91 matches found
CVE-2026-47195 Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...
PT-2026-45051
Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...
CVE-2026-44838 RabbitMQ MQTT Topic Permission Authorization Bypass
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability. This vulnerability stems from the submitpassword method bypassing the viewfile permission checks, which may allow unauthorized access to files...
CVE-2026-42579
Summary: CVE-2026-42579 affects the Netty framework’s DNS codec. Affected versions: prior to 4.2.13.Final and 4.1.133.Final. Root cause: DNS encoding/decoding did not enforce RFC 1035 domain name constraints. Impact: potential bidirectional attack surface via malicious DNS responses (decoder) or ...
CVE-2026-44167
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...
EUVD-2026-26045
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
ALPINE-CVE-2026-34582
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...
EUVD-2026-17504
Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value...
h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix)
Summary The EventStream class in h3 fails to sanitize carriage return \r characters in data and comment fields. Per the SSE specification, \r is a valid line terminator, so browsers interpret injected \r as line breaks. This allows an attacker to inject arbitrary SSE events, spoof event types, an...
OpenClaw has a IPv6 multicast SSRF classifier bypass
Summary OpenClaw's SSRF IP classifier did not treat IPv6 multicast literals ff00::/8 as blocked/private-internal. This allowed literal multicast hosts to pass SSRF preflight checks. Impact A bypass in address classification existed for IPv6 multicast literals. OpenClaw's network fetch/navigation...
CVE-2020-10839
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Attackers can bypass Factory Reset Protection FRP via a SIM card. The Samsung ID is SVE-2019-16193 February 2020...
EUVD-2017-17443
Malware in sbrugna...
EUVD-2017-12917
Malware in sbrugna...
EUVD-2020-29038
Malware in sbrugna...
EUVD-2002-1222
Malware in sbrugna...
EUVD-2022-4383
Malicious code in bioql PyPI...
EUVD-2024-26109
Malicious code in bioql PyPI...
EUVD-2022-6789
Malicious code in bioql PyPI...
EUVD-2023-57171
Malicious code in bioql PyPI...