5935 matches found
CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
CVE-2026-25590
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...
GHSA-PJ5X-38RW-6FPH OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...
GHSA-MQR9-VQHQ-3JXW OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...
OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005675)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005675 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done...
GLPI Inventory Plugin 跨站脚本漏洞
GLPI Inventory Plugin is an open-source plugin developed by French company GLPI. It is used to process various types of tasks for the GLPI agent. Versions of the GLPI Inventory Plugin prior to 1.6.6 contained a cross-site scripting vulnerability, which stemmed from reflective cross-site scripts...
PT-2026-26234
Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...
PT-2026-26221
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005737)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005737 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...
CVE-2025-48635
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48635
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48635
The CVE-2025-48635 entry is not a standalone public detail in the Initial document; however, connected PT security notes show CVE-2025-48635 is included in Samsung and Google patches within the SMR Jan-2026 release. The PT entries describe SVE items related to Samsung devices (SVE-2025-1716, -210...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from a logic error in multiple functions of TaskFragmentOrganizerController.java, which can be exploited by an attacker to elevate privileg...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: falcoctl-fips, helm-operator, ansible-operator-fips, kyverno-fips, velero-plugin-for-gcp-fips, falcosidekick-fips, kubescape, harbor, sftpgo-plugin-pubsub, trillian-fips, spire-server, k6-fips, terraform-provider-google-fips, terragrunt-fips, cloudflared-fips,...
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan RAT. "A malicious downloader staged a portable Java runtime and executed a malicious Java archive JAR file named...
Malicious code in nuget-task-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711e93cd10681dc29d8c8eea7b459d982383f7b78d0c5fdc73e9398aff953a90 The package nuget-task-common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1059 Malicious code in nuget-task-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711e93cd10681dc29d8c8eea7b459d982383f7b78d0c5fdc73e9398aff953a90 The package nuget-task-common was found to contain malicious code. Source: ossf-package-analysis...