90509 matches found
The vulnerability of the configuration tools.exec.security=allowlist in the AI agent OpenClaw (previously – ClawdBot or MoltBot) allows a violator to execute arbitrary commands.
The vulnerability of the “tools.exec.security=allowlist” configuration in the AI agent OpenClaw previously – ClawdBot or MoltBot is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the interaction platform between users and large language models like ParisNeo/lollms, related to incorrect session duration, allows attackers to gain access to user accounts.
The vulnerability of the ParisNeo/lollms platform for user interaction with large language models is related to an incorrect session duration. Exploiting this vulnerability can allow a remote attacker to gain access to the user’s account...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) arises from the failure to take measures to neutralize special elements, allowing the intruder to execute arbitrary commands.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Routing Protocol Demon (RPD) in Juniper Networks’ Junos operating system, which allows a hacker to cause a service failure.
The vulnerability of the Routing Protocol Data RPD of Juniper Networks’ Junos operating system is related to an incorrect order of bytes. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of embedded software developed by Qualcomm, related to the execution of operations outside the buffer in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of embedded software developed by Qualcomm relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of embedded Qualcomm microprogramming software, related to buffer overflows in dynamic memory, allows attackers to cause memory corruption.
The vulnerability of embedded Qualcomm software is related to the overflow of buffers in dynamic memory. Exploiting this vulnerability can allow an attacker to cause memory corruption...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) arises from the lack of authentication for critical functions. This allows attackers to bypass existing security mechanisms and gain unauthorized access to protected information.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to the lack of authentication for critical functions. Exploiting this vulnerability allows a hacker to bypass existing security mechanisms and gain unauthorized access to protected information...
The vulnerability of embedded software developed by Qualcomm, related to the execution of operations outside the buffer in memory, allows attackers to cause memory corruption.
The vulnerability of embedded software developed by Qualcomm relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause damage to the memory...
The vulnerability of the system() function in microprogrammed routing devices like EDIMAX BR-6208AC allows attackers to escalate their privileges and execute arbitrary commands.
The vulnerability of the system function in microprogrammed routing devices like EDIMAX BR-6208AC lies in the lack of measures taken to clean data at the control level when processing the parameter pppUserName. Exploiting this vulnerability can allow a malicious actor to enhance their privileges...
The vulnerability of the N8n automation platform, related to improper code generation management, allows a perpetrator to execute arbitrary code.
The vulnerability of the N8n automation platform for work processes is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) relates to the implementation or modification of arguments, allowing a perpetrator to execute arbitrary commands.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to the exploitation or modification of arguments. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Maxthon3 browser lies in the insufficient protection of the web page structure, allowing attackers to execute arbitrary code.
The vulnerability of the Maxthon3 browser is related to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the cluster synchronization protocol used by Wazuh Manager, a platform for security monitoring and threat detection. This vulnerability allows attackers to escalate their privileges.
The vulnerability of the cluster synchronization protocol used by Wazuh Manager, a platform for security monitoring and threat detection, is related to an incorrect limitation on the path name to the catalog. Exploiting this vulnerability can allow a malicious actor to increase their privileges...
The vulnerability of the database synchronization module of Wazuh Database, a security monitoring and threat detection platform for Wazuh, allows a malicious actor to cause a service failure and execute arbitrary code.
The vulnerability of the database synchronization module of the Wazuh Database platform for security monitoring and threat detection involves an operation that goes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures and execute...
The vulnerability of the generate_keypair() function in the application programming interface of the Wazuh security monitoring and threat detection platform allows a malicious actor to cause a service failure.
The vulnerability of the generatekeypair function in the application programming interface of the Wazuh security monitoring and threat detection platform is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the zhAclCheck() function in the OpenEMR medical documentation system, related to deficiencies in the authentication process, allows a violator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the zhAclCheck function in the OpenEMR medical documentation system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protected information...
The vulnerability of the OpenEMR system for medical documentation, related to insufficient validation of requests on the server side, allows a hacker to perform a SRF attack.
The vulnerability of the OpenEMR system for medical documentation is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to execute a SRF attack remotely...
