13 matches found
CVE-2026-47729
A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. Mitigation When F...
CVE-2026-6266
The vulnerability CVE-2026-6266 affects the AAP gateway’s user auto-link strategy introduced in AAP 2.6. The flaw derives from linking an external IDP identity to an existing AAP user account based on email matching without verifying email ownership, enabling potential account hijacking or unauth...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from an issue with the permission escalation mechanism in the gateway plugin’s HTTP authentication process...
CVE-2026-28466 OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject...
EUVD-2026-9904
OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...
CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
EUVD-2025-26722
Malicious code in bioql PyPI...
EUVD-2024-33410
Malicious code in bioql PyPI...
EUVD-2025-5589
Malicious code in bioql PyPI...
PT-2025-31820 · Unknown · Ansible Aap-Gateway
Name of the Vulnerable Software and Affected Versions: Ansible aap-gateway affected versions not specified Description: A flaw exists in Ansible aap-gateway where cross-site request forgery CSRF origin checking is not performed on requests originating from the gateway to external components,...
CVE-2025-1801
Summary (CVE-2025-1801): A race-condition vulnerability in the Red Hat Ansible Automation Platform (AAP) 2.5 gateway’s aap-gateway GRPC service could let a less-privileged user obtain a greater-privileged user’s JWT, risking session data and server integrity. CVSS v3.1 base score 8.1 (HIGH) with ...
freerdp: improper client input validation for gateway connections allows to overwrite memory
A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw is that it coul...
etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS
A flaw was found in etcd, where the etcd gateway is a simple TCP proxy that allows basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This issue results in a denial of service since the endpoint can become stuck in a loop of requesting itsel...