Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
•added 2026/03/03 5:39 p.m.•9 views

OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter

Summary Multiple Reflected Cross-Site Scripting XSS vulnerabilities in OpenSTAManager v2.9.8 allow unauthenticated attackers to execute arbitrary JavaScript code in the context of other users' browsers through crafted URL parameters, potentially leading to session hijacking, credential theft, and...

6.1CVSS6.3AI score0.00245EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 4:44 p.m.•7 views

Rancher Backup Operator pod's logs leak S3 tokens

Impact A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs. Specifically, the S3 accessKey and secretKey are exposed in the pod's logs under the following logging lev...

6.8CVSS5.8AI score0.0034EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 3:31 p.m.•8 views

OpenViking contains a Path Traversal vulnerability

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 3:31 p.m.•7 views

Django has a Race Condition vulnerability

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

3.7CVSS5.9AI score0.00341EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 3:31 p.m.•8 views

Django vulnerable to Uncontrolled Resource Consumption

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

7.5CVSS6AI score0.00734EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 2:52 p.m.•11 views

Rancher cloud credentials can be used through proxy API by users without access

A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated through the Rancher API. Specifically through a proxy designed to communicate with cloud providers. Any Rancher user that was logged-in and aware o...

9.9CVSS7.1AI score0.00832EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 2:51 p.m.•13 views

Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user

Impact The restricted pod security policy PSP, provided in Rancher versions from 2.0 up to and including 2.6.3, has a deviation from the upstream restricted policy provided in Kubernetes, in which Rancher's PSP has runAsUser set to runAsAny, while upstream has runAsUser set to MustRunAsNonRoot...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 2:50 p.m.•15 views

Rancher's weave CNI password is not configured when a cluster is created from an RKE template

Impact This vulnerability only affects customers using Weave CNI Container Network Interface when configured through RKE templates. A flaw was discovered in Rancher versions from 2.5.0 up to and including 2.5.13 and from 2.6.0 up to and including 2.6.4, where a UI user interface issue with RKE...

6.8CVSS6.7AI score0.00369EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 2:50 p.m.•14 views

Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation through cluster role template binding CRTB and project role template binding PRTB. This issue does not affect the local cluster, it affects onl...

9.1CVSS7AI score0.00844EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 2:49 p.m.•8 views

Rancher doesn't properly sanitize credentials in cluster template answers

Impact It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3 there is a failure to properly sanitize credentials in cluster template answers. This failure can lead to plaintext storage and exposure of credentials, passwords and API tokens. The exposed credentials are...

9.9CVSS7.1AI score0.00671EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 2:48 p.m.•12 views

Rancher's Azure AD permission changes are not reflected on active sessions

A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or ar...

8.8CVSS7.1AI score0.00454EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 12:31 p.m.•9 views

Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 12:31 p.m.•9 views

Apache Ranger has a Code Injection vulnerability

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

9.8CVSS6AI score0.01244EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 6:31 a.m.•8 views

mailparser vulnerable to Cross-site Scripting

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 6:31 a.m.•6 views

@tootallnate/once vulnerable to Incorrect Control Flow Scoping

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS5.9AI score0.00112EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 12:41 a.m.•10 views

OpenClaw: macOS optional allowlist basename matching could bypass path-based policy

Summary On macOS node-host, optional exec-approval allowlist mode previously treated basename-only entries for example echo as trusted command matches. This could allow a same-name local binary for example ./echo to run without approval under security=allowlist + ask=on-miss. Scope / Precondition...

7.8CVSS5.9AI score0.00122EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 12:40 a.m.•10 views

OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Summary system.run allowed SHELLOPTS + PS4 environment injection to trigger command substitution during bash -lc xtrace expansion before the allowlisted command body executed. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.21-2 includes latest published npm version at...

7.5CVSS5.8AI score0.0053EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 12:40 a.m.•5 views

OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy

Summary A paired node device could reconnect with spoofed platform/deviceFamily metadata and broaden node command policy eligibility because reconnect metadata was accepted from the client while these fields were not bound into the device-auth signature. Affected Packages / Versions - Package:...

