CVE-2026-35618

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized...

CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

CVE-2026-2330

An unauthenticated attacker could access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Internal testing directories were not covered by the whitelist, making them accessible without authentication. A manipulated parameter file coul...

EUVD-2026-9324

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...

CVE-2026-1775

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...

Labkotec LID-3300IP 访问控制错误漏洞

The Labkotec LID-3300IP is an ice detector developed by the Finnish company Labkotec. The Labkotec LID-3300IP has a security vulnerability related to access control. This vulnerability stems from defects in the ice detector software, which may allow unauthorized attackers to modify device...

Uniong WebITR 安全漏洞

Uniong WebITR is an online time and attendance system from China Kaifa Uniong. A security vulnerability exists in Uniong WebITR that originates from an authentication bypass that allows remote attackers to log in as an arbitrary user by modifying specific parameters...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

CVE-2025-61113

TalkTalk Android app v3.3.6 has improper access control across multiple API endpoints. The issue allows parameter tampering to extract sensitive user data (device identifiers, birthdays) and private group information (including join credentials). Impact is privacy breach and unauthorized access t...

WisdomGarden Tronclass 安全漏洞

WisdomGarden Tronclass is an interactive instructional management platform from China WisdomGarden, Inc. A security vulnerability exists in WisdomGarden Tronclass that stems from an insecure direct object reference, which could lead to a remote attacker accessing other user files by modifying...

CVE-2024-38910

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble version was discovered to contain a use-after-free in the nav2amcl process. This vulnerability is triggered via sending a request to change dynamic parameters...

Tenable Network Security Nessus Agent Competitive Conditions Vulnerability

The Tenable Network Security Nessus Agent is a component of the Nessus Vulnerability Scanning Tool developed by Tenable to extend scanning capabilities to other devices on the network. A competitive condition vulnerability exists in the Tenable Network Security Nessus Agent, which can be exploite...

Tenable Network Security Nessus 安全漏洞

The Tenable Network Security Nessus Agent is a component of the Nessus Vulnerability Scanning Tool developed by Tenable to extend scanning capabilities to other devices on the network. A competitive condition vulnerability exists in the Tenable Network Security Nessus Agent, which can be exploite...

Security update for perl-HTTP-Tiny (moderate)

openSUSE Security Update: Security update for perl-HTTP-Tiny Announcement ID: openSUSE-SU-2023:0222-1 Rating: moderate References: 1211002 Cross-References: CVE-2023-31486 CVSS scores: CVE-2023-31486 NVD : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-31486 SUSE: 7.4...

The vulnerability of the driver for configuring WMI microprogramming systems in Lenovo laptops allows a hacker to modify security loading parameters through the NVRAM variable.

The vulnerability of the WMI driver for Lenovo notebook microprogramming systems is related to errors in the use of standard permissions. Exploiting this vulnerability allows an attacker to modify security boot parameters through the NVRAM variable...

Vulnerability of EVlink City parking charging station software. Issues with EVlink Parking and EVlink Smart Wallbox, which arise due to incorrect neutralization during the creation of web pages. This allows a malicious actor to inject arbitrary codes during CSV file import or parameter changes at the station.

The software vulnerabilities of EVlink City parking stations. EVlink Parking and EVlink Smart Wallbox have vulnerabilities due to incorrect neutralization during the creation of their web pages. This allows unauthorized individuals to inject arbitrary codes during CSV file import or parameter...

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Design/Logic Flaw

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user...

CVE-2020-8973 ZGR TPS200 NG Improper access control

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user...