8 matches found
CVE-2026-31704
CVE-2026-31704 affects the Linux kernel’s ksmbd ACL handling. The vulnerability arises when accumulating ACL entry sizes uses 16-bit counters (u16) in set_posix_acl_entries_dacl() and set_ntacl_dacl(), allowing wraparound past 65535 and causing pointer arithmetic on pndace to land within already-...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from the lack of cross-channel permission list writing that is performed only by the owner at the /allowlist...
OpenClaw 访问控制错误漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained a access control vulnerability. This vulnerability stemmed from the failure to filter Slack thread contexts based on the sender’s permission list, allowing messages...
K000160272: Apache Solr vulnerability CVE-2026-22444
Security Advisory Description The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...
CVE-2025-41099 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permissions using unauthorised internal identifiers...
CVE-2024-24018
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server. An unauthenticated attacker could exploit the vulnerability to craft URL links that bypass the permission list control...
CVE-2020-26565
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data...