13 matches found
EUVD-2026-36616
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...
CVE-2026-53828
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...
CVE-2026-53828 OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ata/libata-scsi module potentially causing non-NCQ command starvation under continuous load o...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11953link is external React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423link is external SmarterTools SmarterMail Missing...
@react-native-community/cli has arbitrary OS command injection
The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
Command Injection in bestzip
Versions of bestzip prior to 2.1.7 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the zip function . This may allow attackers to execute arbitrary code in the system as long as the values of destination is user-controlled...
The vulnerability of the QEMU hardware emulation software allows a hacker to trigger a maintenance failure or execute arbitrary code.
The vulnerability in the hw/ide/ahci.c driver of the QEMU hardware emulation software is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to cause a service failure or execute arbitrary code crash due to an incorrect AHCI Native Command Queuin...
DEBIAN-CVE-2016-1568
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service instance crash or possibly execute arbitrary code via an invalid AHCI Native Command Queuing NCQ AIO command...
CVE-2016-1568
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service instance crash or possibly execute arbitrary code via an invalid AHCI Native Command Queuing NCQ AIO command...
Qemu: ide: ahci use-after-free vulnerability in aio port commands
A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing NCQ AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU proces...
Qemu: ide: ahci use-after-free vulnerability in aio port commands
A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing NCQ AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU proces...
Important: Red Hat Security Advisory: qemu-kvm-rhev security update
Updated qemu-kvm-rhev packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...