728055 matches found
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
Summary OpenClaw's exec allowlist supported optional argPattern entries to restrict the arguments accepted for an allowlisted executable. In affected releases, Linux and macOS gateways skipped argPattern checks and treated a matching executable path as sufficient to satisfy the allowlist. This...
GHSA-V2WW-5RH7-2H5V OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
Summary OpenClaw's exec allowlist supported optional argPattern entries to restrict the arguments accepted for an allowlisted executable. In affected releases, Linux and macOS gateways skipped argPattern checks and treated a matching executable path as sufficient to satisfy the allowlist. This...
Exploit for OS Command Injection in Fortinet Fortisandbox
CVE-2026-39808 !Pythonhttps://img.shields.io/badge/Python...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
OpenClaw: Exported session HTML could keep unsafe markdown links
Summary Exported session HTML could keep unsafe markdown links. In affected versions, content rendered into an exported session could preserve unsafe javascript: or data: links in generated HTML. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...
GHSA-W9HF-3PP7-PVXV OpenClaw: Exported session HTML could keep unsafe markdown links
Summary Exported session HTML could keep unsafe markdown links. In affected versions, content rendered into an exported session could preserve unsafe javascript: or data: links in generated HTML. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in Hugging Face Transformers [CVE-2025-14924, CVE-2025-14928, CVE-2025-14929, CVE-2025-14930]
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple issues in Hugging Face Transformers CVE-2025-14924, CVE-2025-14928, CVE-2025-14929, CVE-2025-14930. Hugging Face Transformers is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...
SOC127---SQL-Injection-Detected
SOC127---SQL-Injection-Detected detected sql injection and inv...
Exploit for CVE-2026-7515
CVE-2026-7515: BetterDocs Pro views-get"layouts/encyclopedia...
Unix Command Shell, Bind TCP (via socat)
Creates an interactive shell via socat Module Options msf use payload/cmd/unix/bindsocattcp msf payloadbindsocattcp show actions ...actions... msf payloadbindsocattcp set ACTION msf payloadbindsocattcp show options ...show and set options... msf payloadbindsocattcp run This module requires...
HP Poly Voice Unauthenticated Remote Code Execution
CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability: when CASSANDRA_USER is customized, the init script creates a new superuser but may not drop the built-in cassandra account, leaving cassandra:cassandra active as an unintended access path. This can allo...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
EUVD-2026-37932
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
Malicious code in @httpactions/strict-uri-encode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90fd30f5d52b139ea7be77aa1782a5339f39355ec7ad532af2fa7a49616ff88 @httpactions/strict-uri-encode impersonates the popular unscoped npm package 'strict-uri-encode' 30M weekly downloads by republishing the same name...
MAL-2026-6140 Malicious code in @httpactions/strict-uri-encode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90fd30f5d52b139ea7be77aa1782a5339f39355ec7ad532af2fa7a49616ff88 @httpactions/strict-uri-encode impersonates the popular unscoped npm package 'strict-uri-encode' 30M weekly downloads by republishing the same name...
Malicious code in @httpactions/encode-url (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e52b15ad9413185c30f84ad7e11e031c74c359e04f5c30ce502b8bc73267d8e The package ships a single heavily obfuscated index.js that performs no URL-encoding work despite the package name. On require of the declared main,...
MAL-2026-6139 Malicious code in @httpactions/encode-url (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e52b15ad9413185c30f84ad7e11e031c74c359e04f5c30ce502b8bc73267d8e The package ships a single heavily obfuscated index.js that performs no URL-encoding work despite the package name. On require of the declared main,...