Origin Validation Error

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Origin Validation Error via the setsessioncookiesecure function. An attacker can cause session cookies to be issued without the Secure flag or disrupt user...

EUVD-2025-209088

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the stop triggers and /models command. An attacker can disrupt active sessions and access sensitive model or authentication metadata by sending unauthorized...

OpenClaw has an unauthorized sender bypass in its stop triggers and /models command authorization

Summary Unauthorized senders could trigger two command paths without sender authorization checks: 1. stop-like natural-language abort triggers 2. /models command output Impact An unauthorized sender could disrupt active sessions and view model/auth metadata that should be authorization-gated. Fix...

PT-2025-42325

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.5.1.3 F5 BIG-IP versions prior to 17.1.3 F5 BIG-IP versions prior to 16.1.6.1 F5 BIG-IP versions prior to 15.1.10.8 Description An unauthenticated Remote Code Execution RCE exists in the F5 BIG-IP Access Policy...

EUVD-2024-18046

Malicious code in bioql PyPI...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...

Cross-site Scripting (XSS)

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editentry action, which is accessible on the FAQ Q&A editor page. An admin user can disrupt other users' sessions by...

CVE-2024-40873

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editin...

Puppet Enterprise Authorization Issues Vulnerability

Puppet is a set of configuration management tools based on a client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage profiles, users, cron tasks, packages, system services, etc. Puppet Enterprise is the enterprise version of Puppet. An authorization issue vulnerabilit...

CVE-2022-0878

Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...

DEBIAN-CVE-2021-3761

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...

ROS-2-448

2.448 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability Description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

CVE-2020-27225

It was found that the Eclipse Platform does not authenticate requests to the Help subsystem on the local web server. A local attacker could use this vulnerability to disrupt the Eclipse user's session, potentially causing Eclipse to damage or disclose data owned by that user...

The vulnerability of the driver for hardware encryption in Cisco IOS XE allows a hacker to disconnect VPN Ipsec sessions.

The vulnerability of the Cisco IOS XE operating system’s hardware encryption driver is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor to disable VPN Ipsec sessions remotely...

Palo Alto Networks PAN-OS Denial of Service Vulnerability (CNVD-2018-18131)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A denial of service vulnerability exists in the PAN-OS management web interface in Palo Alto Networks PAN-OS 8.1.2 and prior versions. An attacker can exploit this vulnerability to...

CVE-2013-5542

Cisco Adaptive Security Appliance ASA Software 8.4 before 8.47.2, 8.7 before 8.71.8, 9.0 before 9.03.6, and 9.1 before 9.12.8 allows remote attackers to cause a denial of service firewall-session disruption or device reload via crafted ICMP packets, aka Bug ID CSCui77398...

PT-2013-5623 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.4 before 8.47.2 Cisco Adaptive Security Appliance ASA Software versions 8.7 before 8.71.8 Cisco Adaptive Security Appliance ASA Software versions 9.0 before 9.03.6 Cisco Adaptive...