3638 matches found
EUVD-2026-43185
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...
CVE-2026-61465
ImageMagick before 7.1.2-26 and 6.9.13-51 lacks a check for the allowed memory allocation limit in matrix-backed operations (e.g., -canny). A crafted image can cause ImageMagick to allocate more memory than policy permits, resulting in a denial of service. Affected components: ImageMagick's memor...
EUVD-2026-42764
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...
CVE-2026-15311
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...
CVE-2026-15311
The CVE-2026-15311 entry concerns NousResearch hermes-agent (Matrix Adapter). The vulnerability specifically affects MatrixAdapter._markdown_to_html in gateway/platforms/matrix.py, enabling cross-site scripting. It can be exploited remotely and publicly available exploit code exists. The related ...
CVE-2026-15311 NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...
GHSA-7HXM-F538-3XP6 OpenClaw: Matrix allowFrom could bind to mutable display names
Summary Matrix allowFrom could bind to mutable display names. In affected versions, a Matrix account able to change display name metadata could match a policy entry through mutable display metadata. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...
EUVD-2026-36317
OpenClaw: Matrix allowFrom could bind to mutable display names...
io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests
A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...
Linux Distros Unpatched Vulnerability : CVE-2026-57963
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This...
UBUNTU-CVE-2026-57963
An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...
DEBIAN-CVE-2026-57963
An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...
EUVD-2026-40862
An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...
PT-2026-54448
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description An attacker can inject arbitrary styled content, phishing links, and CSS to manipulate the chat UI by sending HTML chat messages via Matrix or XMPP...
Security update for openbabel (moderate)
openSUSE Security Update: Security update for openbabel Announcement ID: openSUSE-SU-2026:0220-1 Rating: moderate References: 1258501 Cross-References: CVE-2026-2704 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...
CVE-2026-53811
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...
CVE-2026-53811 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...
CVE-2026-53811
OpenClaw is affected up to version 2026.5.7. The vulnerability is a privilege escalation in the Matrix allowFrom feature caused by mutable display name metadata, allowing authenticated accounts to match policy entries and receive agent access intended for another Matrix identity. Depending on ope...
CVE-2026-53811 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...
PT-2026-48741
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description A privilege escalation issue exists in the Matrix allowFrom feature. Authenticated accounts can match policy entries by manipulating mutable display name metadata. This allows attackers who can...