CVE-2026-54106

CVE-2026-54106 affects the U.S. GAO EPDS and CBCA EDS login flow, where X-Forwarded-For headers are not validated. The underlying issue allows a remote attacker who has compromised administrator credentials to bypass network access controls and log in, potentially gaining access to restricted doc...

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

Duplicate Advisory: Host environment sanitizer missed two Node.js control variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ccwh-wwpp-6wg5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that...

CVE-2026-53864

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...

CVE-2026-53864 OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...

CVE-2026-53864 OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...

Path Traversal

tmp is vulnerable to Path Traversal. The vulnerability is due to insufficient validation in assertPath, which only checks string inputs for .. and can be bypassed using non-string values such as Arrays, Buffers, or objects. Attacker-controlled values supplied to prefix, postfix, or template can...

Exploit for Improper Encoding or Escaping of Output in Cisco Catalyst_Sd-Wan_Manager

🚨 CVE-2026-20245 - Cisco Catalyst SD-WAN Manager Privilege Esc...

CVE-2026-54228

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

CVE-2026-44894

A flaw was found in Netty, specifically within the netty-codec-classes-quic component's NoQuicTokenHandler. A remote attacker can exploit this vulnerability by sending an Initial packet with any non-empty token bytes and a spoofed victim's IP address. This improper token validation causes the Net...

CVE-2026-54393

A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal, bypassing the normal setSetting validation logic, including validatehomepage, which requires homepage...

EUVD-2026-35402

TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework...

CVE-2026-44894 Netty's Default QUIC token handler accepts any client-supplied token

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

Exploit for CVE-2026-8809

CVE-2026-8809 Advanced Custom Fields: Extended = 0.9.2.5 -...

PT-2026-48995

A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal, bypassing the normal setSetting validation logic, including validate homepage, which requires homepage...

CVE-2026-45175 Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker ...

CVE-2026-45175 Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker ...

CVE-2026-45175

Idira Endpoint Privilege Manager Agent versions prior to 26.5 are affected by an improper access control in internal agent validation, potentially allowing a local attacker to bypass built‑in security controls and cryptographic validations, bypass agent self‑defense, and execute unauthorized oper...

GHSA-2GR4-PPC7-7MHX CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...