CVE-2026-7786

The CVE-2026-7786 affects Jinan USR IOT’s USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter. The firmware image contains plaintext administrative credentials that can be extracted via firmware analysis and used to authenticate to device services, enabling administrator access. Reported CVSS v3.1 sco...

USR-W610 信任管理问题漏洞

USR-W610 is an industrial-grade serial-to-Wi-Fi networking module developed by USR. The USR-W610 has a trust management vulnerability, which stems from the inclusion of plaintext management credentials in the firmware. This vulnerability could allow credentials to be extracted through firmware...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: tipc: fix an information leak in tipctopsrvkernsubscr Use an 8-byte write to initialize sub.usrhandle in tipctopsrvkernsubscr, otherwise four bytes remain uninitialized when issuing setsockopt..., SOLTIPC, .... This resulted in a...

GHSA-QM9X-V7CX-7RQ4 OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper

Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-...

CVE-2026-32023

OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attackers can exploit this by chaining multiple dispatch wrappers like /usr/bin/env to execute /bin/sh...

CVE-2026-33194

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocke...

CVE-2026-32009

OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can...

CVE-2026-26048 Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a...

CVE-2026-24455

CVE-2026-24455 affects the embedded web interface of the Jinan USR IOT USR-W610. The interface does not support HTTPS/TLS and relies on HTTP Basic Authentication, meaning credentials are encoded but not encrypted and can be captured by anyone on the same network. Impact described in sources inclu...

Jinan USR IOT USR-W610 安全漏洞

Jinan USR IOT USR-W610 is a serial-to-Ethernet converter developed by Jinan USR IOT. There is a security vulnerability in the Jinan USR IOT USR-W610. This vulnerability stems from the fact that the embedded Web interface of the device does not support HTTPS/TLS authentication and uses HTTP basic...

Jinan USR IOT USR-W610 安全漏洞

Jinan USR IOT USR-W610 is a serial-to-Ethernet converter produced by the Jinan USR IOT company. There is a security vulnerability in the Jinan USR IOT USR-W610; this vulnerability stems from allowing administrator username and password values to be set to null, which may allow unauthenticated...

EUVD-2020-30944

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

CVE-2020-37033 Infor Storefront B2B 1.0 - 'usr_name' SQL Injection

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

CVE-2020-37033

CVE-2020-37033 is corroborated by PT-2026-5474, which documents an SQL injection in Infor Storefront B2B 1.0 through the login endpoint via the usr name parameter. The root cause is unsafely constructed SQL in the login flow which can lead to arbitrary query manipulation and potential data exposu...

EUVD-2026-3642

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001819)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001819 advisory. arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA...

CVE-2025-66265

CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...

CVE-2025-66265 Insecure permissions in configuration directory (C:\\usr)

CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...

MegaTec ClientMate 安全漏洞

MegaTec ClientMate is a power management software from Taiwan, China-based MegaTec. A security vulnerability exists in MegaTec ClientMate that stems from insecure permissions in the C:\usr directory, which could lead to configuration file replacement or DLL hijacking...

CVE-2022-50531

The CVE-2022-50531 issue is in the Linux kernel Tipc subsystem where an 4-byte portion of sub.usr_handle remained uninitialized when handling setsockopt for SOL_TIPC, causing a kernel infoleak detected by KMSAN. The fixed version initializes sub.usr_handle with an 8-byte write in tipc_topsrv_kern...