| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing. |
| OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook secrets through brute-force attacks. |
| Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock. |
| prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing authorization checks to retrieve private prompt version history, change requests, examples, current content, and metadata including titles and descriptions exposed via HTML meta tags. |
| Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions. |
| prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account. |
| OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts. |
| Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) |
| prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit non-deterministic username resolution to impersonate victim accounts, replace profile content on canonical URLs, and inject attacker-controlled metadata and content across the platform. |
| Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted. |
| Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800 |
| Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access (enable_spectator_access / WEB_PUBLIC_STREAMS_ENABLED) is disabled, attachments originating from web-public streams can still be retrieved anonymously. As a result, file contents remain accessible even after public access is intended to be disabled. Similarly, even after spectator access is disabled, the /users/me/<stream_id>/topics endpoint remains reachable anonymously, allowing retrieval of topic history for web-public streams. This issue has been patched in version 11.6. This issue has been patched in version 11.6. |
| Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.
When NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover.
This issue can be monitored by checking for mgd processes in lockf state in the output of 'show system processes extensive':
user@host> show system processes extensive | match mgd
<pid> root 20 0 501M 4640K lockf 1 0:01 0.00% mgd
If the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won't invoke mgd), mgd processes in this state can be killed with 'request system process terminate <PID>' from the CLI or with 'kill -9 <PID>' from the shell.
This issue affects:
Junos OS:
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2-S1,
* 24.4 versions before 24.4R1-S3, 24.4R2;
This issue does not affect Junos OS versions before 23.4R1;
Junos OS Evolved:
* 23.4 versions before 23.4R2-S5-EVO,
* 24.2 versions before 24.2R2-S1-EVO,
* 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.
This issue does not affect Junos OS Evolved versions before 23.4R1-EVO; |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).
When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.
This issue affects Junos OS on SRX1600, SRX2300 and SRX4300:
* 24.4 versions before 24.4R1-S3, 24.4R2.
This issue does not affect Junos OS versions before 24.4R1. |
| An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.
When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.
This issue affects Junos OS on EX Series and QFX Series:
* 23.4 version 23.4R2-S6,
* 24.2 version 24.2R2-S3.
No other Junos OS versions are affected. |
| A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).
In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.
Use the following command to monitor the memory consumption by l2ald:
user@device> show system process extensive | match "PID|l2ald"
This issue affects:
Junos OS:
* all versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2;
Junos OS Evolved:
* all versions before 22.4R3-S5-EVO,
* 23.2 versions before 23.2R2-S3-EVO,
* 23.4 versions before 23.4R2-S4-EVO,
* 24.2 versions before 24.2R2-EVO. |
