CVE-2026-41392

OpenClaw has a vulnerability (CVE-2026-41392) where exec allowlist matching can be bypassed by shell init-file wrapper invocations. Affected product: OpenClaw before 2026.3.31. Attack path involves using shell options such as --rcfile, --init-file, and --startup-file to load attacker-controlled i...

CVE-2026-40098

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

openssl-encrypt has visible password in process list via --password CLI argument

Summary Passwords passed via the --password / -p CLI argument in opensslencrypt/modules/cryptclisubparser.py at lines 150-154 are visible to any user on the system via ps aux or /proc/pid/cmdline. Affected Code python subparser.addargument "--password", "-p", help="Password will prompt if not...

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

AZL-78935 CVE-2025-61731 affecting package golang 1.25.7-1

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...

BIT-FLUENT-BIT-2025-12972 CVE-2025-12972

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

CVE-2025-12972

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the form of registry credentials in JSON output files. When registry authentication is configured, an attacker can obtain registry credentials or other values e.g...

PT-2025-48043

Name of the Vulnerable Software and Affected Versions Grype versions 0.68.0 through 0.104.0 Description Grype, a vulnerability scanner for container images and filesystems, contains a flaw where registry credentials can be improperly included in the output of a scan. This occurs when registry...

EUVD-2025-198810

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

CVE-2025-12972

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

CVE-2025-12972 CVE-2025-12972

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

CVE-2025-12972

CVE-2025-12972 affects Fluent Bit, specifically the out_file plugin. When the File option is omitted, untrusted tag input is used to build output file paths, and tags containing path traversal sequences can cause files to be written outside the intended directory. This may enable unauthorized fil...

PT-2025-47922

Name of the Vulnerable Software and Affected Versions Fluent Bit versions prior to 4.1.1 Description The out file plugin in Fluent Bit does not properly sanitize tag values when creating output file names. If the File option is not specified, the plugin utilizes tag input, which is considered...

Linux Distros Unpatched Vulnerability : CVE-2014-0212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors CVE-2014-0212 Note that Nessus reli...

SUSE CVE-2006-2427

freshclam in 1 Clam Antivirus ClamAV 0.88 and 2 ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file...

SUSE CVE-2020-17525

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

CVE-2021-36042

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code...

CVE-2021-36042 Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code...

Exploit for CVE-2020-1938

It is an exploit module for CNVD-2020-10487 CVE-2020-1938, a file read vulnerability in Tomcat AJP. The vulnerability allows an attacker to read files on the server by sending a specially crafted AJP request. The exploit is implemented in Python 2.7 and uses the ajpy library to interact with the...