Lucene search
K

27 matches found

CVE
CVE
added 2026/02/19 11:23 p.m.19 views

CVE-2026-27008

OpenClaw (npm package openclaw) is affected by CVE-2026-27008 prior to version 2026.2.15, where a bug in the download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated, potentially writing files outside th...

6.8CVSS5.5AI score0.00166EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 11:23 p.m.3 views

CVE-2026-27008 OpenClaw hardened the skill download target directory validation

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only skills.install flow, this could write files outside t...

6.8CVSS5.5AI score0.00166EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/02/18 10:44 p.m.8 views

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-27008 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-27008 Source advisory: OSV:GHSA-H7F7-89MM-PQH6...

6.8CVSS5.8AI score0.00166EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.17 views

MiracleLinux 9 : kernel-5.14.0-570.12.1.el9_6 (AXSA:2025-10392:38)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10392:38 advisory. kernel: drm: nv04: Fix out of bounds access CVE-2024-27008 kernel: Bluetooth: Fix use-after-free bugs caused by scosocktimeout CVE-2024-27398 kerne...

9.8CVSS7.4AI score0.01483EPSS
Exploits4References342
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27008

Malware in sbrugna...

5.9CVSS5.9AI score0.00808EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/10/02 12:0 a.m.10 views

VulnCheck KEV: CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS5.9AI score0.01499EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:30 a.m.8 views

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS5.8AI score0.01499EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 p.m.8 views

CVE-2022-27008

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat when a slow array appended element is fast array...

7.5CVSS6.8AI score0.01698EPSS
Exploits1References1
CVE
CVE
added 2025/04/15 9:53 p.m.49 views

CVE-2025-27008

CVE-2025-27008 is a Missing Authorization vulnerability in the WordPress plugin Unlimited Timeline (unlimited-timeline) affecting versions prior to 1.6.1. The issue allows access to functionality not properly constrained by ACLs. Public sources (Patchstack) indicate a fix in Unlimited Timeline 1....

7.5CVSS7.3AI score0.00368EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/15 6:50 a.m.4 views

WordPress Unlimited Timeline < 1.6.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Unlimited Timeline versions 1.6.1...

7.5CVSS8.3AI score0.00368EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-27008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in fabricatedcboutput, there may be out of bounds access to dacusers array in...

7.8CVSS6.7AI score0.00293EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/10/28 12:0 a.m.41 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2608)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.3AI score0.01287EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2352)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.3AI score0.01287EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/07/11 7:1 p.m.139 views

USN-6893-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. CVE-2024-24857, CVE-2024-24858, CVE-2024-24859 Several security issues we...

9.1CVSS7AI score0.01401EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.27 views

Fedora: Security Advisory (FEDORA-2024-bc0db39a14)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.01287EPSS
Exploits0References47
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.94 views

Debian: Security Advisory (DSA-5680-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.9AI score0.01287EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/01 5:29 a.m.39 views

CVE-2024-27008 drm: nv04: Fix out of bounds access

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in fabricatedcboutput, there may be out of bounds access to dacusers array in case dcb-or is zero because ffsdcb-or is used as index there. The 'or...

7.6AI score0.00293EPSS
Exploits0References8
Circl
Circl
added 2023/03/28 6:39 p.m.11 views

CVE-2023-27008

creationtimestamp| type| source ---|---|--- 2023-03-28 18:39:40+00:00| seen| https://t.me/cibsecurity/60894 2025-02-18 23:42:22+00:00| seen| Telegram/Dl3znzLPzoP-cgpG8oJgO7XtbOQC-5Y3c0eHZ-BL4-WM4pQb 2025-10-03 21:02:30+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m2cxppqm2...

6.1CVSS6AI score0.01499EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/28 12:0 a.m.8 views

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1AI score0.01499EPSS
Exploits1References1
CVE
CVE
added 2023/03/28 12:0 a.m.77 views

CVE-2023-27008

ATutor 2.2.1 is affected by CVE-2023-27008: a reflected XSS in login.tmpl.php (encrypt_password()) via the token parameter. Exploitation can inject script/HTML into pages viewed by users. Mitigation: upgrade to ATutor 2.2.2 or newer; consider restricting access to login.tmpl.php. No exploit detai...

6.1CVSS6AI score0.01499EPSS
In wildExploits1References1Affected Software1
Rows per page
Query Builder