions prior to 0.1 Description The device exhibits insufficient cookie verification, enabling an attacker to directly request the configuration file address and download t...

Nanjing Hanyuan HY511 POE 安全漏洞

Nanjing Hanyuan HY511 POE is an embedded smart display panel from Nanjing Hanyuan, China. A security vulnerability exists in Nanjing Hanyuan HY511 POE versions prior to 2.1 and plugins prior to 0.1, which stems from insufficient device cookie validation, and could lead to an attacker downloading...

CVE-2025-65212

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the...

org.apache.causeway.core:causeway-core-interaction (=4.0.0-M1), org.apache.causeway.core:causeway-core-metamodel (=4.0.0-M1) +93 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-config (=4.0.0-M1)

org.apache.causeway.core:causeway-core-config MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-config and may be impacted: - org.apache.causeway.core:causeway-core-interaction =4.0.0-M1 -...

CVE-2012-10063

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager CCM interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in th...

EUVD-2020-30814

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...

CVE-2012-10063

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager CCM interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in th...

CVE-2012-10063 Nagios XI < 2012R1.3 Authenticated SQL Injection in Legacy CCM

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager CCM interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in th...

CVE-2012-10063

Nagios XI versions prior to 2012R1.3 contain an authenticated SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Exploitation requires crafted input to specific CCM parameters and can disclose or modify configuration data stored in the application database, with...

PT-2025-44532

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2012R1.3 Description Nagios XI is affected by a SQL injection issue in the legacy Core Configuration Manager CCM interface. Authenticated users can manipulate SQL queries by providing crafted input to specific CCM...

Kamailio 代码问题漏洞

Kamailio is an open source implementation of a SIP signaling server from Kamailio Open Source. A code issue vulnerability exists in Kamailio version 5.5, which stems from a null pointer dereference in the function yyerrorat in the file src/core/cfg.y, which could lead to a local attack...

EUVD-2023-45473

Malicious code in bioql PyPI...

usb: core: config: Prevent OOB read in SS endpoint companion parsing

...

org.apereo.cas:cas-server-webapp (=6.0.0-RC4), org.apereo.cas:cas-server-webapp-jetty (=6.0.0-RC4) +2 more potentially affected by CVE-2025-3986 via org.apereo.cas:cas-server-core-configuration-metadata-repository (=6.0.0-RC4)

org.apereo.cas:cas-server-core-configuration-metadata-repository MAVEN version =6.0.0-RC4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apereo.cas:cas-server-core-configuration-metadata-repository and may be impacted: -...

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...