CVE-2026-42428

OpenClaw is affected. OpenClaw versions before 2026.4.8 do not enforce integrity verification for downloaded plugin archives, enabling attackers to install malicious or tampered plugins in the local assistant environment. The CVE description and related advisories (GHSA-3VVQ-Q2QC-7RMP) specify af...

PT-2025-50345

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an issue where the software loads DLLs unsafely, potentially allowing a local attacker to run arbitrary code. The MailEnable administrative executable loads...

CVE-2025-52655

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure...

EUVD-2025-23995

Malicious code in bioql PyPI...

CVE-2025-55581

D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access...

CVE-2025-55581

D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access...

CVE-2025-55581

CVE-2025-55581 affects the D-Link DCS-825L firmware (1.08.01 and possibly earlier). The vulnerability lies in the mydlink-watch-dog.sh watchdog script, which restarts the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (for e...

CVE-2025-53520

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center remote, cloud-connected interface or via a serial connection, and can install these files without integrity checks. The TTComp archive format...

PT-2025-32369 · Eg4 · Eg4

Name of the Vulnerable Software and Affected Versions: EG4 affected versions not specified Description: The affected product allows firmware updates to be downloaded from EG4’s website, transferred via USB dongles, or installed through EG4’s Monitoring Center remote, cloud-connected interface or...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

CVE-2024-50696

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...

goTenna Pro 数据伪造问题漏洞

The goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A data forgery vulnerability exists in the goTenna Pro that arises from the use of AES CTR mode for short encrypted messages without any additional integrity checkin...

Qualys Cloud Agent 安全漏洞

Qualys Cloud Agent is a lightweight application from Qualys USA, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent version 4.8.0-49, which stems from the lack of ownership and privilege checks, as well as integrity checks...

CVE-2022-32252

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker...

IBM Security Secret Server 输入验证错误漏洞

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An input validation error vulnerability exists in IBM Security Secret Serve...

CVE-2020-11614

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

CVE-2019-5272

USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection...

SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure and SoftControl/SafenSoft Enterprise Suite Unauthorized Operation Vulnerabilities

SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite are Russian SAFE'N'SEC's proactive defense-capable malware applications. SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft...

Foxconn FEMTO AP-FC4064-T Weak Password Vulnerability

The Foxconn FEMTO AP-FC4064-T is a home base station device from Foxconn. A security vulnerability exists in the web administration page of the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15 version, which stems from the admin account using a weak default password: admin, and the...