21 matches found
CVE-2026-26352
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...
CVE-2026-32038
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
CVE-2026-32038
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
CVE-2026-32038
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
EUVD-2026-13324
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...
CVE-2026-32038
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass allowing a trusted operator to join another container’s network namespace by configuring the docker.network parameter with container: values. This enables access to services in the target container namespaces and bypasses netwo...
RHEL 8 : osbuild-composer (RHSA-2026:3898)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3898 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
SUSE CVE-2024-54145
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the getdiscoveryresults function of automationdevices.php using the network parameter. This vulnerability is fixed in 1.2.29...
DEBIAN-CVE-2024-54145
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the getdiscoveryresults function of automationdevices.php using the network parameter. This vulnerability is fixed in 1.2.29...
UBUNTU-CVE-2024-54145
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the getdiscoveryresults function of automationdevices.php using the network parameter. This vulnerability is fixed in 1.2.29...
CVE-2024-54145 Cacti has a SQL Injection vulnerability when request automation devices
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the getdiscoveryresults function of automationdevices.php using the network parameter. This vulnerability is fixed in 1.2.29...
CVE-2024-54145
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the getdiscoveryresults function of automationdevices.php using the network parameter. This vulnerability is fixed in 1.2.29...
Cacti SQL注入漏洞
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a SQL injection vulnerability that stems from improper...
CVE-2023-33307
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter...
Null pointer dereference
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter...
CVE-2023-33307
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter...
PT-2022-6580 · D Link · D-Link Dir-2640
Name of the Vulnerable Software and Affected Versions: D-Link DIR-2640 routers affected versions not specified Description: The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-2640-US router's firmware, specifically with insufficient validation of user-supplied inpu...
PT-2022-25843 · Tenda · Tenda Ac1200 Router
Name of the Vulnerable Software and Affected Versions: Tenda AC1200 Router Model W15Ev2 version V15.11.0.101576 Description: The issue concerns multiple command injection vulnerabilities found in the function setIPsecTunnelList. These vulnerabilities can be exploited via the IPsecLocalNet and...
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting Exploit Title: IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting Date: 2020-01-02 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ibm.com/il-en Hardware Link:...