85 matches found
CVE-2026-53851
CVE-2026-53851 affects OpenClaw prior to version 2026.5.12. A notification bypass allows Slack reaction events to be processed by the agent pipeline even when reaction notifications are disabled. An attacker can trigger unintended agent processing by sending reaction events while the feature is e...
PT-2026-49768
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A notification bypass allows Slack reaction events to enter the agent pipeline even when reaction notifications are disabled. This can trigger unintended agent processing for reaction events,...
CVE-2026-8990
A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...
CVE-2026-8477
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from a validation notification bypass that circumvented direct message policy checks and resulted in...
MiracleLinux 8 : firefox-102.7.0-1.el8.ML.1 (AXSA:2023-4857:04)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4857:04 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2025-13132
CVE-2025-13132 affects the "dia" browser (Red Hat/Dia references) where a flaw allows entering fullscreen after a user click without showing the fullscreen notification toast. This could let a malicious site spoof the UI (e.g., fake address bar). Root cause: lack of fullscreen notification. Impac...
EUVD-2020-27654
Malware in sbrugna...
EUVD-2020-1927
Malware in sbrugna...
EUVD-2024-0299
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-39908
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before...
The vulnerability of the HarmonyOS operating system, related to deficiencies in authentication procedures, allows a perpetrator to gain access to the camera without notifying the user.
The vulnerability of the HarmonyOS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the camera without notifying the user...
CVE-2023-22488
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...
CVE-2021-24527
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...
WWBN AVideo recovery notification bypass vulnerability
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to silently create a recovery pass code for any user...
CVE-2023-50172
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...
CVE-2023-50172
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...
Design/Logic Flaw
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...
CVE-2023-50172
Summary: CVE-2023-50172 affects WWBN AVideo (dev master, commit 15fed957fb). The vulnerability lies in userRecoverPass.php captcha validation, where the recoverPass value is set even if the captcha check fails, enabling a malicious actor to silently create a recovery pass code for any user. An at...