Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

CLEANSTART-2026-YQ79300 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

CVE-2025-69250

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages e.g., strconv.ParseInt parsing errors to remote clients when processi...

CVE-2026-27020

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

Web Ofisi Firma SQL注入漏洞

Web Ofisi Firma is a general-purpose corporate website script system developed by the Turkish company Web Ofisi. Version 13 of Web Ofisi Firma contains an SQL injection vulnerability, which stems from insufficient input validation for oz array parameters, potentially allowing SQL injection attack...

Web Ofisi Firma Rehberi SQL注入漏洞

Web Ofisi Firma Rehberi is a directory system of companies operated by the Turkish company Web Ofisi. Version 1 of Web Ofisi Firma Rehberi has a SQL injection vulnerability, which stems from insufficient validation of GET parameter inputs. This vulnerability may lead to SQL injection attacks...

CVE-2026-27576 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...

CVE-2026-27576 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...

CVE-2026-27576

OpenClaw: ACP prompt-size check vulnerability affecting local stdio bridge. Affected in 2026.2.17 and earlier; oversized prompt blocks can be assembled and forwarded to chat.send, impacting local ACP clients (e.g., IDE integrations). Mitigation: upgrade to 2026.2.19 (patched release).

Moodle 安全漏洞

Moodle is an open-source e-learning software platform developed by Moodle Foundation. It is also known as a course management system, learning management system, or virtual learning environment. There are security vulnerabilities in Moodle; these vulnerabilities stem from insufficient cleaning of...

CVE-2026-27020

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

CVE-2026-27020 Photobooth has a XSS vulnerability in user input

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

CVE-2026-27020 Photobooth has a XSS vulnerability in user input

Photobooth prior to 1.0.1 has a cross-site scripting XSS vulnerability in user input fields. Malicious users could inject scripts through unvalidated form inputs. This vulnerability is fixed in 1.0.1...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the tools.exec.safeBins configuration. An attacker can gain unauthorized access to the filesystem by leveraging allowed sort output flags -o or...

CVE-2026-27474

CVE-2026-27474 affects SPIP prior to 4.4.9, where the private area is vulnerable to Cross-Site Scripting due to incomplete application of the echappe_anti_xss() filter to input, form, button, and anchor tags. The issue compounds an incomplete fix from SPIP 4.4.8 and is not mitigated by the securi...

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest untrusted text, download and execute skills i.e. code from external sources, and perform actions usin...

CVE-2019-25404

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the adminname, name, and surname parameters via...

CVE-2019-25404 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admins

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the adminname, name, and surname parameters via...

PT-2026-20849

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in...

GHSA-9P44-J4G5-CFX5 Trivy Action has a script injection via sourced env file in composite action

Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export A command injection vulnerability exists in aquasecurity/trivy-action due to improper handling of action inputs when exporting environment variables. The action writes export VAR= lines to trivyenvs.txt bas...