33255 matches found
funadmin exposes sensitive information via getMember function
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...
funadmin has Incorrect Privilege Assignment in its Configuration Handler
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
Moodle has a Remote Code Execution risk via file restore
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available ...
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...
Apache Airflow error reporting may expose full kwargs
When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...
MLflow Use of Default Password Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The file contains hard-coded default credentials. An attacker can leverage...
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific fla...
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
Vulnerability The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE integrations that send unusually large inputs. Affected...
Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)
Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...
Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
Summary Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding or same-network access can issue DELETE requests...
AVideo has Stored Cross-Site Scripting via Markdown Comment Injection
Vulnerability Type Stored Cross-Site Scripting XSS — CWE-79. Affected Product/Versions AVideo 18.0. Root Cause Summary AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be...
Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
Impact Email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a previous send to leak into a subsequent one, potentially delivering content or recipient...
Traefik affected by TLS ClientAuth Bypass on HTTP/3
Summary There is a potential vulnerability in Traefik managing HTTP/3 connections. More details in the CVE-2025-68121. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.37 - https://github.com/traefik/traefik/releases/tag/v3.6.8 Workarounds No workaround For more information If you...
OpenClaw hardened cron webhook delivery against SSRF
Affected Packages / Versions - openclaw npm package versions = 2026.2.17. Vulnerability Cron webhook delivery in src/gateway/server-cron.ts used fetch directly, so webhook targets could reach private/metadata/internal endpoints without SSRF policy checks. Fix Commits - 99db4d13e - 35851cdaf Thank...
OpenClaw: Reject symlinks in local skill packaging script
Vulnerability skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the...
OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
Overview Discord moderation action handling timeout, kick, ban used sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. Impact In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin...
Sync-in Server has a stored cross-site scripting (XSS) vulnerability
A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...
Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames
Summary A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or credential-stuffing attacks. Details SWS validates the provided username...
Fickling has a detection bypass via stdlib network-protocol constructors
Our assessment imtplib, imaplib, ftplib, poplib, telnetlib, and nntplib were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/6d20564d23acf14b42ec883908aed159be7b9ade. The UnusedVariables heuristic works as expected. Original report Summary Fickling's checksafety...
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
Entity encoding bypass via regex injection in DOCTYPE entity names Summary A dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities , , &, ", ' with arbitrary values. This bypasses entity encoding and leads to...
bn.js affected by an infinite loop
This affects versions of the package bn.js before 4.12.3 and 5.2.3. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely...
Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped
Summary When verifying artifact signatures using a certificate, Cosign first verifies the certificate chain using the leaf certificate's "not before" timestamp and later checks expiry of the leaf certificate using either a signed timestamp provided by the Rekor transparency log or from a timestam...
Centrifugo v6.6.0 dependency vulnerabilities
Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...
OpenClaw safeBins file-existence oracle information disclosure
An information disclosure vulnerability in OpenClaw's tools.exec.safeBins approval flow allowed a file-existence oracle. When safe-bin validation examined candidate file paths, command allow/deny behavior could differ based on whether a path already existed on the host filesystem. An attacker cou...
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
Summary tools.exec.safeBins could be bypassed for filesystem access when sort output flags -o / --output or recursive grep flags were allowed through safe-bin execution paths. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.19 - Latest published version at triag...
Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer would instantiate any class specified in the @type field without restriction. When processing untrusted JSON input, this behavior may...
Dagu affected by unauthenticated RCE via inline DAG spec in default configuration
Summary Dagu's default configuration ships with authentication disabled. The POST /api/v2/dag-runs endpoint accepts an inline YAML spec and executes its shell commands immediately with no credentials required — any dagu instance reachable over the network is fully compromised by default. Details...
OpenClaw has a path traversal in apply_patch could write/delete files outside the workspace
Summary In affected versions, when applypatch was enabled and the agent ran without filesystem sandbox containment, crafted paths could cause file writes/deletes outside the configured workspace directory. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14 Details The...
Flask session does not add `Vary: Cookie` header when accessed in some ways
When the session object is accessed, Flask should set the Vary: Cookie header. This instructs caches not to cache the response, as it may contain information specific to a logged in user. This is handled in most cases, but some forms of access such as the Python in operator were overlooked. The...
