Vulnerability

PKCS#12 bag handling can write past the internal array when appending to a bag that already contains 32 elements.

Scope enforcement bypass in the assistant-media route allows trusted-proxy callers without operator.read scope to access protected media files.

Tool-result media path handling fails to enforce local-root containment, allowing arbitrary local and UNC file access.

qlog transport parameter serialization writes untrusted peer parameters into a fixed stack buffer without bounds checking.

Scope bypass in the Gateway chat.send route allows operator.write clients to execute privileged commands through inherited external routes.

SSRF policy bypass in browser debug and export routes allows reuse of already-open blocked tabs to inspect protected content.

QQBot native approval buttons do not enforce configured approver identity, allowing non-approvers to resolve pending approval requests.

QQBot admin commands can bypass DM-only and allowFrom policy checks, allowing restricted commands from unauthorized contexts.

DTLS fragment reassembly does not validate consistent message_length values, enabling heap overwrite via crafted fragments.

Slack plugin approvals allow exec-authorized users to resolve plugin approvals through the exec approver gate.

Bundled device-pair plugin lets non-owner authorized chat senders issue device-pairing bootstrap codes without proper scope validation.

Integer underflow in the wolfSSL packet sniffer ChaCha20-Poly1305 AEAD decryption path can cause an out-of-bounds read and crash.

MatchDomainName wildcard hostname validation can perform a 1-byte stack buffer over-read when LEFT_MOST_WILDCARD_ONLY is active.

OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference

OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption