104 matches found
OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement
Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...
GHSA-JP4J-Q5FC-58GV OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement
Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...
CVE-2026-27524 OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path
OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject proto, constructor, or prototype keys to manipulate object prototypes and bypass command gate restrictio...
CVE-2026-27524 OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path
OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject proto, constructor, or prototype keys to manipulate object prototypes and bypass command gate restrictio...
Exploit for Out-of-bounds Write in Netapp Bootstrap_Os
Typeform DevSecOps Pipeline POC !Pythonhttps://img.shields...
CVE-2026-27208
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
CVE-2026-27208
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
CVE-2026-27208
Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...
CVE-2025-14986
Temporal contains a namespace policy bypass vulnerability where, when frontend.enableExecuteMultiOperation is on, validation and feature gating for an embedded StartWorkflowExecutionRequest are evaluated against the embedded request’s Namespace instead of the outer ExecuteMultiOperationRequest.Na...
CVE-2025-68318 clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL
In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLKISCRITICAL The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang. Set all AXI clock gates to...
Security Evaluation of Quantum Circuit Split Compilation under an Oracle-Guided Attack
Quantum circuits are the fundamental representation of quantum algorithms and constitute valuable intellectual property IP. Multiple quantum circuit obfuscation QCO techniques have been proposed in prior research to protect quantum circuit IP against malicious compilers. However, there has not be...
Certified Randomness Amplification by Dynamically Probing Remote Random Quantum States
Cryptography depends on truly unpredictable numbers, but physical sources emit biased or correlated bits. Quantum mechanics enables the amplification of imperfect randomness into nearly perfect randomness, but prior demonstrations have required physically co-located, loophole-free Bell tests,...
Communication-Optimal Blind Quantum Protocols
A user, Alice, wants to get server Bob to implement a quantum computation for her. However, she wants to leave him blind to what she's doing. What are the minimal communication resources Alice must use in order to achieve information-theoretic security? In this paper, we consider a single step of...
EUVD-2021-24648
Malware in sbrugna...
EUVD-2022-4015
Malicious code in bioql PyPI...
EUVD-2022-2776
Malicious code in bioql PyPI...
Malicious code in test-mlw2-grubs-gates (npm)
The package test-mlw2-grubs-gates was found to contain malicious code...
MAL-2025-35455 Malicious code in test-mlw2-grubs-gates (npm)
The package test-mlw2-grubs-gates was found to contain malicious code...
Designing with Deception: ML- and Covert Gate-Enhanced Camouflaging to Thwart IC Reverse Engineering
Integrated circuits ICs are essential to modern electronic systems, yet they face significant risks from physical reverse engineering RE attacks that compromise intellectual property IP and overall system security. While IC camouflage techniques have emerged to mitigate these risks, existing...