The vulnerability of the OpenEMR system for managing medical documents, related to bypassing authentication using a user-controlled key, allows a perpetrator to compromise the confidentiality of protected information.
The vulnerability of the OpenEMR system for managing medical documents involves bypassing authentication using a key controlled by the user. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality of the protected information...
The vulnerability of the axios library, related to insufficient validation of requests on the server side when processing NO_PROXY rules, allows attackers to execute SSRF attacks.
The vulnerability of the axios library is related to insufficient validation of requests on the server side when processing NOPROXY rules. Exploiting this vulnerability allows a remote attacker to perform an SSRF attack...
The vulnerability of the nlattr_to_sctp() function in Linux operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the nlattrtosctp function in Linux operating systems is related to reading data beyond the permitted range of memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability in the src/daemon/schtasks.ts script of the AI agent OpenClaw (previously known as ClawdBot or MoltBot) allows a perpetrator to execute arbitrary commands.
The vulnerability in the src/daemon/schtasks.ts script of the AI agent OpenClaw previously known as ClawdBot or MoltBot relates to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a perpetrator to execute arbitrary commands...
The vulnerability of embedded software developed by Qualcomm, related to buffer overflows in the stack, allows attackers to cause memory corruption.
The vulnerability of embedded software developed for Qualcomm chips is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause memory corruption...
The vulnerability of the Power Management IC microprogramming software in Qualcomm’s embedded chips allows a hacker to trigger memory corruption.
The vulnerability of the Power Management IC microprogramming software in Qualcomm’s embedded chips lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to cause memory corruption...
The vulnerability of embedded software developed by Qualcomm, related to the execution of operations outside the buffer in memory, allows attackers to cause memory corruption.
The vulnerability of embedded software developed by Qualcomm relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause damage to the memory...
The vulnerability of embedded software developed by Qualcomm, related to the execution of operations outside the buffer in memory, allows attackers to cause memory corruption.
The vulnerability of embedded software developed by Qualcomm relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause damage to the memory...
The vulnerability of embedded software developed by Qualcomm, related to the execution of operations outside of the buffer in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of information.
The vulnerability of embedded Qualcomm software is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of information...
The vulnerability of embedded software developed by Qualcomm, related to the possibility of using memory after release, allows a hacker to cause memory corruption.
The vulnerability of embedded software developed for Qualcomm chips lies in the possibility of exploiting memory after it is freed. Exploiting this vulnerability can allow an attacker to cause memory corruption...
The vulnerability of the os.tmpdir() function in the /feishu/src/media.ts script of the AI agent OpenClaw (formerly ClawdBot or MoltBot) allows a violator to write any files they desire.
The vulnerability of the os.tmpdir function in the /feishu/src/media.ts script of the AI agent OpenClaw previously known as ClawdBot or MoltBot is related to an incorrect restriction on the path name of the temp directory. Exploiting this vulnerability allows a remote attacker to write arbitrary...
The vulnerability of the BlueBubbles plugin for the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) allows a hacker to bypass existing security mechanisms.
The vulnerability of the BlueBubbles plugin for the AI agent OpenClaw previously known as ClawdBot or MoltBot is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms remotely...
The vulnerability of the formWISP5G() function (/goform/formWISP5G) of the Belkin F9K1122 Wi-Fi range extender software allows a intruder to execute arbitrary code.
The vulnerability of the formWISP5G function /goform/formWISP5G of the Belkin F9K1122 Wi-Fi range extender software relates to the reading of data beyond the buffer in memory during the processing of the webpage parameter. Exploiting this vulnerability could allow a malicious actor to execute...
The vulnerability of the SandboxJS library lies in the uncontrolled modification of prototype attributes of objects, allowing attackers to execute arbitrary code.
The vulnerability of the SandboxJS library is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the allowlist mode of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) allows a violator to bypass existing security mechanisms.
The vulnerability of the allowlist mode of the AI agent OpenClaw formerly ClawdBot or MoltBot is related to the use of an incomplete black list. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms remotely...
The vulnerability of the g_base64_encode_close() function within the GLib library allows a attacker to cause a service failure.
