PT-2026-35556

OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be restricted...

GHSA-3CJC-VHFM-FFP2 Apache DolphinScheduler vulnerable to sensitive information disclosure

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16130)

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for integrating, cleansing and transforming data from disparate sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from insufficient credential protection and...

CLSA-2026-1774283672 Fix CVE(s): CVE-2026-25965

SECURITY UPDATE: local file disclosure through path traversal bypass of path security policy - debian/patches/CVE-2026-25965.patch: Resolve and canonicalize file paths before policy pattern matching; prevent path traversal by fixing policy checks that matched unnormalized paths including symlinks...

CVE-2020-37157 DBPower C300 HD Camera - Remote Configuration Disclosure

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...

CVE-2025-55250

HCL AION v2 is affected by a Technical Error Disclosure vulnerability that can expose sensitive technical details, potentially aiding information disclosure or attacker reconnaissance. The issue is described across NVD/Red Hat and related feeds with no public exploit details or remediation inform...

EUVD-2026-3197

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003043)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003043 advisory. fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs- flushing-before-commit list, which allows local users to...

CVE-2019-18376

A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center MC user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC...

Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally...

EUVD-2016-7552

Malware in sbrugna...

EUVD-2019-11182

Malware in sbrugna...

EUVD-2021-8870

Malicious code in bioql PyPI...

EUVD-2024-26023

Malicious code in bioql PyPI...

EUVD-2024-26025

Malicious code in bioql PyPI...

EUVD-2022-4732

Malicious code in bioql PyPI...

EUVD-2021-2823

Malicious code in bioql PyPI...

EUVD-2022-37407

Malicious code in bioql PyPI...

EUVD-2023-36727

Malicious code in bioql PyPI...

EUVD-2024-42445

Malicious code in bioql PyPI...