9.3
CVE-2018-25237 - Hirschmann HiSecOS Buffer Overflow via HTTPS Login
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers cβ¦
6.1
CVE-2026-34980 - OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code executβ¦
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server acβ¦
5.3
CVE-2026-34979 - OpenPrinting CUPS: Heap overflow in `get_options()`
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly availaβ¦
6.5
CVE-2026-34978 - OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rβ¦
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anyβ¦
5
CVE-2026-34990 - OpenPrinting CUPS: Local print admin token disclosure using temporary printers
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That tokeβ¦
4.8
CVE-2026-27447 - OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an β¦
9.3
CVE-2017-20237 - Hirschmann Industrial HiVision Authentication Bypass Remote Code Execution
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over tβ¦
6.1
CVE-2026-26058 - Zulip: Path Traversal in Import
Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the upβ¦
6
CVE-2026-34511 - OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter
OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.
8.6
CVE-2026-22665 - prompts.chat Identity Confusion via Case-Sensitive Username Handling
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit non-dβ¦