The vulnerability of the gbase64encodeclose function in the GLib library is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to cause a service failure...
The vulnerability of the get_tagfname() function in the src/tag.c file of the Vim text editor allows a hacker to execute arbitrary code.
The vulnerability of the gettagfname function in the src/tag.c file of the Vim text editor is related to buffer overflows during the processing of the helpfile parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the lasso_node_impl_init_from_xml() function in the Lasso library allows a hacker to execute arbitrary code.
The vulnerability of the lassonodeimplinitfromxml function in the Lasso library is related to errors in data type mixing. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by sending specially crafted SAML packets...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) arises from insufficient validation of requests on the server side. This allows attackers to execute SSRF attacks.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the Track::load() function in the stsz/stts component of the file format decoding and encoding library libheif allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Track::load function in the stsz/stts component of the file format decoding and encoding library libheif is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protect...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) arises from the improper handling of symbolic links before accessing a file. This vulnerability allows attackers to write arbitrary files.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to the improper handling of symbolic links before accessing a file. Exploiting this vulnerability allows an attacker to write arbitrary files...
The vulnerability of the decoder in the Security Configuration Assessment (SCA) platform for security monitoring and threat detection by Wazuh allows a perpetrator to trigger a service failure and execute arbitrary code.
The vulnerability of the Security Configuration Assessment SCA platform for monitoring security and detecting threats via Wazuh is related to an operation that occurs outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures and execute...
The vulnerability of the OpenEMR system for managing medical documents, related to the failure to take measures to neutralize certain elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of the OpenEMR system for medical documentation lies in the lack of measures to neutralize certain special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the Python programming language-based UltraJSON package lies in the lack of memory release after the effective lifespan, which allows a malicious actor to trigger a service failure.
The vulnerability of the Python programming language-based UltraJSON package is related to the lack of memory release after the effective lifespan of the package. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the software interface of the tool for creating and deploying agents and working processes in Langflow allows a perpetrator to execute arbitrary code.
The vulnerability of the software interface of the tool for creating and deploying agents and processes of Langflow is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the protectWhitespace() function in the FTP-client library basic-ftp of the Node.js software platform allows a hacker to execute arbitrary commands.
The vulnerability of the protectWhitespace function in the FTP-client library of the Node.js software platform’s basic-ftp library is related to the failure to take measures to neutralize CRLF sequences. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...
The vulnerability of the JavaScript library for creating dynamic and interactive Billboard.js charts lies in the uncontrolled modification of prototype attributes of objects. This allows attackers to execute arbitrary code and cause service failures.
The vulnerability of the JavaScript library for creating dynamic and interactive Billboard.js charts is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service interruptions...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) in Windows operating systems arises from the failure to take measures to neutralize special elements. This vulnerability allows a perpetrator to execute arbitrary commands.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot in Windows operating systems is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a hacker to execute arbitrary commands...
The vulnerability of the portal_login_username() function in the OpenEMR medical documentation system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the portalloginusername function in the OpenEMR medical documentation system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the g_buffered_input_stream_peek() function within the GLib library allows a hacker to cause a service failure.
The vulnerability of the gbufferedinputstreampeek function in the GLib library is related to integer overflow. Exploiting this vulnerability allows a remote attacker to cause a service failure...
The vulnerability in the web panel 3x-ui, related to the lack of protection for the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the 3x-ui web panel is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code...
The vulnerability of the bytestring_parse() and string_parse() functions in the GLib library allows a hacker to cause a service failure.
The vulnerability of the bytestringparse and stringparse functions in the GLib library library set is related to integer overflow. Exploiting this vulnerability allows a remote attacker to cause a service failure...
The vulnerability of the monitoring, analysis, and automatic issue resolution platform of Palo Alto Networks Autonomous Digital Experience Manager is related to errors in the certificate validation process. This allows attackers to escalate their privileges and execute arbitrary code.
The vulnerability of the monitoring, analysis, and automatic issue resolution platform used by Palo Alto Networks Autonomous Digital Experience Manager is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker to enhance their privileges and...