CVE-2026-2743 SEPPmail User Web Interface Arbitrary File Write to RCE

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.3 contained security vulnerabilities. These vulnerabilities stemmed from the /api/backup endpoint, which allowed access without authentication, thereby exposing encrypted keys. This could enable unverified...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

EUVD-2026-9378

The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway...

SUSE CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

PT-2026-23087

Name of the Vulnerable Software and Affected Versions Internet Routing Registry daemon versions 4.4.0 through 4.4.5 Internet Routing Registry daemon versions 4.5.0 through 4.5.1 Description The Internet Routing Registry daemon IRRD is susceptible to a manipulation issue affecting password reset a...

OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions

Summary A trusted-proxy Control UI pairing bypass accepted client.id=control-ui without device identity checks. The bypass did not require operator role, so an authenticated node role session could connect unpaired and reach node event methods. Impact With trusted-proxy authentication enabled, a...

EUVD-2026-9289

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

Exploit for Code Injection in Anthropic Claude_Code

CVE-PENDING: MCP Tool Confirmation Prompt Misrepresentation in...

PT-2026-26405

Summary OpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar surfaces. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.22 so after npm release, the remaining action is to publis...

PT-2026-22761

Name of the Vulnerable Software and Affected Versions Nokia IMPACT versions through 19.11.2.10-20210118042150283 Description A Cross-Site Request Forgery CSRF issue exists in Nokia IMPACT. This allows a remote attacker to import and overwrite the entire application configuration. The issue is due...

PT-2026-22733

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

PT-2026-26415

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.21 Description OpenClaw versions before 2026.2.21 have an authentication bypass issue in the Control UI. This occurs when allowInsecureAuth is enabled and the gateway is exposed over plaintext HTTP, allowing...

GHSA-5GHC-98WH-GWWF OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read

Summary The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads. Affected Packages / Versions - Package: openclaw npm - Latest published...

CVE-2026-0013

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-28272

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...