14 matches found
CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...
CVE-2026-41268
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
CVE-2026-41268
Flowise is affected by a critical unauthenticated remote command execution (RCE) prior to version 3.1.0. The vulnerability arises from a parameter override bypass that combines the FILE-STORAGE:: keyword with a NODE_OPTIONS environment variable injection, allowing arbitrary root commands to be ex...
EUVD-2016-10518
Malware in sbrugna...
EUVD-2023-3193
Malicious code in bioql PyPI...
PT-2023-31617 · Hono · Hono
Name of the Vulnerable Software and Affected Versions: Hono versions prior to 3.11.7 Description: The issue allows clients to override named path parameter values from previous requests when the application is using TrieRouter. This poses a risk that a privileged user may use unintended parameter...
Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717)
Summary IBM InfoSphere Master Data Management is vulnerable to a HTTP Parameter Override which may produce an anomalous behavior in the application that can be potentially exploited . Vulnerability Details CVEID: CVE-2016-9717 DESCRIPTION: HTTP Parameter Override is identified in IBM Infosphere...
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...
Design/Logic Flaw
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management MDM 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploite...
CVE-2016-9717
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management MDM 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploite...
CVE-2016-9717
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management MDM 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploite...
CVE-2016-9717
CVE-2016-9717 affects IBM InfoSphere Master Data Management Server versions 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6. Described as an HTTP Parameter Override that reveals duplicated parameters, potentially causing anomalous application behavior that can be exploited. IBM’s Security Bulletin provide...