wetfish_pentest

sv Everything you need to build a Svelte project, powered by...

CVE-2026-3779

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution...

PYSEC-2026-27

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

CVE-2026-32018

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

CVE-2026-32018

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

CVE-2026-32018

CVE-2026-32018 affects OpenClaw versions prior to 2026.2.19. The issue is a race condition in concurrent updateRegistry and removeRegistryEntry operations on sandbox containers and browsers, caused by unsynchronized read-modify-write without locking. Consequences include registry updates losing d...

CVE-2026-31970

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

CVE-2026-31970 HTSlib BGZF index file reader has a heap buffer overflow

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzfindexloadhfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to stor...

Linux Distros Unpatched Vulnerability : CVE-2026-31970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading...

OpenClaw's serialize sandbox registry writes to prevent races and delete-rollback corruption

Impact Concurrent updateRegistry/removeRegistryEntry operations for sandbox containers and browsers could lose updates or resurrect removed entries under race conditions. The registry writes were read-modify-write in a window with no locking and permissive fallback parsing, so concurrent registry...

PT-2026-26399

Impact Concurrent updateRegistry/removeRegistryEntry operations for sandbox containers and browsers could lose updates or resurrect removed entries under race conditions. The registry writes were read-modify-write in a window with no locking and permissive fallback parsing, so concurrent registry...

BIT-GRAFANA-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

EUVD-2026-8637

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

GO-2024-3291 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefs

Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefs...

containerd started with non-empty inheritable Linux process capabilities

Impact A bug was found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Attacker contract can avoid being blocked

Lines of code Vulnerability details Impact A Malicious attacker can interact with the system and selfdestruct his own contract then use CREATE2 to recreate it at same address when he needs to interact with the system again. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps...

CVE-2022-31876

netgear wnap320 router WNAP320V2.0.3firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies...

CVE-2022-31876

netgear wnap320 router WNAP320V2.0.3firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies...

PT-2022-20967 · NetGear · Netgear Wnap320

Name of the Vulnerable Software and Affected Versions: Netgear WNAP320 router version WNAP320 V2.0.3 firmware Description: The issue is related to Incorrect Access Control, which can be exploited via the /recreate.php endpoint, potentially leaking all users' cookies. Recommendations: For Netgear...

How to re-create missing .pvp file from vDisk versions

This article explains how to recreate a .pvp file for a PVS vDisk version in case that is deleted by accidentally...