8.6CVSS6AI score0.0019EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 12:39 a.m.•7 views

OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 12:38 a.m.•4 views

OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants

Vulnerability The hook authentication throttle keyed failed attempts by raw socket remoteAddress text. IPv4 and IPv4-mapped IPv6 forms of the same client for example 1.2.3.4 and ::ffff:1.2.3.4 were treated as different clients, allowing separate rate-limit buckets. Impact An attacker could split...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/03 12:20 a.m.•10 views

OpenClaw's avatar symlink traversal can expose out-of-workspace local files

Summary OpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar surfaces. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.22 so after npm release, the remaining action is to publis...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 11:37 p.m.•16 views

OpenClaw has a sandbox network isolation bypass via docker.network=container:<id>

Summary In [email protected], sandbox network hardening blocks network=host but still allows network=container:. This can let a sandbox join another container's network namespace and reach services available in that namespace. Preconditions and Trust Model Context This issue requires a...

9.8CVSS6AI score0.00265EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 11:35 p.m.•13 views

OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind

Summary For host=node executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in cwd while preserving the visible cwd string. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.26 planned next npm release Impact A command...

6.9CVSS6AI score0.00095EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 11:34 p.m.•10 views

OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset

Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was...

7.1CVSS6AI score0.00372EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 11:33 p.m.•15 views

OpenClaw: system.run approval identity mismatch could execute a different binary than displayed

Summary system.run approvals in OpenClaw used rendered command text as the approval identity while trimming argv token whitespace. Runtime execution still used raw argv. A crafted trailing-space executable token could therefore execute a different binary than what the approver saw. Affected...

6.5CVSS6.2AI score0.0029EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 11:32 p.m.•15 views

OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval

Summary OpenClaw Gateway exposes an authenticated HTTP endpoint POST /tools/invoke intended for invoking a constrained set of tools. Two issues could combine to significantly increase blast radius in misconfigured or exposed deployments: - The HTTP gateway layer did not deny high-risk session...

6.1AI score
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 11:24 p.m.•14 views

OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway

Summary A remote code execution RCE vulnerability in the gateway-to-node invocation path allowed an authenticated gateway client to bypass node-host exec approvals by injecting internal control fields into node.invoke parameters. Affected Component - Gateway method: node.invoke for node command...

9.9CVSS6.7AI score0.0042EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 11:23 p.m.•9 views

OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands

Summary A path traversal Zip Slip issue in archive extraction during explicit installation commands could allow a crafted archive to write files outside the intended extraction directory. Affected Packages / Versions - Package: openclaw npm - Affected versions: =2026.1.16-2 2026.2.14 - Fixed...

6.8CVSS6.3AI score0.00152EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:51 p.m.•11 views

OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace

Overview In affected versions, OpenClaw’s sandbox skill mirroring used the skill’s frontmatter name as part of the destination path when copying skills into the sandbox workspace. A crafted skill name containing traversal segments for example ../ or an absolute path could cause the copy to write...

7.9CVSS5.9AI score0.00134EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:43 p.m.•11 views

OpenClaw has non-constant-time token comparison in hooks authentication

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

8.2CVSS5.9AI score0.00386EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:43 p.m.•9 views

OpenClaw: Config writes could persist resolved ${VAR} secrets to disk

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

6.3CVSS5.9AI score0.00284EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:40 p.m.•22 views

OpenClaw has Zip Slip path traversal in tar archive extraction

Summary OpenClaw versions before 2026.2.14 did not sufficiently validate TAR archive entry paths during extraction. A crafted archive could use path traversal sequences for example ../../... to write files outside the intended destination directory Zip Slip. Affected Packages / Versions - Package...

9.8CVSS6AI score0.00409EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:40 p.m.•17 views

OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...

8.8CVSS6.4AI score0.00639EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:40 p.m.•8 views

OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows

Summary In approval-enabled host=node workflows, system.run approvals did not always carry a strict, versioned execution-context binding. In uncommon setups that rely on these approvals as an integrity guardrail, a previously approved request could be reused with changed env input. Affected...

