Lucene search
K

161488 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38230

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.21 through 2026.4.9 Description An authentication bypass exists in the sandbox noVNC helper route, which exposes interactive browser session credentials. This allows attackers to access the noVNC helper route without...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References11
CVE
CVE
added 2026/05/06 12:0 a.m.21 views

CVE-2026-34474

CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38304

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI ALLOW LOCAL TOOLS=true in two files tool resolver.py, api/call.py. A third import sink in praisonai/templates/tool override.py was missed and...

8.4CVSS5.9AI score0.00246EPSS
Exploits2References8
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.16 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from capturing a resolved bearer-auth configuration during initialization, which could allow revoked tokens ...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

ZTE ZXHN H108N和ZTE ZXHN H298A 信息泄露漏洞

ZTE ZXHN H108N and ZTE ZXHN H298A are both products of China’s ZTE Corporation. ZTE ZXHN H108N is a modem. ZTE ZXHN H298A is a home gateway routing device. Both the ZTE ZXHN H298A version 1.1 and H108N version 2.6 have information leakage vulnerabilities. These vulnerabilities stem from specially...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/05/06 12:0 a.m.32 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

0.24681EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.21 to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a sandbox noVNC auxiliary routing mechanism that allowed authentication bypass, potentially...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.21 views

PT-2026-38300

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description The LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References8
Redos
Redos
added 2026/05/06 12:0 a.m.6 views

ROS-20260506-73-0030

Vulnerability in tomcat-native related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

9.1CVSS5.8AI score0.00715EPSS
Exploits1
Redos
Redos
added 2026/05/06 12:0 a.m.8 views

ROS-20260506-73-0027

Vulnerability in tomcat related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

9.1CVSS5.8AI score0.00715EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

AlmaLinux 10 : dovecot (ALSA-2026:13498)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13498 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

7.5CVSS5.8AI score0.0079EPSS
Exploits2References5
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.18 views

Nginx-UI Settings API Exposes Protected Secrets

The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Palo Alto Networks PAN-OS 缓冲区错误漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a buffer overflow vulnerability in Palo Alto Networks PAN-OS, which stems from insufficient boundary checks during the processing of certain data packets by the User-ID Authenticati...

9.8CVSS6.7AI score0.36157EPSS
Exploits6References1
CNVD
CNVD
added 2026/05/06 12:0 a.m.13 views

Google Android ADB Authentication Bypass Vulnerability

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

8.8CVSS6.2AI score0.00541EPSS
Exploits12
Oracle linux
Oracle linux
added 2026/05/06 12:0 a.m.13 views

dovecot security update

1:2.3.16-15.1 - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161639 - fix CVE-2025-59032: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command RHEL-162287 - fix CVE-2026-27857: denial of service via specially crafted NOOP...

7.5CVSS5.8AI score0.0079EPSS
Exploits2
Redos
Redos
added 2026/05/06 12:0 a.m.6 views

ROS-20260506-73-0029

Vulnerability in tomcat11 related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

9.1CVSS5.8AI score0.00715EPSS
Exploits1
Redos
Redos
added 2026/05/06 12:0 a.m.6 views

ROS-20260506-73-0028

Vulnerability in tomcat10 related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

9.1CVSS5.8AI score0.00715EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message. CVE-2026-6918 Note...

8.7CVSS5.8AI score0.00517EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

Oracle Linux 8 : dovecot (ELSA-2026-13830)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13830 advisory. - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161630 - fix CVE-2025-59032: ManageSieve: Denial of Service via...

7.5CVSS5.8AI score0.0079EPSS
Exploits2References4
Redos
Redos
added 2026/05/06 12:0 a.m.5 views

ROS-20260506-73-0039

Vulnerability in tomcat11 related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

6.5CVSS5.8AI score0.00469EPSS
Exploits0
Rows per page
Query Builder