CVE-2026-28450 OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints

OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote...

EUVD-2023-34103

Malicious code in bioql PyPI...

PT-2025-4591 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions 4.0.0-beta.18 through 4.0.0-beta.252 Description: A vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local Coolify container, gaining access to data an...

SUSE CVE-1999-0184

When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records...

CVE-2023-2637

CVE-2023-2637 affects Rockwell Automation’s FactoryTalk System Services. The vulnerability arises from a hard-coded cryptographic key used to generate administrator cookies, which could allow a local, authenticated non-admin user to forge an invalid administrator cookie and gain administrative pr...

Design/Logic Flaw

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests PRs. Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set t...

CVE-2022-29220 No verification of commits origin in github-action-merge-dependabot

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests PRs. Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set t...

Reinforce Defense with File Reputation and Trusted Source Intelligence in Qualys FIM

Monitoring change events in the file system is both a crucial aspect of security and a critical compliance requirement. A file integrity monitoring tool functions as an essential layer of defense to identify illicit activities across critical system files and registries, diagnose changes, and sen...

WordPress Custom Content Type Manager Plugin <= 0.9.8.8 - Multiple Vulnerabilities

This plugin is prone to malicious changes, scenario attacking and others vulnerabilities. Solution Updating is not enough to clean the site. Please check the "Mitigation" section at the end of this blogpost -- https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html...