115 matches found
SUSE CVE-2026-31709
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl buildsecdesc and idmodetocifsacl derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild the chmod/chown security...
CVE-2026-35652
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling...
EUVD-2026-21450
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling...
CVE-2026-1519
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...
GHSA-3WF5-G532-RCRR Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...
CVE-2025-70045
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jxobj.IsSecure' is true...
Bluetooth: hci_event: validate skb length for unknown CC opcode
...
EUVD-2025-197811
GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...
CVE-2025-64385 INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initi...
Bridging the Remediation Gap: Introducing Pentera Resolve
From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels...
EUVD-2019-2628
Malware in sbrugna...
EUVD-2017-6979
Malware in sbrugna...
EUVD-2018-7416
Malware in sbrugna...
EUVD-2019-15786
Malware in sbrugna...
EUVD-2024-43678
Malicious code in bioql PyPI...
EUVD-2023-27442
Malicious code in bioql PyPI...
EUVD-2025-30469
Malicious code in bioql PyPI...
EUVD-2024-24348
Malicious code in bioql PyPI...
EUVD-2022-24711
Malicious code in bioql PyPI...
CVE-2024-45433
OpenSynergy BlueSDK aka Blue SDK through 6.x has Incorrect Control Flow Scoping. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper return control flow after detecting an unusual condition. An attacker can leverage this to bypass a security...