30 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the bootstrap JSON data used as a control interface, which allowed information leakage. This...
Amazon Linux 2 : python-urllib3, --advisory ALAS2-2025-3110 (ALAS-2025-3110)
The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3110 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This...
EUVD-2023-45731
Malicious code in bioql PyPI...
Security Bulletin: A vulnerability in form-data may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-7783)
Summary There is a vulnerability in form-data used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerabili...
Apple多款产品 安全漏洞
Apple macOS and others are products of Apple Inc. of the U.S. Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets.Apple macOS Sequoia is an operating system.... A security vulnerability exists in several Apple products tha...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...
Mitel MiContact Center Business 安全漏洞
Mitel MiContact Center Business is an all-media contact center platform from Mitel Canada. The platform is used in customer communication, production management and other scenarios. A security vulnerability exists in Mitel MiContact Center Business version 10.2.0.3 and prior versions, which stems...
CVE-2025-5860
A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack...
CVE-2025-1051 Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2024-38873
An issue was discovered in the friendlycaptchaofficial aka Integration of Friendly Captcha extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha...
The vulnerability of D-Link DWR 2000M 5G router’s microprogramming software lies in the lack of measures taken to clean data at the management level, allowing attackers to execute arbitrary codes.
The vulnerability of D-Link DWR 2000M 5G router’s microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2025-1049
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
The vulnerability of the CI/CD application deployment and integration teamcity backup file of JetBrains, which allows a hacker to expose user credentials and session cookie files.
The vulnerability of the CI/CD application deployment and integration team environment from JetBrains TeamCity is related to improper cross-border deletion of critical data. Exploiting this vulnerability can allow a malicious actor to access user credentials and cookie session files remotely...
Apache HugeGraph 安全漏洞
Apache HugeGraph is a fast and scalable graph database from the Apache USA Foundation. A security vulnerability exists in Apache HugeGraph version 1.0.0 through versions prior to 1.5.0, which stems from the presence of an assumed immutable data vulnerability that could allow an attacker to bypass...
CVE-2024-22369
A deserialization of untrusted data flaw was found in Apache Camel SQL Component JDBCAggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload...
The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software relates to unauthorized access to shared data in a multi-threaded context, allowing attackers to gain increased privileges.
The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software is related to unsynchronized access to shared data in a multi-threaded context. Exploiting this vulnerability could allow an attacker operating remotely to enhance their privileges...
SUSE CVE-2020-14374
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this...