Pannellum has a XSS vulnerability in hot spot attributes
Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...
Werkzeug safe_join() allows Windows special device names
Werkzeug's safejoin function allows Windows device names as filenames if when preceded by other path segments. This was previously reported as https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safejoin accepts...
Feathers exposes internal headers via unencrypted session cookie
All HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth service stores the complete headers object in the session: javascript //...
Feathers has an origin validation bypass via prefix matching
The origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed origin. The getAllowedOrigin function checks if the Referer header starts with any allowed origin: javascript //...
Feathers has an open redirect in OAuth callback enables account takeover
Description The redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to full account takeover, as the attacker obtains the victim's access token and can impersonate them. The application...
Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Summary A command injection vulnerability exists in Deno's node:childprocess implementation. Reproduction javascript import spawnSync from "node:childprocess"; import as fs from "node:fs"; // Cleanup try fs.unlinkSync'/tmp/rceproof'; catch // Create legitimate script...
Formwork Improperly Managed Privileges in User creation
Summary The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an...
Statamic affected by privilege escalation via stored cross-site scripting
Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...
CPU exhaustion in SvelteKit remote form deserialization (experimental only)
Versions of @sveltejs/kit prior to 2.52.2 with remote functions enabled are vulnerable to CPU exhaustion. Malformed form data can cause the server to become unresponsive while processing a request, resulting in denial of service. Only applications using both experimental.remoteFunctions and form...
Memory exhaustion in SvelteKit remote form deserialization (experimental only)
Versions of @sveltejs/kit prior to 2.52.2 with remote functions enabled can be vulnerable to memory exhaustion. Malformed form data can cause the server process to crash due to excessive memory allocation, resulting in denial of service. Only applications using both experimental.remoteFunctions a...
devalue affected by CPU and memory amplification from sparse arrays
Under certain circumstances, serializing sparse arrays using uneval or stringify could cause CPU and/or memory exhaustion. When this occurs on the server, it results in a DoS. This is extremely difficult to take advantage of in practice, as an attacker would have to manage to create a sparse arra...
devalue `uneval`ed code can create objects with polluted prototypes when `eval`ed
Under certain circumstances, unevaling untrusted data can produce output code that will create objects with polluted prototypes when later evaled, meaning the output data can be a different shape from the input data...
D-Tale affected by Remote Code Execution through the /save-column-filter endpoint
Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.20.0. Workarounds There are no workarounds for versions 3.20.0...
Svelte SSR attribute spreading includes inherited properties from prototype chain
In server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a precondition outside of Svelte's control — this can cause unexpect...
Prototype pollution in swiper
Summary A prototype pollution vulnerability exists in the the npm package swiper =6.5.1, -1; let obj = ; var maliciouspayload = '"proto":"polluted":"yes"'; console.log.polluted; swiper.default.extendDefaultsJSON.parsemaliciouspayload; console.log.polluted; // prints yes - indicating that the patc...
eBay API MCP Server Affected by Environment Variable Injection
The ebaysetusertokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration fil...
PyO3 has type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature
PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...
Hono added timing comparison hardening in basicAuth and bearerAuth
Summary The basicAuth and bearerAuth middlewares previously used a comparison that was not fully timing-safe. The timingSafeEqual function used normal string equality === when comparing hash values. This comparison may stop early if values differ, which can theoretically cause small timing...
OpenClaw replaced a deprecated sandbox hash algorithm
Affected Packages / Versions - npm package: openclaw - Affected versions: = 2026.2.14 - Fixed version pre-set: 2026.2.15 Description The sandbox identifier cache key for Docker/browser sandbox configuration used SHA-1 to hash normalized configuration payloads. SHA-1 is deprecated for cryptographi...
OpenClaw has a Web Fetch DoS via unbounded response parsing
Summary The webfetch tool could be used to crash the OpenClaw Gateway process OOM / resource exhaustion by fetching and attempting to parse attacker-controlled web pages with oversized response bodies or pathological HTML nesting. Affected Packages / Versions - Package: openclaw npm - Affected...