Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

101 matches found

NVD
NVDadded last week8 views

CVE-2026-53817

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

8.8CVSS0.00309EPSS
Exploits0References2
EUVD
EUVDadded last week7 views

EUVD-2026-36323

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

8.8CVSS5.5AI score0.00309EPSS
Exploits0References2
CVE
CVEadded last week14 views

CVE-2026-53817

OpenClaw CVE-2026-53817 affects the Control UI pairing in OpenClaw, where locality validation is insufficient. This allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens, converting temporary shared access into persistent administrative ...

8.8CVSS5.5AI score0.00309EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded last week9 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS5.4AI score0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/11 12:0 a.m.8 views

PT-2026-48747

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.22 Description An issue in the Control UI pairing process involves insufficient locality-derived trust validation. This allows attackers with network access to spoof locality information to convert temporary...

8.8CVSS5.2AI score0.00309EPSS
Exploits0References5
NVD
NVDadded 2026/06/10 4:16 p.m.5 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS0.00356EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/10 2:57 p.m.6 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

5.4AI score0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/10 12:0 a.m.6 views

PT-2026-48456

🚨 CVE-2026-25700 Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continue...

7.2CVSS5.2AI score0.00356EPSS
Exploits0References3
NVD
NVDadded 2026/06/09 10:16 a.m.8 views

CVE-2026-41031

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/09 9:51 a.m.6 views

CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/09 12:0 a.m.10 views

PT-2026-47731

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/06 6:43 p.m.10 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00189EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/06/05 6:27 p.m.6 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00189EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/06/05 6:27 p.m.26 views

CVE-2026-46395 HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS0.00189EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/28 5:45 p.m.8 views

EUVD-2026-32966

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...

5.1CVSS5.8AI score0.00204EPSS
Exploits0References8
NVD
NVDadded 2026/05/15 7:17 p.m.12 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS0.01306EPSS
Exploits0References3
Veracode
Veracodeadded 2026/05/15 6:2 p.m.8 views

Information Exposure

Dgraph is vulnerable to Information Exposure. The vulnerability is due to exposure of process command-line arguments through the unauthenticated /debug/vars endpoint, which allows an attacker to obtain sensitive admin tokens and gain unauthorized access to admin-only endpoints...

9.8CVSS5.8AI score0.01857EPSS
Exploits1References3Affected Software3
Cvelist
Cvelistadded 2026/05/14 6:43 p.m.36 views

CVE-2026-27886 Strapi may leak sensitive data via relational filtering due to lack of query sanitization

Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...

9.2CVSS0.00612EPSS
Exploits3References1
CNNVD
CNNVDadded 2026/05/14 12:0 a.m.7 views

Strapi 路径遍历漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi from 4.0.0 to 5.37.0 had a path traversal vulnerability. This vulnerability stemmed from insufficient cleanup of query parameters when filtering content using relationship fields...

9.2CVSS5.8AI score0.00612EPSS
Exploits3References1
CNNVD
CNNVDadded 2026/05/14 12:0 a.m.9 views

Crabbox 授权问题漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained an authorization vulnerability. This vulnerability stemmed from an authentication bypass, allowing non-administrator token callers to impersona...

8.8CVSS6.4AI score0.00361EPSS
Exploits0References1
Rows per page
Query Builder