RHEL 10 : delve (RHSA-2026:8842)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8842 advisory. Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSocketDebuggerUrl field in the /json/version response. An attacker can cause the application to initiate connections to arbitrary, potentially...

RHEL 10 : delve (RHSA-2026:8314)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8314 advisory. Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve shou...

Important: Red Hat Security Advisory: delve security update

An update for delve is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

📄 ZSH 5.9 Remote Command Execution

ZSH version 5.9 proof of concept remote command execution exploit. Exploit ZSH 5.9 - RCE Date: 30-12-2025 Exploit Author: sinanadilrana import pexpect import sys import time def debugprintmsg: printf"DEBUG msg" def returntogdbgdb, maxattempts=3, timeout=3: """More reliable function to return to G...

EUVD-2026-20777

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

CVE-2026-40035

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

CVE-2026-40035

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

CVE-2026-40035

CVE-2026-40035 affects the Unfurl package (dfir-unfurl) used in Unfurl through 2025.08. The flaw is an improper input validation in config parsing that reads the debug value as a string and passes it to app.run(), causing any non-empty value to evaluate to true and exposing the Werkzeug debugger....

CVE-2026-40035

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

Unfurl 安全漏洞

Unfurl is a URL data extraction and visualization analysis tool developed by Ryan Benson. Versions of Unfurl prior to 2025.08 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in configuration parsing. By default, Flask debug mode was enabled, which...

PT-2026-31470

Name of the Vulnerable Software and Affected Versions Unfurl versions through 2025.08 Description Unfurl through 2025.08 has an improper input validation issue in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to...

[SECURITY] Fedora 42 Update: insight-18.0.50.20260306-2.fc42

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

[SECURITY] Fedora 43 Update: insight-18.0.50.20260306-2.fc43

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

CVE-2026-5130

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...

[SECURITY] Fedora 44 Update: insight-18.0.50.20260306-2.fc44

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

CVE-2026-5130

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...

CVE-2026-5130 Debugger & Troubleshooter <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...