58579 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...
jq 安全漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities; these vulnerabilities stem from unbounded recursion in jvobjectmergerecursive. This recursion allows malicious programs to cause program crashes with...
CVE-2026-7270
An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...
CVE-2026-6860 vulnerabilities
Vulnerabilities for packages: request-9047-keycloak-fips, apache-pulsar-fips, spark-fips, spark-kubernetes-operator, keycloak, wildfly, knative-kafka-broker-fips, kafka-bridge, apache-camel-karavan-devmode, apicurio-registry, keycloak-fips, knative-kafka-broker, spark, apache-pulsar...
GHSA-3G76-F9XQ-8VP6 vulnerabilities
Vulnerabilities for packages: request-9047-keycloak-fips, apache-pulsar-fips, spark-fips, spark-kubernetes-operator, keycloak, wildfly, knative-kafka-broker-fips, kafka-bridge, apache-camel-karavan-devmode, apicurio-registry, keycloak-fips, knative-kafka-broker, spark, apache-pulsar...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: zarf, docker-cli-buildx, ko, rekor, docker-compose, vexctl, gitsign, buildkitd, gh, policy-controller, tekton-chains, kyverno-notation-aws, aactl, crossplane, tkn, kubescape, slsa-verifier, trivy-operator, falcoctl, docker, goreleaser, zot, skaffold,...
GHSA-C4RQ-3M3G-8WGX vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, ruby3.2-rails, kube-logging-operator, ruby3.4-rails, ruby3.3-rails...
CVE-2025-15633
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
CVE-2025-15633
The CVE describes an improper authorization flaw in HCL BigFix WebUI. An authenticated user lacking Master Operator privileges can access internal data (site names, versions, configuration variables) via unprotected endpoints that do not enforce security headers. This indicates a privilege check ...
CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
Exploit for Operator Precedence Logic Error in Freebsd
CVE-2026-7270 FreeBSD local privilege escalation via exec...
PT-2026-39320
Name of the Vulnerable Software and Affected Versions HCL BigFix WebUI affected versions not specified Description An improper authorization issue in HCL BigFix WebUI allows an authenticated user who lacks Master Operator privileges to bypass privilege requirements. This is possible due to...
in-toto-golang and in-toto-python have inconsistent negation behavior
Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...
gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense
Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense The gmaps-mcp codebase was reviewed at commit e671db68c804c9e67d51582d3280839ffa65f127 and three issues worth flagging were discovered — one high-severity, one medium, one structural. There were no...
CVE-2026-34984 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-R2PG-R6H7-CRF3 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-34984 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-R2PG-R6H7-CRF3 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-8063
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...