103 matches found
SUSE CVE-2025-1296
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...
CVE-2018-25332
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
EUVD-2026-17020
OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket...
CVE-2026-32980
OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket...
CVE-2026-32980
OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket...
CVE-2026-25474
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by ...
CVE-2026-26016
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...
CVE-2026-26016
Summary: CVE-2026-26016 affects Pterodactyl Panel (Wings) prior to 1.12.1 due to missing authorization checks across multiple controllers/endpoints. An authenticated Wings node with a node secret token can access and disclose information about servers on other nodes, retrieve server installation ...
CVE-2026-26016 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...
CVE-2026-25474 OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by ...
GHSA-G7VW-F8P5-C728 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...
Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...
CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
EUVD-2013-2031
Malware in sbrugna...
EUVD-2013-3642
Malware in sbrugna...
EUVD-2022-51431
Malicious code in bioql PyPI...
EUVD-2022-3925
Malicious code in bioql PyPI...
EUVD-2022-5766
Malicious code in bioql PyPI...