org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

CVE-2026-29042

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

CVE-2026-29042

Technical details about CVE-2026-29042 are not publicly available in the provided connected documents; the included SUSE/PTSecurity items do not discuss Nuclio. Monitor for updates.

CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

CVE-2025-47373

Memory Corruption when accessing buffers with invalid length during TA invocation...

OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Summary system.run allowed SHELLOPTS + PS4 environment injection to trigger command substitution during bash -lc xtrace expansion before the allowlisted command body executed. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.21-2 includes latest published npm version at...

OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval

Summary OpenClaw Gateway exposes an authenticated HTTP endpoint POST /tools/invoke intended for invoking a constrained set of tools. Two issues could combine to significantly increase blast radius in misconfigured or exposed deployments: - The HTTP gateway layer did not deny high-risk session...

OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway

Summary A remote code execution RCE vulnerability in the gateway-to-node invocation path allowed an authenticated gateway client to bypass node-host exec approvals by injecting internal control fields into node.invoke parameters. Affected Component - Gateway method: node.invoke for node command...

CVE-2025-47373

Memory Corruption when accessing buffers with invalid length during TA invocation...

CVE-2025-47373

Memory Corruption when accessing buffers with invalid length during TA invocation...

CVE-2025-47373

CVE-2025-47373 describes a memory corruption / out-of-bounds condition when accessing buffers with invalid length during a Trust Authority (TA) invocation in an automotive context. The CVSSv3.1 base score is 7.8 (High) with LOCAL attack vector, LOW privileges required, no user interaction, and fu...

EUVD-2025-208183

Memory Corruption when accessing buffers with invalid length during TA invocation...

PT-2026-22639

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A memory corruption issue exists when accessing buffers with an invalid length during a Trusted Application TA invocation. This can lead to unpredictable behavior or potential compromise of the syste...

Agentic AI As a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains

Agentic systems built on large language models LLMs extend beyond text generation to autonomously retrieve information and invoke tools. This runtime execution model shifts the attack surface from build-time artifacts to inference-time dependencies, exposing agents to manipulation through untrust...

Tassos Framework 访问控制错误漏洞

Tassos Framework is a development framework created by Tassos Marinos. The Tassos Framework has a security vulnerability related to access control. This vulnerability arises from insufficient restrictions during the processing of certain AJAX requests, which may lead to improper invocation of...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1442)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1442 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

ROS-20260216-73-0029

A vulnerability in the RMI component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely t...

ROS-20260216-73-0030

A vulnerability in the RMI component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely t...

ROS-20260216-73-0027

A vulnerability in the RMI component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely t...