OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.22 contained security vulnerabilities. These vulnerabilities stemmed from improper upgrade validation of the media stream WebSocket by OpenClaw and its component voice-call, which could allow...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...

Vulnerabilities fixed in Arista Networks products

Arista Networks has fixed vulnerabilities in DANZ. The vulnerabilities include several ways for authenticated users with limited privileges to gain access to sensitive systems and data. These include escaping the CLI sandbox, exploiting SSH port forwarding, and making operating system operations...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...

CVE-2025-59160

The CVE-2025-59160 entry concerns the Matrix JavaScript SDK (matrix-js-sdk) prior to version 38.2.0, where MatrixClient::getJoinedRooms performs insufficient validation of room predecessor links. This can allow a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-s...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the NodeRestriction admission controller process. An attacker can access unauthorized dynamic resources by creating mirror pods during pod creation when the DynamicResourceAllocation feature gate is enabled...

CVE-2024-31448 Cross-site Scripting vulnerability in link CSV import in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

Tenda M3 安全漏洞

Tenda M3 is an access controller from Tenda, China. A buffer overflow vulnerability exists in Tenda M3 version V1.0.0.124856, which is caused by the upgrade method failing to correctly validate the length of the input data, and can be exploited by a remote attacker to execute arbitrary code on th...

CRITICAL UPGRADES IN THE DIAMOND PROXY COULD BE MISSED DUE TO INVALID ACTIONS PASSED IN

Lines of code Vulnerability details Impact The LibDiamond.diamondCut function is used to modify the facets by passing in the FacetCut structs. The FacetCut struct contains the action to perform: add, replace and remove and the function selectors to use for them. Here the function implementation...

Cisco Enterprise NFV Infrastructure Software 数据伪造问题漏洞

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform enables full lifecycle management of virtualized services through a central orchestrator and controller. Cisco Enterprise NFV Infrastructure Software is vulnerable to a...

CVE-2022-29328

D-Link DAP-1330OSS-firmware1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade...

CVE-2019-5227

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193C00E190R2P1, versions earlier than VOGUE-AL00A 9.1.0.193C00E190R2P1, versions earlier than Hima-AL00B 9.1.0.135C00E133R2P1 and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade...

[SECURITY] [DLA 1650-1] rssh security update

Package : rssh Version : 2.3.4-4+deb8u1 CVE ID : CVE-2019-1000018 Debian Bug : 919623 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve Subversion, rdist and/or rsync operations. Missing validation in the scp...