8 matches found
CVE-2026-49097
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...
EulerOS Virtualization 2.12.1 : libssh (EulerOS-SA-2026-2080)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...
OpenClaw: Workspace `.env` can override the bundled plugin trust root
Summary Workspace .env can override the bundled plugin trust root Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAWBUNDLEDPLUGINSDIR, but critical is too high because exploitation still depends on...
EUVD-2025-29320
Malicious code in bioql PyPI...
EUVD-2023-0808
Malicious code in bioql PyPI...
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...
PT-2023-30649 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to check if hardened mode is enabled when overriding the username and/or the icon when posting. If settings allow integrations to override the...
It is possible to prematurely unlock assets that should still be locked up by setting the cooldown duration to 0.
Lines of code Vulnerability details Impact It undermines the security of the cooldown period. Specifically: • Users who have assets locked up in the cooldown period could immediately withdraw them if the admin sets the duration to 0. This violates the intent of having a cooldown period to begin...