8131 matches found
CVE-2026-20022
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the...
CVE-2026-20022
CVE-2026-20022 affects Cisco Secure Firewall ASA/FTD OSPF processing. The root cause is insufficient input validation when handling OSPF LSU packets, allowing an unauthenticated, adjacent attacker to send crafted OSPF packets that could write outside packet data, trigger a device reload, and caus...
CVE-2026-20022
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the...
CVE-2026-3056
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...
GHSA-62F6-MRCJ-V8H5 OpenClaw's runtime /debug override path accepted prototype-reserved keys
Summary OpenClaw accepted prototype-reserved keys in runtime /debug set override object values proto, constructor, prototype. Impact /debug is disabled by default, and exploitation requires an already authorized /debug set caller. No unauthenticated vector was identified. This issue affects runti...
Prototype Pollution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Prototype Pollution via the /debug set process. An attacker can modify in-memory runtime overrides by supplying prototype-reserved keys such as proto, constructor, or prototype if they ar...
OpenClaw's runtime /debug override path accepted prototype-reserved keys
Summary OpenClaw accepted prototype-reserved keys in runtime /debug set override object values proto, constructor, prototype. Impact /debug is disabled by default, and exploitation requires an already authorized /debug set caller. No unauthenticated vector was identified. This issue affects runti...
PT-2026-26018
Summary OpenClaw accepted prototype-reserved keys in runtime /debug set override object values proto , constructor, prototype. Impact /debug is disabled by default, and exploitation requires an already authorized /debug set caller. No unauthenticated vector was identified. This issue affects...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-27900
The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...
EUVD-2026-8977
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
GO-2026-4562 Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure in github.com/linode/terraform-provider-linode
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure in github.com/linode/terraform-provider-linode...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
XWEB Pro is affected by an OS command injection vulnerability (CVE-2026-25105) in versions prior to 1.12.1. The flaw allows an authenticated attacker to achieve remote code execution by injecting malicious input into the Modbus command tool parameters in the debug route. Multiple sources (Red Hat...
PT-2026-22276
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is achieved by injecting malicious input into parameters of the Modbus command tool within a debug route. T...
EUVD-2026-8798
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure...