BIT-ACTIVEMQ-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained a access control vulnerability. This vulnerability stemmed from an authentication bypass flaw in the remote boot component, allowing unverified discovery endpoints ...

GHSA-3CW3-5VXW-G2H3 OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials

Summary Remote onboarding accepted discovered gateway endpoints without an explicit trust confirmation before persisting the remote URL and connection details. Impact A malicious or spoofed discovery endpoint could steer onboarding toward an attacker-controlled gateway and capture future gateway...

Information Disclosure via Flags override link

Summary An information disclosure vulnerability affecting Flags SDK has been addressed. It impacted flags ≤3.2.0 and @vercel/flags ≤3.1.1 and in certain circumstances, allowed a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint...

CVE-2025-46332 Information Disclosure via Flags override link

Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags...

CVE-2025-46332 Information Disclosure via Flags override link

Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags...

CVE-2022-3803

A vulnerability was found in eolinker apinto-dashboard and classified as problematic. This issue affects some unknown processing of the file /api/discoveries/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

Nextcloud: [user_oidc] Stored XSS via Authorization Endpoint - Safari-Only

Summary: The OpenID Connect User Backend allows users to login to Nextcloud using SSO. A workaround that was apparently implemented for the Safari browser enables stored Cross-Site-Scripting XSS. The vulnerability only affects user agents that include "Safari" within their user agent string and i...

PT-2011-2777 · Cisco · Cisco Unified Operations Manager

Name of the Vulnerable Software and Affected Versions: Cisco Unified Operations Manager versions prior to 8.6 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved via several...