33268 matches found
Go Ethereum affected by DoS via malicious p2p message
Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...
Go Ethereum affected by DoS via malicious p2p message
Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...
uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120
The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sending pq keyshares. Only this fingerprint is affected since newer fingerprints have pq keyshares by default and older fingerprints have this extension...
uTLS has a fingerprint vulnerability from GREASE ECH mismatch for Chrome parrots
There is a fingerprint mismatch with Chrome when using GREASE ECH, having to do with ciphersuite selection. When Chrome selects the preferred ciphersuite in the outer ClientHello and the ciphersuite for ECH, it does so consistently based on hardware support. That means, for example, if it prefers...
LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php
Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...
LibreNMS has a Stored XSS in Alert Rule
Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...
LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.
Summary SQL Injection in IPv6 Address Search functionality via address parameter A SQL injection vulnerability exists in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is...
LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()
Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...
LibreNMS /port-groups name Stored Cross-Site Scripting
Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...
LibreNMS /device-groups name Stored Cross-Site Scripting
Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...
LibreNMS affected by reflected xss via email field
Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...
Nokogiri does not check the return value from xmlC14NExecute
Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...
Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
Summary A command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Details In lib/wifi.js, the wifiNetworks function sanitizes the iface parameter on the initial call lin...
Ghost has a SQL injection in Content API
Impact A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. Vulnerable Versions This vulnerability is present in Ghost v3.24.0 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Note: as this...
Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde
Impact This is a remote code execution RCE vulnerability. Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file could execute arbitrary code when installed or required. All projects using this loading behavior are...
mingSoft MCMS does not properly restrict file uploads
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
NLTK has a Zip Slip Vulnerability
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...
OpenClaw has an authentication bypass in sandbox browser bridge server
Summary openclaw could start the sandbox browser bridge server without authentication. When the sandboxed browser is enabled, openclaw runs a local loopback HTTP bridge that exposes browser control endpoints for example /profiles, /tabs, /tabs/open, /agent/. Due to missing auth wiring in the...
OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension
Summary The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections: - sendMediaFeishumediaUrl - Feishu DocX markdown image URLs write/append - image processing Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or vi...
OpenClaw has a LFI in BlueBubbles media path handling
Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via mediaPath and could read arbitrary local files from disk before sending them as media attachments. Details When sendBlueBubblesMedia received a non-HTTP media source, the previous implementation resolved it ...
OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
Summary OpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern. Affected Packages / Versio...
OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution
Summary The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution. Impact If an attacker can convince a user to paste attacker-provided OAuth callback data during the manu...
OpenClaw: Prevent shell injection in macOS keychain credential write
Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...
OpenClaw has a path traversal in browser trace/download output paths may allow arbitrary file writes
Summary OpenClaw’s browser control API accepted user-supplied output paths for trace/download files without consistently constraining writes to OpenClaw-managed temporary directories. Impact If an attacker can access the browser control API, they could attempt to write trace/download output files...
OpenClaw has a Path Traversal in Browser Download Functionality
Summary OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory. This issue is not exposed via the AI agent tool schema no...
Jenkins has a build information disclosure vulnerability through Run Parameter
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
Jenkins has a stored XSS vulnerability in node offline cause description
Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...
Hugging Face Smolagents has a Server-Side Request Forgery issue
A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...
NVIDIA NeMo Framework Deserializes Untrusted Data
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path
A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...
Trivy Action has a script injection via sourced env file in composite action
Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export A command injection vulnerability exists in aquasecurity/trivy-action due to improper handling of action inputs when exporting environment variables. The action writes export VAR= lines to trivyenvs.txt bas...
OpenClaw affected by potential code execution via unsafe hook module path handling in Gateway
Summary OpenClaw Gateway supports hook mappings with optional JavaScript/TypeScript transform modules. In affected versions, the gateway did not sufficiently constrain configured module paths before passing them to dynamic import. Under some configurations, a user who can modify gateway...
OpenClaw's unsanitized session ID enables path traversal in transcript file operations
Description OpenClaw versions = 2026.2.12 Fix Fixed by validating session IDs rejecting path separators / traversal sequences and enforcing sessions-directory containment for session transcript file operations. Fix Commits - 4199f9889f0c307b77096a229b9e085b8d856c26 Additional Hardening -...
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...
OpenClaw inter-session prompts could be treated as direct user instructions
Summary Inter-session messages sent via sessionssend could be interpreted as direct end-user instructions because they were persisted as role: "user" without provenance metadata. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.13 Impact A delegated or internal...
Withdrawn Advisory: Libredesk has a SSRF Vulnerability in Webhooks
Reconsidered - Working as designed. Update 2026-05-28 Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it. Anyone holding this permission already has full...
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
Command hijacking via PATH handling Discovered: 2026-02-04 Reporter: @akhmittra Summary OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary "command hijacking" when running host...
OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication
Summary The optional Tlon Urbit extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery SSRF in affected deployments. Impact This only affects deployments that have installed and configured t...
OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled
Summary A Twilio webhook signature-verification bypass in the voice-call extension could allow unauthenticated webhook requests when a specific ngrok free-tier compatibility option is enabled. Impact This issue is limited to configurations that explicitly enable and expose the voice-call webhook...
OpenClaw Telegram allowlist authorization accepted mutable usernames
Summary Telegram allowlist authorization could match on @username mutable/recyclable instead of immutable numeric sender IDs. Impact Operators who treat Telegram allowlists as strict identity controls could unintentionally grant access if a username changes hands identity rebinding/spoof risk. Th...
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. Impact A malicious website can trigger unauthorized...
OpenClaw affected by denial of service via unbounded webhook request body buffering
Summary Multiple webhook handlers accepted and buffered request bodies without a strict unified byte/time limit. A remote unauthenticated attacker could send oversized payloads and cause memory pressure, degrading availability. Details Affected packages: - openclaw npm: 2026.2.12 - clawdbot npm:...
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
Summary Archive extraction lacked strict resource budgets, allowing high-expansion ZIP/TAR archives to consume excessive CPU/memory/disk during install/update flows. Affected Packages / Versions - openclaw npm: = 2026.2.13 - clawdbot npm: = 2026.1.24-3 Details Affected component:...
OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
Summary Base64-backed media inputs could be decoded into Buffers before enforcing decoded-size budgets. An attacker supplying oversized base64 payloads can force large allocations, causing memory pressure and denial of service. Attack Scenario Notes - Recommended deployments bind the gateway to...
OpenClaw affected by denial of service via unbounded URL-backed media fetch
Summary URL-backed media fetch handling allocated the entire response payload in memory arrayBuffer before enforcing maxBytes, allowing oversized responses to cause memory exhaustion. Affected Versions - openclaw npm: res.writeHead200,"content-type":"application/octet-stream";forlet...
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
Summary When Slack DMs are configured with dmPolicy=open, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions...