3037 matches found
OpenClaw Access Control Error Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from an Access Control Error vulnerability that stems from the @openclaw/voice-call plugin Telnyx webhook handler accepting unsigned inbound webhook requests when telnyx.publicKey is not configured, which can b...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005522)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005522 advisory. In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0...
OESA-2026-1470 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A memory address truncation vulnerability exists in the irqchip/gic-v3-its driver of the Linux kernel. On 32-bit ARM machines with CONFIGARMLPAE enabled, when using larger VMSPLIT configurations, lowmem allocations may be backed ...
GHSA-38C7-23HJ-2WGQ n8n has Webhook Forgery on Zendesk Trigger Node
Impact An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject...
User Impersonation
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the ZendeskTrigger component. An attacker can inject arbitrary data into workflows by sending unsigned POST requests to the webhook endpoint. Remediation Upgrade n8n-nodes-bas...
n8n has Webhook Forgery on Zendesk Trigger Node
Impact An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject...
User Impersonation
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...
curl: Integer Overflow in curl_multi_get_handles() Leading to Heap Buffer Overflow
Integer Overflow in curlmultigethandles Leading to Heap Buffer Overflow Summary The curlmultigethandles function in lib/multi.c contains an integer overflow vulnerability when the number of easy handles in a multi handle approaches UINTMAX 4,294,967,295. When count == UINTMAX, the expression coun...
CVE-2026-1916
The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...
CVE-2025-47904
CVE-2025-47904 affects Microchip Time Provider 4100. Root cause: missing integrity check during code download allows a malicious manual software update. Affected: Time Provider 4100 before version 2.5. Impact (per sources): potential compromise of software integrity and related systems during upg...
CVE-2025-47904 Unsigned upgrade package
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47904 Unsigned upgrade package
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...
Signed to Unsigned Conversion Error
Overview Affected versions of this package are vulnerable to Signed to Unsigned Conversion Error via the istreamnonparallelread function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. An attacker can cause a heap buffer overflow by supplying a specially...
Signed to Unsigned Conversion Error
Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Signed to Unsigned Conversion Error via the istreamnonparallelread function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. An...
Integer Overflow or Wraparound
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Overflow or Wraparound
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
OpenClaw < 2026.2.14 Multiple Vulnerabilities
The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.2.14. It is, therefore, affected by multiple vulnerabilities, including: - A command injection in the maintainer clawtributors updater script allowed arbitrary command execution via crafted git commit author...
CVE-2026-26319
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...
CVE-2026-26319
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...
CVE-2026-26319 OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...