CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

In yet another software supply chain attack, the open-source, artificial intelligence AI-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM P...

CVE-2025-55284

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...

CVE-2025-55284

Claude Code prior to 1.0.4 contains an overly broad default allowlist of safe commands, enabling reading a local file and exfiltrating its contents over the network without user confirmation if untrusted content is injected into the Claude Code context window. The root cause is a permissive allow...

CVE-2023-6344 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass

Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable...

CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass

Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...

Epson Stylus SX510W Denial Of Service

Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2020-05-16 Vendor Homepage: https://www.epson.es/ Software Link : https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w Tested Version:...

CVE-2021-41555

In ARCHIBUS Web Central 21.3.3.815 a version from 2014, XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...

json-smart: uncaught exception may lead to crash or information disclosure

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform...

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

CVE-2020-13419

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task...

Security Bulletin: Android Vulnerable Minimum OS Version Supported

Summary IBM Maximo Anywhere is compatible on running on deprecated version of Android API level 14. Vulnerability Details CVEID: CVE-2019-4349 DESCRIPTION: IBM Maximo Anywhere applications can be installed on a deprecated operating system version that could compromised the confidentiality and...

Visual Paradigm Server 10.0 Cross Site Scripting

================================================================ Visual Paradigm Server v10.0 - Cross Site Scripting XSS ================================================================ Information -------------------- Name: Visual Paradigm Server v10.0 - Cross Site Scripting XSS Affected Softwar...

ClamAV < 0.95 Scan Evasion (deprecated)

Binary data 4982.prm...

Mozilla Thunderbird < 1.5.0.9 Multiple Vulnerabilities (deprecated)

Binary data 3867.prm...

Mozilla Thunderbird < 1.5.0.8 Multiple Vulnerabilities (deprecated)

Binary data 3811.prm...

Mozilla < 1.0rc2 XMLHttpRequest File / Directory Disclosure (deprecated)

Binary data 1753.prm...

Subversion (SVN) apr_time_t Data Conversion Remote Overflow (deprecated)

Binary data 1227.prm...

Neon < 0.24.5 WebDAV Client Library Format String Vulnerabilities (deprecated)

Binary data 1779.prm...

Broadcom Wireless Access Point (WAP) Detection (HTTP) (deprecated)

Binary data 1624.prm...