GHSA-HH43-Q692-2XMQ Duplicate Advisory: `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wcxr-59v9-rxr8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

EUVD-2020-19096

Malware in sbrugna...

UBUNTU-CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

Deserialization Of Untrusted Data

Apache IoTDB is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to directly deserializing the key/values from the deviceOwnerFile within the deSerializeDeviceOwnerMap method. Each key/value from the owner file is parsed directly using the ObjectOutputStream class, withou...

HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.4.3 - Missing Authorization via woof_meta_get_keys()

Description The HUSKY – Products Filter for WooCommerce formerly WOOF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the woofmetagetkeys function in versions up to, and including, 1.3.4.2. This makes it possible for authenticated attackers,...

CVE-2023-2986

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

Authentication flaw

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

SUSE CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

CVE-2020-26551

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...

Remote file inclusion

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...

CVE-2020-26551

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...

OSV-2020-373 UNKNOWN READ in url_decode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14501 Crash type: UNKNOWN READ Crash state: urldecode parsekeyvalues fuzzparsehttprequest...

Hardcoded credentials

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware...

The Recent Apps in the Start Menu are Not Displayed by the Citrix Receiver

The recent apps in the start menu are not displayed by the Citrix Receiver. Only the recent apps from a local app or shortcuts from GPO’s are shown. The registry key values are saved but are not displayed. If the users have icons in the start menu from a second worker group, the keys are created ...

PT-2013-1372 · Nist · Dual Ec Drbg

Name of the Vulnerable Software and Affected Versions: Dual Elliptic Curve Deterministic Random Bit Generation Dual EC DRBG algorithm affected versions not specified Description: The Dual Elliptic Curve Deterministic Random Bit Generation algorithm contains point Q constants that may have a...

.NET Framework 4.6.x/4.7.x servicing

Detectoid for .NET Framework 4.6.x & 4.7.x product servicing based on release key value floor is 4.6.2 RTM, ceiling is 4.7.2 RTM and servicing releases...