43 matches found
CVE-2026-58448
yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation...
EUVD-2026-40374
Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...
CVE-2026-49344
Mercator (open source mapping app) prior to version 2025.05.19 is affected by CVE-2026-49344. The Query Engine endpoint /admin/queries/execute does not enforce an authorization gate, allowing any authenticated account (including read-only Auditor) to query models outside the intended scope (e.g.,...
CVE-2026-49344 Mercator has a Personal Identifiable Information Leak from Query Executor feature
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334
Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...
GHSA-78R8-WWQV-R299 PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334
Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...
Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016769)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016769 advisory. An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically...
CVE-2026-44334
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...
CVE-2026-36355
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK all known versions through v3.4.14B does not perform any access control checks on the writemem ioctl 0x89F5 and readmem ioctl 0x89F6 debug handlers, which are compiled into production builds via the unconditionally defined...
CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
CVE-2026-41302
OpenClaw (npm) before 2026.3.31 is vulnerable to a server-side request forgery (SSRF) in the marketplace plugin download. The issue arises from unguarded fetch() calls, enabling an attacker to make arbitrary network requests from the affected system, potentially reaching internal resources or ext...
EUVD-2026-21116
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...
GHSA-8J7F-G9GV-7JHC Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fa...
CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...
PT-2026-31765
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw versions prior to 2026.3.25 contain a server-side request forgery vulnerability in multiple channel extensions. The issue arises from a failure to properly guard configured base URLs...
GHSA-9Q7V-8MR7-G23P OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery
Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...
OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery
Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...
GHSA-QXGF-HMCJ-3XW3 OpenClaw affected by SSRF via unguarded image download in fal provider
Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...
OpenClaw affected by SSRF via unguarded image download in fal provider
Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...