CVE-2026-44117

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...

CVE-2025-40073

CVE-2025-40073 affects the Linux kernel DRM MSM driver. The issue occurs when validating SSPP for the current plane while it is not yet associated with an SSPP, leading to a NULL pointer dereference in multirect handling. The problem is documented in the kernel patch, and a fix was released (patc...

UBUNTU-CVE-2024-26649

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpuucoderequest. There will be a null pointer error i...

Rocket.Chat: TOTP 2 Factor Authentication Bypass

Summary Two Factor Authentication can be bypassed when telling the server to use CAS during login. Description The 2FA Login Handler skips validation when it finds CAS enabled. When the clients sends the option among the login request, the login proceeds without validation of a second factor. In...

wolfSSL 数据伪造问题漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL that stems from incorrectly skipping OCSP validation under certain circumstances containing extraneous...

Possible Input Validation Circumvention in Active Model

There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1 Impact ------ Code that uses...