Research

A moderate-severity vulnerability in OpenClaw allows attackers to bypass the safeBins grep policy using the -e flag, enabling file reads from the working directory including .env files and credentials.

A new sandbox escape in js2py via the ArrayBuffer constructor bypasses disable_pyimport() and the CVE-2024-28397 patch. Here is what was found and what you should do about it.

A missing done-sentinel in logicalQuery.Select() causes an infinite loop when any boolean XPath expression evaluating to true is used as a node selector, affecting antchfx/xmlquery, htmlquery, and jsonquery.

A vacuous bounds check in github.com/jackc/pgproto3 v2.3.3 allows a malicious PostgreSQL server to crash any connected Go client process with a single malformed DataRow message.

Your feed may be full of friends that appears to be turned old and aged. Yes, Faceapp is a fun app to play around. But you don’t know what is the privacy trap you are getting into. Your feed may be full of friends that appears to be turned old and aged. Yes, Faceapp is a fun app to play around. But

OPPO Kash android application has root access bug which means the application requests for full permission from the user Their security team rejected the bug OPPO Kash is an all-inclusive financial services application where the entire India takes a step towards financial freedom, with right from i

Pegasus spyware originated from Israel might be the most recently discussed spyware that was spread across multiple countries including US, UAE and India. The main targets of the spyware were journalists, politicians and people of prime importance. Pegasus spyware originated from Israel might b

I have discovered this privacy issue in the WhatsApp web portal that leaked around 29000–300000 WhatsApp user’s mobile numbers in plaintext accessible to any internet user in plaintext. I have discovered this privacy issue in the WhatsApp web portal that leaked around 29000–300000 WhatsApp user’s m