CVE-2026-45004

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

Astra Linux - уязвимость в firefox

When following a redirect to a publicly accessible web extension file, the URL may have been translated into the actual local path, potentially exposing sensitive information. This vulnerability affects Firefox versions earlier than 111...

CVE-2026-24732 Improper permission checks in Extension:NSFileRepo

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...

CVE-2026-24732

CVE-2026-24732 affects Hallo Welt! GmbH BlueSpice Extension:NSFileRepo, with vulnerable versions 5.1–5.1.5 and 5.2–5.2.0. The issue is improper permission checks in the extension, allowing access to functionality not properly constrained by ACLs and bypassing electronic locks and access controls....

PT-2026-22907

Name of the Vulnerable Software and Affected Versions Hallo Welt! GmbH BlueSpice versions 5.1 through 5.1.5 Hallo Welt! GmbH BlueSpice versions 5.2 through 5.2.0 Description An issue exists in the Extension:NSFileRepo modules of BlueSpice that allows access to functionality not properly constrain...

FRRouting 安全漏洞

FRRouting is FRRouting open source a network routing software suite running on a Unix-like platform . FRRouting suffers from a denial of service vulnerability caused by NULL pointer dereference via the showvtyextprefprefsid function on ospfext.c. An attacker could exploit this vulnerability to...

EUVD-2025-36364

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

EUVD-2018-0478

Malware in sbrugna...

EUVD-2025-23622

Malicious code in bioql PyPI...

Delta Electronics COMMGR Command Injection Vulnerability

Delta Electronics COMMGR is a communication management software from Delta Electronics China. Delta Electronics COMMGR suffers from a command injection vulnerability due to improper boundary checking when creating specially designed .isp files, no details of the vulnerability are available at thi...

CVE-2025-29745

A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S Emsisoft Custom Scan extension file...

CVE-2023-28160

When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox 111...

CVE-2025-1915

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. Chromium security severity: Mediu...

PT-2023-29852 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.6 Parse Server versions prior to 6.3.1 Description: Parse Server crashes when uploading a file without extension. This issue has been patched in versions 5.5.6 and 6.3.1. Recommendations: For versions prior ...

UBUNTU-CVE-2023-28160

When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox 111...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 111, which originates from a redirection to a Web extension file that could lead to the disclosure of a local path...

SUSE CVE-2010-3450

Multiple directory traversal vulnerabilities in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. dot dot in an entry in 1 an XSLT JAR filter description file, 2 an Extension aka OXT file, or unspecified other 3 JAR or 4 ZIP files...

Unrestricted Image Upload

Description When testing file upload function in Organizr 2.1.1830, there are improvement on image upload features in Image Manager. But user can bypass it by identify double extension file type method Proof of Concept 1 Login and go to Settings - Image Manager 2 Upload file with double extension...

VulnCheck KEV: CVE-2020-13671

Improper sanitization in the extension file names is present in Drupal core...

Google gperftools memory leak vulnerability

Google gperftools is an implementation of malloc that includes performance analysis tools such as heap checker, heap analyzer and CPU analyzer. A memory disclosure vulnerability exists in the mallocextension.cc file in Google gperftools version 2.7. An attacker could exploit this vulnerability to...