Aggregator
OpenClaw安全问题
4 months ago
今天聊聊OpenClaw的安全问题
CVE-2026-26125 | Microsoft Payment Orchestrator Service missing authentication
4 months ago
A vulnerability was found in Microsoft Payment Orchestrator Service. It has been rated as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication.
This vulnerability is traded as CVE-2026-26125. It is possible to initiate the attack remotely. There is no exploit available.
This product is a managed service, so users are unable to manage vulnerability countermeasures on their own.
vuldb.com
CVE-2025-29165 | D-Link DIR-1253 1.6.1684 /etc/shadow.sample privilege escalation
4 months ago
A vulnerability was found in D-Link DIR-1253 1.6.1684. It has been declared as critical. Affected is an unknown function of the file /etc/shadow.sample. Executing a manipulation can lead to privilege escalation.
This vulnerability appears as CVE-2025-29165. The attacker needs to be present on the local network. There is no available exploit.
vuldb.com
CVE-2026-28724 | Acronis Cyber Protect 17 prior 41186 authorization
4 months ago
A vulnerability was found in Acronis Cyber Protect 17. It has been classified as problematic. This impacts an unknown function. Performing a manipulation results in incorrect authorization.
This vulnerability is reported as CVE-2026-28724. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-28723 | Acronis Cyber Protect 17 prior 41186 authorization
4 months ago
A vulnerability was found in Acronis Cyber Protect 17 and classified as problematic. This affects an unknown function. Such manipulation leads to incorrect authorization.
This vulnerability is documented as CVE-2026-28723. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-28720 | Acronis Cyber Protect 17 prior 41186 authorization
4 months ago
A vulnerability has been found in Acronis Cyber Protect 17 and classified as problematic. The impacted element is an unknown function. This manipulation causes incorrect authorization.
This vulnerability is registered as CVE-2026-28720. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
vuldb.com
CVE-2026-28718 | Acronis Cyber Protect 17 prior 41186 logging of excessive data
4 months ago
A vulnerability, which was classified as problematic, was found in Acronis Cyber Protect 17. The affected element is an unknown function. The manipulation results in logging of excessive data.
This vulnerability is cataloged as CVE-2026-28718. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-28714 | Acronis Cyber Protect 17 prior 41186 insufficiently protected credentials
4 months ago
A vulnerability, which was classified as problematic, has been found in Acronis Cyber Protect 17. Impacted is an unknown function. The manipulation leads to insufficiently protected credentials.
This vulnerability is listed as CVE-2026-28714. The attack must be carried out from within the local network. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-27605 | Chartbrew up to 4.8.3 HTML File Parser uploads/ unrestricted upload (GHSA-jf6m-hm53-c364)
4 months ago
A vulnerability classified as critical was found in Chartbrew up to 4.8.3. This issue affects some unknown processing of the file uploads/ of the component HTML File Parser. Executing a manipulation can lead to unrestricted upload.
This vulnerability is tracked as CVE-2026-27605. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-11790 | Acronis Cyber Protect Cloud Agent up to 40734 permission assignment
4 months ago
A vulnerability classified as problematic has been found in Acronis Cyber Protect Cloud Agent up to 40734. This vulnerability affects unknown code. Performing a manipulation results in incorrect permission assignment.
This vulnerability is identified as CVE-2025-11790. The attack is only possible with local access. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-70949 | perfood couch-auth 0.26.0 timing discrepancy
4 months ago
A vulnerability described as problematic has been identified in perfood couch-auth 0.26.0. This affects an unknown part. Such manipulation leads to observable timing discrepancy.
This vulnerability is referenced as CVE-2025-70949. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2026-28719 | Acronis Cyber Protect 17 prior 41186 authorization
4 months ago
A vulnerability marked as problematic has been reported in Acronis Cyber Protect 17. Affected by this issue is some unknown functionality. This manipulation causes incorrect authorization.
The identification of this vulnerability is CVE-2026-28719. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-28716 | Acronis Cyber Protect 17 prior 41186 authorization
4 months ago
A vulnerability labeled as problematic has been found in Acronis Cyber Protect 17. Affected by this vulnerability is an unknown functionality. The manipulation results in incorrect authorization.
This vulnerability was named CVE-2026-28716. The attack needs to be approached locally. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2026-28715 | Acronis Cyber Protect 17 prior 41186 authorization
4 months ago
A vulnerability identified as problematic has been detected in Acronis Cyber Protect 17. Affected is an unknown function. The manipulation leads to incorrect authorization.
This vulnerability is uniquely identified as CVE-2026-28715. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2026-28710 | Acronis Cyber Protect 17 prior 41186 weak authentication
4 months ago
A vulnerability categorized as problematic has been discovered in Acronis Cyber Protect 17. This impacts an unknown function. Executing a manipulation can lead to weak authentication.
This vulnerability is handled as CVE-2026-28710. The attack can be executed remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-28709 | Acronis Cyber Protect 17 prior 41186 authorization
4 months ago
A vulnerability was found in Acronis Cyber Protect 17. It has been rated as problematic. This affects an unknown function. Performing a manipulation results in incorrect authorization.
This vulnerability is known as CVE-2026-28709. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is advised.
vuldb.com
CVE-2026-28726 | Acronis Cyber Protect 17 prior 41186 authorization
4 months ago
A vulnerability was found in Acronis Cyber Protect 17. It has been declared as problematic. The impacted element is an unknown function. Such manipulation leads to incorrect authorization.
This vulnerability is traded as CVE-2026-28726. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Epic CEO Tim Sweeney 同意在 2032 年前停止批评 Play Store
4 months ago
Google 和 Epic 就《堡垒之夜》的佣金比例分歧达成和解,Google 同意降低所有应用的佣金比例。这场诉讼对 Epic CEO Tim Sweeney 而言是大获全胜,他完全实现了自己的目标。当然他也“被迫”做出了让步:根据和解协议,Sweeney 同意在 2032 年之前停止批评 Google 的应用商店政策,禁止进一步迫使 Google 再次修改应用商店政策,必须公开支持 Google 修改后的政策,甚至可能需要在世界各地的法庭出庭为与 Google 达成的这项协议辩护。Sweeney 已经通过其社交媒体账号赞美了 Google。
CVE-2026-28725 | Acronis Cyber Protect 17 prior 41186 Configuration permission assignment
4 months ago
A vulnerability was found in Acronis Cyber Protect 17. It has been classified as problematic. The affected element is an unknown function of the component Configuration Handler. This manipulation causes incorrect permission assignment.
This vulnerability appears as CVE-2026-28725. The attack requires local access. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com