Lucene search
+L

9767 matches found

Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-50343 Microsoft Install Service Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.02545EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 3 days ago5 views

Microsoft Install Service Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Install Service allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.02545EPSS
Exploits0
OSV
OSV
added 3 days ago4 views

MAL-2026-10580 Malicious code in ethers-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...

6.1AI score
Exploits0References2
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-59674 LPE from suricata user to root due to chown in %post in suricata packaging

A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed suricata package allows the suricata user to escalate to root. This issue affects openSUSE Tumbleweed: from ? before 8.0.5-2.1; openSUSE Tumbleweed: from ? before 8.0.5-2.1...

8.5CVSS0.00129EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in home-mp-commons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885b9dad73e9eeb07a1fcb4a94493ec85573f656f7b9347a8682f56db359cfd6 [email protected] is an empty npm package declared main index.js is absent from the tarball whose sole effect on install is to resolve a single...

6.2AI score
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43534

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS6.2AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43571

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS6.2AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-58331

Name of the Vulnerable Software and Affected Versions Microsoft Install Service affected versions not specified Description Improper privilege management in the Microsoft Install Service allows an authorized attacker to elevate privileges locally, potentially granting full control over the system...

7.8CVSS6.1AI score0.02545EPSS
Exploits0References6
NVD
NVD
added 4 days ago6 views

CVE-2026-62193

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-62194 OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS0.00251EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

CVE-2026-62194 OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.7CVSS6.2AI score0.00251EPSS
Exploits0References5
OSV
OSV
added 4 days ago6 views

CVE-2026-62193 OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS6.2AI score0.00184EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-62193

OpenClaw is affected: versions 2026.6.5 to before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist ...

6.9CVSS6.2AI score0.00184EPSS
Exploits0References2Affected Software1
NVD
NVD
added 4 days ago6 views

CVE-2026-58409

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-58409 ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS0.00456EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

CVE-2026-58409 ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS6.2AI score0.00456EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-58409

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS6.2AI score0.00456EPSS
Exploits0References2Affected Software1
OSV
OSV
added 4 days ago4 views

MAL-2026-10479 Malicious code in node-fsmetrics-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b67fad1d72f63941a3973df07e6cbd980c9e3c3bbe5041818f58b9be07d6b7e9 The tarball contains archive-sender.js, which tars the directory /root/.codex, splits the archive into 200MB chunks, and uploads each chunk by runnin...

6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in @sectest429/hello-npm-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 479b9303d76a49dfacb402f0a906e32686b5d276e23f429678150e73e506550d The package advertises a single function module.exports = function helloname but ships a preinstall.js lifecycle script that runs automatically on np...

6.4AI score
Exploits0References2
OSV
OSV
added 4 days ago4 views

MAL-2026-10478 Malicious code in @sectest429/hello-npm-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 479b9303d76a49dfacb402f0a906e32686b5d276e23f429678150e73e506550d The package advertises a single function module.exports = function helloname but ships a preinstall.js lifecycle script that runs automatically on np...

6.4AI score
Exploits0References2
Rows per page
Query Builder