CVE-2026-54157

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

CISA Security Leak

Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the...

CVE-2026-41339

OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...

Apache Airflow Security Bypass Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a security bypass vulnerability that stems from...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a security bypass vulnerability that stems from...

CVE-2025-69907

CVE-2025-69907 concerns an unauthenticated information-disclosure vulnerability in Newgen OmniDocs . Multiple connected sources describe missing authentication and access control on the API endpoint /omnidocs/GetListofCabinet , allowing unauthenticated remote access to sensitive internal configur...

CVE-2022-24669

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services...

Code injection

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services...

CVE-2022-24669 Anonymous users can register / de-register for configuration change notifications

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services...

CVE-2022-24669 Anonymous users can register / de-register for configuration change notifications

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services...

PT-2022-16787 · Forgerock · Access Management

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: It may be possible to gain some details of the deployment through a well-crafted attack, allowing the data to be used to probe internal network services. Recommendations: At the...

Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2013 Update 5: July 9, 2019

Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2013 Update 5: July 9, 2019 Notice Starting on March 10, 2020, Microsoft Update is now offering this security update to additional versions of the Windows OS. Note This security update appli...

CVE-2019-4061

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...

Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4470641)

Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4470641 Applies to: Microsoft .NET Framework 3.5 Summary This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsof...

Hypervisor code integrity elevation of privilege vulnerability: June 13, 2017

Hypervisor code integrity elevation of privilege vulnerability: June 13, 2017 Summary An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this vulnerability could gain elevated...

Security update for the Windows win32k Information Disclosure Vulnerability in Windows Server 2008: May 9, 2017

Security update for the Windows win32k Information Disclosure Vulnerability in Windows Server 2008: May 9, 2017 Summary An information disclosure vulnerability exists when the win32k component incorrectly provides kernel information. An attacker who successfully exploits the vulnerability could...

Description of the security update for Excel Services on SharePoint Server 2010: April 11, 2017

Description of the security update for Excel Services on SharePoint Server 2010: April 11, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these...