12 matches found
Windows BITS Jobs Persistence Scanner
This is a Windows BITS Job auditing tool that scans all Background Intelligent Transfer Service BITS tasks using bitsadmin, then analyzes them for suspicious behavior such as executable downloads, command execution cmd.exe, powershell, and remote URLs. It classifies jobs as normal or suspicious a...
EUVD-2026-17915
OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...
OpenSift 代码问题漏洞
OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift prior to 1.6.3-alpha contained code vulnerabilities. These vulnerabilities stemmed from the URL ingestion pipeline accepting remotely controlled URLs under user control, resulting in...
CVE-2026-28451
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...
EUVD-2025-34906
ThingsBoard versions 4.2.1 contain a server-side request forgery SSRF vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the loss recovery logic for path probe packets. An attacker can trigger a nil-pointer dereference by sending valid QUIC packets from different remote addresses, thereby initiating the path validation logic...
CVE-2024-23336
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...
CVE-2022-43782
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the...
Path traversal
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the...
PT-2022-5601 · Atlassian · Crowd
Name of the Vulnerable Software and Affected Versions: Atlassian Crowd versions 3.x.x through 5.x.x before 5.0.3 Atlassian Crowd versions 4.x.x before 4.4.4 Description: The issue is related to errors during the authentication procedure in the Atlassian Crowd data processing product's REST API...
Crowd DC Critical Security Misconfiguration Vulnerability - CVE-2022-43782
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the crowd application...
OpenShift: /proc/net/tcp information disclosure
It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further...