Origin Validation Error

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Origin Validation Error via the setsessioncookiesecure function. An attacker can cause session cookies to be issued without the Secure flag or disrupt user...

EUVD-2025-209088

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

OpenClaw has an unauthorized sender bypass in its stop triggers and /models command authorization

Summary Unauthorized senders could trigger two command paths without sender authorization checks: 1. stop-like natural-language abort triggers 2. /models command output Impact An unauthorized sender could disrupt active sessions and view model/auth metadata that should be authorization-gated. Fix...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the stop triggers and /models command. An attacker can disrupt active sessions and access sensitive model or authentication metadata by sending unauthorized...

PT-2025-42325

Name of the Vulnerable Software and Affected Versions F5 BIG-IP APM versions 15.1.0 through 15.1.10 F5 BIG-IP APM versions 16.1.0 through 16.1.6 F5 BIG-IP APM versions 17.1.0 through 17.1.2 F5 BIG-IP APM versions 17.5.0 through 17.5.1 F5 BIG-IP APM versions prior to 21.0.0 Description An...

EUVD-2024-18046

Malicious code in bioql PyPI...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...

Cross-site Scripting (XSS)

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editentry action, which is accessible on the FAQ Q&A editor page. An admin user can disrupt other users' sessions by...

CVE-2024-40873

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editin...

Puppet Enterprise Authorization Issues Vulnerability

Puppet is a set of configuration management tools based on a client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage profiles, users, cron tasks, packages, system services, etc. Puppet Enterprise is the enterprise version of Puppet. An authorization issue vulnerabilit...

DEBIAN-CVE-2021-3761

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...

ROS-2-448

2.448 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability Description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

CVE-2020-27225

It was found that the Eclipse Platform does not authenticate requests to the Help subsystem on the local web server. A local attacker could use this vulnerability to disrupt the Eclipse user's session, potentially causing Eclipse to damage or disclose data owned by that user...

Palo Alto Networks PAN-OS Denial of Service Vulnerability (CNVD-2018-18131)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A denial of service vulnerability exists in the PAN-OS management web interface in Palo Alto Networks PAN-OS 8.1.2 and prior versions. An attacker can exploit this vulnerability to...

CVE-2013-5542

Cisco Adaptive Security Appliance ASA Software 8.4 before 8.47.2, 8.7 before 8.71.8, 9.0 before 9.03.6, and 9.1 before 9.12.8 allows remote attackers to cause a denial of service firewall-session disruption or device reload via crafted ICMP packets, aka Bug ID CSCui77398...

PT-2013-5623 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.4 before 8.47.2 Cisco Adaptive Security Appliance ASA Software versions 8.7 before 8.71.8 Cisco Adaptive Security Appliance ASA Software versions 9.0 before 9.03.6 Cisco Adaptive...