6.5CVSS6AI score0.00191EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:39 p.m.•17 views

OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure

Summary @openclaw/voice-call and the bundled copy shipped in openclaw accepted media-stream WebSocket upgrades before stream validation. In reachable deployments, unauthenticated pre-start sockets could be held open and increase resource pressure. Affected Packages / Versions - openclaw npm:...

8.7CVSS6AI score0.00426EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/02 10:32 p.m.•9 views

OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels

Summary OpenClaw did not consistently enforce configured inbound media byte limits before buffering remote media in several channel ingestion paths. A remote sender could trigger oversized downloads and memory pressure before rejection. Affected Packages / Versions - Package: openclaw npm -...

8.7CVSS6AI score0.00543EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:32 p.m.•6 views

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

ZDI-CAN-29312: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: OpenClaw - OpenClaw -- VULNERABILITY DETAILS...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:30 p.m.•12 views

OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c)

Summary OpenClaw exec approvals could be bypassed in allowlist mode when allow-always was granted through unrecognized multiplexer shell wrappers notably busybox sh -c and toybox sh -c. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.22-2 - Latest published vulnerable...

7.1CVSS6AI score0.00333EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:29 p.m.•9 views

OpenClaw: Node exec approvals could be replayed across nodes

Summary exec.approval requests for host=node were not explicitly bound to the target nodeId, so an approval intended for one node could be replayed for a different node under the same operator-controlled gateway fleet. Impact An operator approval for a system.run request could be reused across...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:20 p.m.•9 views

OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution

Summary In openclaw npm releases up to and including 2026.2.21-2, approving wrapped system.run commands with allow-always in security=allowlist mode could persist wrapper-level allowlist entries and enable later approval-bypass execution of different inner payloads. Affected Packages / Versions -...

7.2CVSS6.1AI score0.00431EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:19 p.m.•8 views

OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read

Summary The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads. Affected Packages / Versions - Package: openclaw npm - Latest published...

5.5CVSS5.9AI score0.00131EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:18 p.m.•9 views

OpenClaw has browser trace/download path symlink escape in temp output handling

Summary Browser trace/download output path handling allowed symlink-root and symlink-parent escapes from the managed temp root. Affected Packages / Versions - Package: openclaw npm - Latest published npm version: 2026.2.24 - Affected versions: = 2026.2.24 - Planned patched release: 2026.2.25 Impa...

7.8CVSS6AI score0.00126EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:17 p.m.•10 views

OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction

Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...

8.2CVSS5.9AI score0.00311EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:17 p.m.•13 views

OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains

Summary In the macOS companion app currently beta, a parsing mismatch in exec approvals could let shell-chain payloads pass allowlist checks in system.run under specific settings. Impact This path requires all of the following: - authenticated caller with operator.write - paired macOS beta node...

6.4CVSS6AI score0.00291EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:15 p.m.•9 views

OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments

Summary A Windows system.run approval-integrity mismatch in the cmd.exe /c path could allow trailing arguments to execute while approval/audit text reflected only a benign command string. This requires an authenticated operator context using the approvals flow and a trusted Windows node. Affected...

8.8CVSS6.2AI score0.00406EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:14 p.m.•9 views

OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage

Summary In OpenClaw 2026.2.25, Signal group authorization under groupPolicy=allowlist could accept sender identities sourced from DM pairing-store approvals. This allowed DM pairing approvals to leak into group allowlist evaluation. Impact This is an authorization-boundary weakness between DM...

4.6CVSS5.9AI score0.00152EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:9 p.m.•11 views

@keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:4 p.m.•7 views

`melange update-cache` has unbounded HTTP download that can exhaust disk in CI

melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cause unbounded disk writes, exhausting disk on the build runner. Affected versions = 0.40.5. Fix: Merge...

4.3CVSS7.1AI score0.00226EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:3 p.m.•7 views

pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. Patches This has been fixed in pypdf==6.7.5. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3666...

6.9CVSS5.8AI score0.00399EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/02 10:3 p.m.•6 views

OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind

Summary For host=node runs, approvals validated command context but did not pin executable identity for non-path-like argv0 tokens for example tr. If PATH resolution changed after approval, execution could run a different binary. Impact A previously approved action could execute a different...

6.7CVSS6.2AI score0.00091EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33227