366819 matches found
CVE-2026-53852 OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing
OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope se...
CVE-2026-53850 OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command
OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority,...
CVE-2026-53851 OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass
OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading ...
CVE-2026-53849 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change their display name to match a policy entry and gai...
CVE-2026-53848 OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers
OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to...
CVE-2026-53847 OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope
OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficien...
CVE-2026-53846 OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath
OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npmexecpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager...
CVE-2026-53844 OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search
OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that shoul...
CVE-2026-53845 OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping
OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy...
CVE-2026-53843 OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session
OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation...
CVE-2026-53842 OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable
OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDKPYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDKPYTHON variable to execute...
CVE-2026-53841 OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTML
OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link...
CVE-2026-53840 OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects
OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate sensitive headers lik...
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
...
CVE-2024-39575
updatediskpsubaseline.sh requires password in plain text...
CVE-2026-48775 LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify...
CVE-2026-10748 Nexus Repository 3 - Remote Code Execution via License Deserialization
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0...
CVE-2026-47749 stable-diffusion.cpp: Heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORTBINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...
CVE-2026-47748 stable-diffusion.cpp: Out-of-bounds reads in PyTorch checkpoint pickle opcode parsing
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...
CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord function by processing a specially crafted or very small XPM X PixMap image file. This improper validation of file boundaries can cause an internal pointer to read...
CVE-2026-47934 DNG SDK | Out-of-bounds Read (CWE-125)
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
CVE-2026-47963 DNG SDK | Out-of-bounds Read (CWE-125)
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
CVE-2026-47964 DNG SDK | Heap-based Buffer Overflow (CWE-122)
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-47927 DNG SDK | Out-of-bounds Read (CWE-125)
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
CVE-2024-38487
api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions...
CVE-2026-42089 yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...
CVE-2026-24228
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...
CVE-2026-24155
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2024-30476
PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...
CVE-2026-10649 Pacemaker: pacemaker: denial of service via integer overflow in remote message decompression
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...
CVE-2025-71261 Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control...
CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...
CVE-2024-24909
Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code...
CVE-2026-53776 Perry < 0.5.1166 JWT Expiration Bypass via verify_decode
Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...
CVE-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation
To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...
CVE-2024-22451
Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...
CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names
A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...
CVE-2026-47684 Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed ...
CVE-2026-0647 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...
CVE-2026-0646 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...
CVE-2026-48780 Forem vulnerable to bypass of email address domain restrictions
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...
CVE-2024-22447
Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution...
CVE-2025-14272 Rockwell Automation FactoryTalk Analytics PavilionX
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...
CVE-2025-13036 Rockwell Automation FactoryTalk Historian Site Edition - Authentication Bypass
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token...
CVE-2026-10831 Improper Authorization of Break Signal Commands in Devices
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...
CVE-2026-9307 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attack...
CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities
A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...
CVE-2026-10640 Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)
Zephyr's IPv6 Neighbor Discovery send paths netipv6sendna, netipv6sendns, netipv6sendrs in subsys/net/ip/ipv6nbr.c updated the per-interface ICMP-sent statistics by calling netpktifacepkt after netsenddatapkt had already returned successfully. On the success path the network stack owns and releas...
CVE-2026-10639 Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`
In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...
CVE-2026-10638 Use-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or error
subsys/net/ip/icmpv6.c reads the network interface from a netpkt after that packet has been handed to nettrysenddata. In icmpv6handleechorequest and neticmpv6senderror, the post-send statistics update calls netpktifacereply/netpktifacepkt on the just-sent packet. The send path nettrysenddata -...