Lucene search
+L

7058 matches found

Github Security Blog
Github Security Blog
added 2026/02/17 6:46 p.m.7 views

OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass

Summary In Telegram webhook mode, if channels.telegram.webhookSecret is not set, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates for example...

7.5CVSS5.6AI score0.002EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20333

Name of the Vulnerable Software and Affected Versions Wavlink WL-NU516U1 versions up to 20251208 Description A flaw exists in Wavlink WL-NU516U1 that could allow for remote command injection. The issue is located in the singlePortForwardDelete function within the /cgi-bin/firewall.cgi file...

8.6CVSS5.3AI score0.11596EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/02/14 12:0 a.m.7 views

SUSE SLES12 Security Update : zabbix (SUSE-SU-2026:0483-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0483-1 advisory. - CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 - CVE-2024-42325: Restricted access to user fields using...

3.5CVSS5.7AI score0.00328EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.7 views

CVE-2026-20630

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data...

5.5CVSS5.4AI score0.00118EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/02/12 4:34 p.m.10 views

Security update for zabbix

This update for zabbix fixes the following issues: CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using alert.get...

3.5CVSS5.5AI score0.00328EPSS
Exploits0References8
OSV
OSV
added 2026/02/12 4:34 p.m.4 views

SUSE-SU-2026:0483-1 Security update for zabbix

This update for zabbix fixes the following issues: - CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 - CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using...

3.5CVSS5.5AI score0.00328EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.14 views

PT-2026-7014

Name of the Vulnerable Software and Affected Versions UTT 进取 521G version 3.1.1-190816 Description A flaw exists in the doSystem function within the /goform/setSysAdm file. Manipulation of the passwd1 argument can result in command injection. This issue may be exploited remotely. The exploit is...

8.6CVSS5.5AI score0.04239EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.12 views

PT-2026-6903

Name of the Vulnerable Software and Affected Versions D-Link DWR-M921 version 1.1.50 Description A security issue exists in D-Link DWR-M921 version 1.1.50 related to command injection. The issue is located in the USSD Configuration component, specifically within the sub 419F20 function of the...

8.6CVSS5.4AI score0.04352EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.5 views

PT-2026-6911

Name of the Vulnerable Software and Affected Versions SourceCodester Online Class Record System version 1.0 Description A flaw exists in the processing of the /admin/message/search.php file within the software. Manipulating the term argument can result in SQL injection. This issue can be exploite...

9.8CVSS5.6AI score0.00312EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.16 views

PT-2026-6819

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31 Description AMSS++ version 4.31 has a SQL injection issue in the mail module’s maildetail.php script. The issue is present through the id parameter. An attacker can manipulate the id parameter in the...

8.8CVSS5.7AI score0.00289EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/03 3:56 a.m.5 views

CVE-2025-11261

A flaw was found in MediaWiki. This vulnerability, known as Cross-site Scripting XSS, occurs due to improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages. Successful exploitation could lead to arbitrary code...

6.1CVSS6.3AI score0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.13 views

PT-2026-6030

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.2 Django versions prior to 5.2.11 Django versions prior to 4.2.28 Description A flaw in the GeoDjango RasterField implementation, specifically when using a PostGIS backend, allows remote attackers to perform SQL...

8.3CVSS7.1AI score0.09436EPSS
Exploits1References103
RedhatCVE
RedhatCVE
added 2026/02/02 7:17 a.m.5 views

CVE-2026-1518

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services. Mitigation To mitigate this issue, restrict administrative access to Keycloak instances. Ensure that only...

2.7CVSS5.4AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.17 views

PT-2026-3939

Name of the Vulnerable Software and Affected Versions Tenda AX1803 version 1.0.0.1 Description A stack-based buffer overflow exists in the fromGetWifiGuestBasic function within the /goform/WifiGuestSet file of the Tenda AX1803. Manipulation of the guestWrlPwd, guestEn, guestSsid, hideSsid, and...

9CVSS5.8AI score0.01103EPSS
Exploits1References11
Snyk
Snyk
added 2026/01/15 11:53 p.m.8 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack via the authentication process in the S3 gateway. An attacker can gain unauthorized access or perform actions by replaying previously captured signed requests, as the system does not validate timestamps on authenticated...

6.9CVSS5.6AI score0.00239EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/11 12:0 a.m.6 views

PT-2026-2041

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0 that allows for SQL injection. The issue is located in an unknown function within the /Administrator/PHP/AdminAddUser.php file...

9.8CVSS7.5AI score0.00319EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.8 views

CVE-2023-49002

An issue in Xenom Technologies sinous Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity...

7.5CVSS6.8AI score0.00664EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.9 views

CVE-2023-4800

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...

6.5CVSS6.6AI score0.00861EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:11 p.m.10 views

CVE-2018-18531

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...

9.8CVSS7AI score0.01468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:51 a.m.11 views

CVE-2009-4998

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

2.6CVSS7AI score0.01099EPSS
Exploits0References1
Rows per page
Query Builder