Search Vulnerabilities

Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Apache Airflow: Exposing stack trace in case of constraint error

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0)...

OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool

Hashgraph Guardian 3.5.0 Unsandboxed JavaScript Execution RCE

Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Electron named window.open targets not scoped to the opener's browsing context

SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters

Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure

Improper authorization in device bulk actions and device update API allows cross-organization device control

WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Dark Reader gives users the ability to request style sheets from local web servers

BigBlueButton: Exposed ClamAV port enables Denial of Service

Skill Scanner Unsecured Network Binding Vulnerability

Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape