CVE-2026-29609 OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-backed Media Fetch

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the fetchWithGuard function that allocates entire response payloads in memory before enforcing maxBytes limits. Remote attackers can trigger memory exhaustion by serving oversized responses without content-length...

CVE-2025-41750 Reflected XSS vulnerability in pxc_PortCfg.php

An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-42886

Due to a Reflected Cross-Site Scripting XSS vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in...

EUVD-2025-24202

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-8341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the source parameter as a templat...

SUSE CVE-2025-27405

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

PT-2024-10104 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a reflected XSS vulnerability in GLPI, a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician to exploit...

CVE-2024-23737

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

CVE-2024-25698

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...

Security feature bypass

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions...

DEBIAN-CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

UBUNTU-CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

IBM Spectrum Protect Operations Center跨站请求伪造漏洞

IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control of the IBM Spectrum Protect environment. IBM Spectrum Protect Operations Center is vulnerable to cross-site request forgery, which could be exploited by an attacker to vulnerability to enter a link to a...

CVE-2018-1484

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be...

Cross-site Scripting Vulnerability in China Mobile's Smart Butler Platform

Smart Butler Platform is a wifi platform under China Mobile. There is a cross-site scripting vulnerability in China Mobile's Smart Butler Platform, which allows attackers to maliciously insert script code through the url to gain access to sensitive information in the system...

EasyAdmin view method suffers from SQL injection vulnerability

EasyAdmin is a free and open source community program based on the LayUI template, with a ThinkPHP5 framework for backend support. EasyAdmin view method exists SQL injection vulnerability. Attackers can construct a specific URL injection to obtain the database password...