USN-8224-1: Linux kernel (BlueField) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

USN-8098-7: Linux kernel (Azure) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

CVE-2026-28450

OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote...

CVE-2026-28450

OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote...

CVE-2026-28450 OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints

OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote...

CVE-2026-28450

OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote...

PT-2026-23528

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.12 Description The OpenClaw Nostr channel plugin, when installed and enabled, exposes unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import...

CVE-2025-67282

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

CVE-2025-57130

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...

CVE-2025-64349

CVE-2025-64349 affects ELOG (the Electronic Logbook) with an authentication-level flaw: an authenticated, low-privilege user can modify another user’s profile, potentially changing the target’s email address and triggering a password reset to take over the account. Public records note ELOG defaul...

ELog 安全漏洞

ELog is an electronic logging software with a web interface by the individual developer Stefan Ritt. A security vulnerability exists in ELog that originates from an authenticated user being able to modify other users' profiles, potentially leading to an account takeover...

EUVD-2006-5990

Malware in sbrugna...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A security vulnerability exists in Mitel MiCollab versions 9.1.3 through 9.5.0.101, which stems from an incorrect authorization control in the...

Logic flaw vulnerability exists in UsualToolCMS of Chengdu Comfidonte Network Technology Co.

UsualToolCMS UTCMS is a content management system and rapid site building framework. A logic flaw vulnerability exists in UsualToolCMS v8.0 build 190101. The vulnerability stems from the program not verifying the identity of the data passed by the processing user. An attacker could overstep his/h...

CVE-2005-2257

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the authorid parameter...

Hosting Controller 6.1 - User Profile Unauthorized Access

Hosting Controller 6.1 - User Profile Unauthorized Access source: https://www.securityfocus.com/bid/13816/info Hosting Controller is prone to an unauthorized access vulnerability. Reportedly an authenticated user can modify other user's profiles. This issue is due to a failure in the application ...