33225 matches found
OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Summary openclaw had a workspace boundary bypass in workspace-only path validation: when an in-workspace symlink pointed outside the workspace to a non-existent leaf, the first write could pass validation and create the file outside the workspace. Affected Packages / Versions - Package: openclaw...
OpenClaw: LINE group allowlist scope mismatch with DM pairing-store entries
Summary In specific LINE configurations, sender IDs approved through DM pairing could also satisfy group allowlist checks when operators expected group sender access to be scoped only to explicit group allowlists. Affected Packages / Versions - Package: openclaw npm - Latest published version at...
OpenClaw's MS Teams sender allowlist bypass when route allowlist is configured and sender allowlist is empty
OpenClaw's Microsoft Teams plugin widened group sender authorization when a team/channel route allowlist was configured but groupAllowFrom was empty. Before the fix, a matching route allowlist entry could cause the message handler to synthesize wildcard sender authorization for that route, allowi...
OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path
OpenClaw's skills download installer validated the intended per-skill tools root lexically, but later reused that mutable path while downloading and copying the archive into place. If a local attacker could rebind that tools-root path between validation and the final write, the installer could be...
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution
OpenClaw's system.run approval flow did not bind mutable interpreter-style script operands across approval and execution. A caller could obtain approval for an execution such as sh ./script.sh, rewrite the approved script before execution, and then execute different content under the previously...
OliveTin's email argument makes compliance harder, enables log injection
Summary The typeSafetyCheckEmail function in service/internal/executor/arguments.go calls log.Errorf on every invocation including when validation succeeds err == nil. This means every email address submitted by any user is written to the application's ERROR-level log unconditionally. Because the...
OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream
Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control...
Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause
Impact An attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause that references a protected field including via dot-notation or $regex, the attacker can observe whether LiveQuery events are delivere...
Tornado is vulnerable to DoS due to too many multipart parts
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart...
Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity
The link.href check in makeTagSafe safe.ts, line 68-71 uses String.includes, which is case-sensitive: typescript if key === 'href' if val.includes'javascript:' || val.includes'data:' return nextkey = val Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as...
Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...
ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation
A 32-bit unsigned integer overflow in the XWD X Windows encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. ================================================================= ==741961==ERROR: AddressSanitizer:...
ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage
A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. ================================================================= ==661320==ERROR: AddressSanitizer:...
ImageMagick has Heap Buffer Over-Read in BilateralBlurImage
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. ================================================================= ==676172==ERROR: AddressSanitizer:...
ImageMagick has heap-based buffer overflow in UHDR encoder
A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. ================================================================ ==2158399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000039500 at pc...
ImageMagick has stack buffer overflow in MagnifyImage
MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack...
devalue has prototype pollution in devalue.parse and devalue.unflatten
In devalue v5.6.3, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service DoS or type confusion...
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write
An integer overflow in DIB coder can result in out of bounds read or write...
ImageMagick has uninitialized pointer dereference in JBIG decoder
An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check...
ImageMagick has stack write buffer overflow in MNG encoder
A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. ==2265506==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec4971310 at pc 0x55e671b8a072 bp 0x7ffec4970f70 sp...
ImageMagick has heap use-after-free in the MSL encoder
A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage Shadow bytes around t...
ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder
A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. ================================================================= ==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc...
ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer
A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. WRITE of size 1 at 0x7e79f91f31a0 thread T0...
ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays
A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption...
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder
An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage...
Winter vulnerable to privilege escalation by authenticated backend users
Impact Affected versions of Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security...
ImageMagick: Heap overflow in pcd decoder leads to out of bounds read.
The pcd coder lacks proper boundary checking when processing Huffman-coded data. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. ==3900053==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000003c6c at pc 0x55601b9cc552 bp...
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
A heap buffer overflow write vulnerability exists in ReadYUVImage coders/yuv.c when processing malicious YUV 4:2:2 NoInterlace images. The pixel-pair loop writes one pixel beyond the allocated row buffer. ================================================================= ==204642==ERROR:...
ImageMagick has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage)
A heap out-of-bounds read vulnerability exists in the coders/dcm.c module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of...
ImageMagick: MSL - Stack overflow in ProcessMSLScript
Summary Magick fails to check for circular references between two MSLs, leading to a stack overflow. Details After reading a.msl using magick, the following is displayed: MSLStartElement - ReadImage - ReadMSLImage - ProcessMSLScript - xmlParseChunk - xmlParseTryOrFinish - MSLStartElement bash...
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption
A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed...
ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write.
A stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. ================================================================= ==278522==ERROR: AddressSanitizer: stack-buffer-overflow on address...
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization
SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...
Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references. Original Description A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function...
Duplicate Advisory: OpenClaw safeBins file-existence oracle information disclosure
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6c9j-x93c-rw6j. This link is maintained to preserve external references. Original Description A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of th...
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
Keycloak vulnerable to authorization bypass via the Admin API
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...
Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...
yauzl contains an off-by-one error
yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...
@whyour/qinglong: manipulation of the argument command leads to protection mechanism failure
A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...
xygeni-action v5 tag poisoned with C2 backdoor
Description On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the...
Tornado has incomplete validation of cookie attributes
Values passed to the domain, path, and samesite arguments of RequestHandler.setcookie were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes...
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their...
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to...
Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...
.NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 10.0. This advisory also provides guidance on what developers can do to update their...
Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...
Shopware vulnerable to a potential take over of app credentials
Summary We identified and fixed a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. By abusing app re‑registration, an attacker could redirect app traffic to an...
Shopware has user enumeration via distinct error codes on Store API login endpoint
Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...