OpenClaw Access Control Error Vulnerability (CNVD-2026-16623)

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the gateway proxy RPC interface failing to effectively restrict the spawnedBy and workspaceDir parameters when verifying permissions. The vulnerability...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

OpenClaw 安全漏洞

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the gateway proxy RPC interface failing to effectively restrict the spawnedBy and workspaceDir parameters when verifying permissions. The vulnerability...

EUVD-1999-0973

Malware in sbrugna...

CVE-2025-34218

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...

CVE-2025-34218

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...

PT-2025-39884

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application expose interna...

BIT-MLFLOW-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

CVE-2025-6543

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy OR AAA virtual server...

SSRF in MLflow via user-controlled gateway_path parameter

Description A Server-Side Request Forgery SSRF vulnerability exists in the gatewayproxyhandler function of MLflow. This function accepts a user-controlled gatewaypath parameter and concatenates it directly with a targeturi, allowing an attacker to control the full outbound HTTP request path from...

Server-side Request Forgery (SSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of th...

MLFlow SSRF via gateway_proxy_handler

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

PYSEC-2025-52

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

PT-2025-26607

Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 3.1.0 Description: The issue is related to the gateway proxy handler in MLflow, which lacks gateway path validation. This could potentially lead to exploitation. Recommendations: For versions prior to 3.1.0, update to...

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

How to Configure ICA Session Timeout Values for Access Gateway Enterprise Edition Sessions

This article describes how to configure different ICA session timeout values for the same ICA-published resource when Access Gateway Enterprise Edition is using secure gateway proxy mode. This involves creating an additional ICA listener on each XenApp server, modifying the terminal server settin...

Squid 'cache_peer' Security Bypass Vulnerability (SQUID-2015:2)

Squid is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid"; ifdescripti...

Debian: Security Advisory (DSA-3327-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 286-1] squid3 security update

Package : squid3 Version : 3.1.6-1.2+squeeze5 CVE ID : CVE-2015-5400 Debian Bug : 793128 Alex Rousskov discovered that Squid configured with cachepeer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses. In some configurations, it allows remote clients ...

DLA-286-1 squid3 - security update

Bulletin has no description...