OpenClaw has an unspecified vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. A security vulnerability exists in versions prior to OpenClaw 2026.1.29, which originates from automatically establishing a WebSocket connection and sending a token, and can be exploited by an attacker to cause an unauthorized...

EUVD-2023-49453

Malicious code in bioql PyPI...

EUVD-2025-6711

Malicious code in bioql PyPI...

NewStart CGSL MAIN 7.02 : bluez Vulnerability (NS-SA-2025-0149)

The remote NewStart CGSL host, running version MAIN 7.02, has bluez packages installed that are affected by a vulnerability: - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports,...

Exploit for Improper Certificate Validation in Ibm Mq_Operator

CVE-2025-36041 IBM MQ SSL Bypass Exploit Overview This re...

CVE-2023-24459

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-28144

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

CVE-2024-55968

An issue was discovered in DTEX DEC-M DTEX Forwarder 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication IPC. Specifically, the...

redis: possible bypass of Unix socket permissions on startup

A flaw was found in Redis, an in-memory database that persists on disk. On startup, Redis listens on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, anothe...

AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider

Impact Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow, https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.tsL34...

CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk

The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...

redis: possible bypass of Unix socket permissions on startup

A flaw was found in Redis, an in-memory database that persists on disk. On startup, Redis listens on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, anothe...

ROS-20240916-08

Vulnerability of MongoDB database management system is related to errors in TLS certificate validation procedure. of TLS certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, establish an unauthorized connection to the MongoDB server...

BIT-VALKEY-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

Sony: 明確な認証不備および潜在的な中間者攻撃の可能性（Clear Authentication Deficiencies & Potential for Man-in-the-Middle Attacks）

The WH-1000XM5 headphones were found to have an authentication vulnerability that allowed an attacker to connect to the device without going through the proper pairing process. This vulnerability could be combined with existing Bluetooth attacks to enable man-in-the-middle attacks...

Amazon Linux 2 : redis (ALASREDIS6-2024-009)

The version of redis installed on the remote host is prior to 6.2.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2024-009 advisory. Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-516)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-516 advisory. Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Redis vulnerabilities (USN-6531-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6531-1 advisory. Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An...

SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2023:4290-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4290-1 advisory. - Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting i...

ROS-20231030-06

The Unix socket vulnerability of the Redis database management system Redis is related to the use of a permissive mask, which creates a race condition that allows for a short period of time for another process to establish an unauthorized connection. Exploitation of the vulnerability could allow ...