33187 matches found
Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install
Helm is a package manager for Charts for Kubernetes. In Helm versions =4.0.0 and =4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. Impact The bug allows plugin authors to omit provenance signing data from plugins, bypassing plugin signature...
Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
Helm is a package manager for Charts for Kubernetes. In Helm versions =4.0.0 and =4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. Impact A Helm user who installs or updates a plugin that is...
Wasmtime has improperly masked return value from `table.grow` with Winch compiler backend
Impact Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally in Winch, is tagged as a 64-bit value instead of a 32-bit value. This invalid...
Duplicate Advisory: LiteLLM has a sandbox escape in custom-code guardrail
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wxxx-gvqv-xp7p. This link is maintained to preserve external references. Original Description LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the...
Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access
Impact Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch compiler -Ccompiler=winch. By default, Wasmtime uses its Cranelift backend, not...
Vikunja: Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade
Title Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner deletes a link share or...
Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path
Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...
Apache ActiveMQ: Denial of Service via Out of Memory vulnerability
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...
parisneo/lollms vulnerable to stored XSS in the social feature
A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...
Spring Cloud Gateway's SSL bundle configuration silently bypassed
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...
OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...
OpenStack Keystone: Restricted application credentials can create EC2 credentials
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
Zod jsVideoUrlParser vulnerable to ReDoS in util.js
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...
Duplicate Advisory: OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3h52-cx59-c456. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated...
Duplicate Advisory: OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7xr2-q9vf-x4r5. This link is maintained to preserve external references. Original Description OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers tha...
Duplicate Advisory: OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mf5g-6r6f-ghhm. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation...
Duplicate Advisory: OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rm59-992w-x2mv. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handlin...
Duplicate Advisory: OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vcx4-4qxg-mfp4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allo...
Duplicate Advisory: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vfg3-pqpq-93m4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cit...
Duplicate Advisory: OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h4jx-hjr3-fhgc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback...
Duplicate Advisory: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-65h8-27jh-q8wv. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before...
Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mqc-jqh6-x8fc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where...
Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4qwc-c7g9-4xcw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling...
Duplicate Advisory: OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hf68-49fm-59cq. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows...
Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fa...
Duplicate Advisory: OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rqp8-q22p-5j9q This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that...
Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg6c-q2hx-69h7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows...
Duplicate Advisory: OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mp66-rf4f-mhh8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webho...
Duplicate Advisory: OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52q4-3xjc-6778. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that...
Duplicate Advisory: OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xhq5-45pm-2gjr. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room...
Duplicate Advisory: OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq8g-hgh6-87hv. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows...
FoundationAgents MetaGPT vulnerable to os command injection via the Terminal.run_command
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...
FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...
Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...
Apache Tomcat Missing Encryption of Sensitive Data vulnerability
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...
Apache Tomcat has an Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...
Apache Tomcat: Configured cipher preference order not preserved
Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...
Apache Tomcat has an Open Redirect vulnerability
Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...
Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...
Gramps Web API: Private Sub-Object Data in Non-Private Objects Exposed to Guest Users
Summary Users with the Guest role could receive private sub-object data e.g. private alternate names, private addresses, private note/citation/media handles through list API endpoints such as GET /api/people/, GET /api/places/, GET /api/events/, and all other object list endpoints. This does not...
OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant)
Impact GITDIR and related git plumbing env vars missing from exec env denylist GHSA-m866-6qv5-p2fg variant. Git plumbing environment variables were not removed before host exec and could redirect Git operations. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenCla...
bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts
ARC broadcaster treats failure statuses as successful broadcasts Summary BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are silently...
bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)
Unverified certifier signatures persisted by acquirecertificate Affected packages Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/walletinterface/walletclient.rb, which is physically shipped inside both gems the...
Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
EVIDENCE | Disclosed to Vercel H1 | 2026-03-22 no response after 12 days | | Cross-reported here | 2026-04-03 | --- Summary useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol functio...
Wasmtime has out-of-bounds write or crash when transcoding component model strings
Impact Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This enables a guest to cause the host to write arbitrary transcoded string bytes...