CVE-2026-42424

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

PT-2026-35803

OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated...

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

SUSE CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

EUVD-2026-8683

mchange-commons-java: Remote Code Execution via JNDI Reference Resolution...

CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

PT-2026-21943

Name of the Vulnerable Software and Affected Versions mchange-commons-java versions prior to 0.4.0 Description mchange-commons-java, a library providing Java utilities, contains code that replicates early JNDI implementations, including support for remote factoryClassLocation values. This allows...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the ImageStreamImport mechanism that handles user-supplied image references without proper IP address and network-range validation. An attacker can access internal network resources, enumerate service...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mdast-util-to-hast is a mdast utility to transform to hast Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the class attribute in rendered markdown code elements. An attacker can cause arbitrary CSS...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform that stems from the creation of documents using specially crafted document references and the XWiki.SchedulerJobClass XObject, which allo...

SUSE CVE-2011-3481

The indexgetids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted References header in an e-mail message...

Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

cyrus-imapd security update

2.3.16-6.4 - fix CVE-2011-3481: NULL pointer dereference via crafted References header in email 738391 - fix CVE-2011-3372: nntpd authentication bypass 740822...

CVE-2011-3481

The indexgetids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted References header in an e-mail message...