Briefs

Allok AVI to DVD SVCD VCD Converter 4.0.1217 is vulnerable to a SEH-based buffer overflow, allowing local attackers to execute arbitrary code by providing a malicious string in the License Name field.

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability (CVE-2018-25303) in the License Name field, allowing a local attacker to execute arbitrary code by triggering a structured exception handler (SEH) overwrite.

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string.

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation, leading to arbitrary code execution.

Prime95 version 29.4b8 contains a local buffer overflow vulnerability, allowing attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms through a malicious payload in the PrimeNet proxy hostname field.

AgentFlow is vulnerable to arbitrary code execution (CVE-2026-7466) by manipulating the `pipeline_path` parameter in POST requests to `/api/runs` and `/api/runs/validate`, allowing attackers to execute arbitrary Python code.

A remote SQL injection vulnerability (CVE-2026-7389) exists in EyouCMS versions up to 1.7.9 due to improper handling of the 'sort_asc' argument in the GetSortData function, potentially allowing attackers to execute arbitrary SQL commands.

A path traversal vulnerability exists in fatbobman mail-mcp-bridge version 1.3.3 and earlier, allowing a remote attacker to read arbitrary files by manipulating the message_ids argument in the src/mail_mcp_server.py file.

An authentication bypass vulnerability in cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 allows unauthenticated remote attackers to gain unauthorized access to the control panel.

A path traversal vulnerability exists in eiceblue spire-doc-mcp-server version 1.0.0, allowing a remote attacker to access arbitrary files by manipulating the 'document_name' argument in the 'get_doc_path' function.

A path traversal vulnerability exists in eiceblue spire-pdf-mcp-server version 0.1.1, allowing remote attackers to access arbitrary files via manipulation of the filepath argument in the get_pdf_path function.

Multiple vulnerabilities in Spring Boot, including CVE-2026-40976, CVE-2026-40973, and CVE-2026-40972, can allow attackers to bypass authorization, hijack sessions, or achieve remote code execution, potentially leading to data breaches and system compromise.

OpenClaw before 2026.4.2 is vulnerable to arbitrary directory deletion in mirror mode, enabling attackers to delete remote directories by manipulating remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values.

OpenClaw before 2026.3.24 is vulnerable to environment variable injection, allowing attackers to inject malicious environment variables through crafted workspace configurations in the CLI backend, leading to potential code execution or sensitive data exposure.

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows attackers to bypass intended execution restrictions by exploiting trust relationships with wrapper carrier executables, leading to privilege escalation and defense evasion.

OpenClaw before 2026.3.22 is vulnerable to incomplete host environment variable sanitization, allowing attackers to redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content.

OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to exhaust server resources by sending malicious Teams webhook payloads.

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives, allowing attackers to install malicious plugins and compromise the local assistant environment.

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation by declaring operator scopes on non-Control-UI clients.

OpenClaw before 2026.4.8 is vulnerable to server-side request forgery (SSRF) in QQ Bot media download paths, allowing attackers to bypass SSRF protections and access internal resources.

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function, allowing attackers to mint tokens for unapproved roles and bypass intended approval processes.

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows attackers to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that allows attackers to bypass strictInlineEval explicit-approval requirements on gateway and node exec hosts, leading to arbitrary command execution.

OpenClaw before 2026.3.28 is vulnerable to webhook replay attacks due to improper signature verification, allowing attackers to reorder query parameters and trigger duplicate voice-call processing.

Multiple vulnerabilities in cURL could allow an attacker to bypass security measures, disclose confidential information, or manipulate data.

Generative AI can be used to rapidly deploy adaptive honeypot systems that simulate diverse environments, like Linux shells or IoT devices, to trick and observe AI-driven attacks that prioritize speed over stealth.

Elinsky execution-system-mcp 0.1.0 is vulnerable to path traversal via manipulation of the context argument in the _get_context_file_path function, allowing remote attackers to access sensitive files.

A remote, anonymous attacker can exploit multiple vulnerabilities in GNU libc to execute arbitrary program code, cause a denial-of-service condition, or disclose sensitive information.

Multiple vulnerabilities in Red Hat Enterprise Linux's LibRaw component allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

An anonymous remote attacker can exploit a SQL injection vulnerability in ProFTPD.