24 matches found
CVE-2026-41326
A flaw was found in Kata Containers. An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those...
GHSA-Q49M-57VM-C8CC Kata Container has CopyFile Policy Subversion via Symlinks
Summary An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. Details...
Kata Container has CopyFile Policy Subversion via Symlinks
Summary An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. Details...
CVE-2026-41326
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...
CVE-2026-41326
Kata Containers CVE-2026-41326 affects versions v3.4.0–v3.28.0 due to an oversight in the CopyFile policy/handler that allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can overwrite binaries inside the guest and exfiltrate data from containers, includin...
EUVD-2026-25611
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...
CVE-2026-41326
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...
next-intl 安全漏洞
next-intl is a Next.js solution developed by Jan Amann. Versions of next-intl prior to 4.9.1 contained a security vulnerability, which was caused by improper handling of middleware pathing, potentially leading to redirection to untrusted hosts...
CVE-2026-33745 cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...
CVE-2026-33745 cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...
CVE-2026-33745
The CVE affects cpp-httplib (a C++11 single-file header-only HTTP/HTTPS library). Before 0.39.0, the HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin redirects (301/302/307/308). A malicious or compromised server can ...
OpenClaw Information Disclosure Vulnerability (CNVD-2026-13601)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that originates when the MS Teams attachment downloader, when retrying to download after receiving a 401 or 403 response, sends an authorization bearer token to ...
CVE-2026-28481
OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader optional extension must be enabled that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403...
CVE-2026-28481 OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching
OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader optional extension must be enabled that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability that originates when the MS Teams attachment downloader, when retrying to download after receiving a 401 or 403 response, sends an authorization bearer token to ...
Insertion of Sensitive Information Into Sent Data
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the process that handles downloading inbound MS Teams attachments or inline images, specifically when retrying URLs wi...
UBUNTU-CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
Microsoft Windows CVE-2016-0009 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft...
Fedora Update for openssh FEDORA-2013-2206
Check for the Version of openssh OpenVAS Vulnerability Test Fedora Update for openssh FEDORA-2013-2206 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to...