212 matches found
CVE-2026-32248
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...
CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...
CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...
CVE-2026-32248
Parse Server suffers an account takeover vulnerability (CVE-2026-32248) due to operator injection in the authentication data identifier. Before versions 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can crafted-login cause a pattern-matching query instead of an exact match, allowing them...
Improper Neutralization of Special Elements in Data Query Logic
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the findUsersWithAuthData function of authentication data...
PT-2026-25058
Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier e.g. anonymous authentication. By sending a crafted login request, the attacker can cause the server to perform a...
vaadin 安全漏洞
Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in versions of Vaadin prior to 14.14.0, 23.6.6,...
CVE-2026-27486
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...
CVE-2026-27486
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...
CVE-2026-27486
OpenClaw CVE-2026-27486 affects the OpenClaw CLI up to version 2026.2.13, where cleanup uses system-wide process enumeration and pattern-based termination without verifying process ownership. On shared hosts, unrelated processes matching the pattern could be terminated. The issue is addressed in ...
CVE-2026-27486 OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...
PT-2026-21337
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is a personal AI assistant. The CLI process cleanup mechanism used system-wide process enumeration and pattern matching to terminate processes without verifying ownership by the current...
securiclaw
🦞 Securiclaw AI-Powered Code Security Scanner Securiclaw...
MiracleLinux 9 : redis:7 (AXSA:2024-9438:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9438:01 advisory. redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 redis: possible bypass of Unix socket permissions on startup CVE-2023-45145 redis:...
MiracleLinux 9 : redis-6.2.17-1.el9_5 (AXSA:2025-9591:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9591:01 advisory. redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 redis: possible bypass of Unix socket permissions on startup...
MiracleLinux 8 : redis:6 (AXSA:2025-9575:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9575:01 advisory. redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service CVE-2023-22458 redis: Integer overflow in the...
YARA-X 1.11.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
EulerOS Virtualization 2.10.1 : libxml2 (EulerOS-SA-2026-1004)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.CVE-2025-27113 libxml2...
EUVD-2018-0549
Malware in sbrugna...
EUVD-2004-0709
Malware in sbrugna...