Lucene search
+L

1622 matches found

Nuclei
Nuclei
added yesterday24 views

NocoBase - VM Sandbox Escape to Remote Code Execution

NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...

9.9CVSS5.8AI score0.36503EPSS
Exploits7References3
NVD
NVD
added yesterday4 views

CVE-2026-62229

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...

8.8CVSS0.00459EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-62229

OpenClaw prior to 2026.5.18 contains an authorization bypass in exec allowlist glob matching. This allows lower-trust callers to execute actions beyond intended authorization by crafting input paths that traverse the allowlist glob patterns when the affected feature is enabled. According to the C...

8.8CVSS6.2AI score0.00459EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-62229 OpenClaw < 2026.5.18 Authorization Bypass via Glob Matching

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...

8.8CVSS0.00459EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-45117

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...

8.8CVSS6.2AI score0.00459EPSS
Exploits0References2
CVE
CVE
added 2 days ago25 views

CVE-2026-46341

CVE-2026-46341 affects Apify MCP Server prior to v0.9.21, where fetch-apify-docs.ts validates allowed domains with a startsWith() check instead of proper hostname comparison, enabling attacker-controlled subdomains (e.g., https://docs.apify.com.evil.com/ or https://[email protected]/) to pa...

6.1CVSS6.2AI score0.00194EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-46341 Apify MCP server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...

6.1CVSS0.00194EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-55652 Wekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan allows unauthenticated full account takeover (incl. admin)

Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADERLOGINTRUSTEDIPS uses getRequestIp in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-For header before the real socket address, allowing an unauthenticated attacker to send HEADERLOGINID f...

9.8CVSS0.00355EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-46635

Twig is a template language for PHP. Prior to 3.26.0, the column filter passes object arrays to PHP arraycolumn, which reads public and magic properties without reaching CoreExtension::getAttribute or SandboxExtension::checkPropertyAllowed, allowing an untrusted template author with column in...

5.3CVSS0.00297EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-48808 Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...

6CVSS6.1AI score0.00239EPSS
Exploits0References5
NVD
NVD
added 4 days ago5 views

CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS0.0029EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-44767 Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS0.00181EPSS
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2026-44767

The CVE-2026-44767 issue arises from setThemeRoot() not enforcing the sap-allowed-theme-origins allowlist, allowing an attacker-controlled absolute cross-origin URL to be stored and used in a element even without a sap-allowed-theme-origins meta tag. The same bypass is reachable via the ?sap-the...

6.1CVSS6.2AI score0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-44767

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS6.2AI score0.00181EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/10 1:58 p.m.9 views

EUVD-2026-42899

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
CVE
CVE
added 2026/07/10 1:58 p.m.7 views

CVE-2026-61434

CVE-2026-61434 involves PraisonAI prior to version 4.6.78, where an allowlist bypass in shell command execution enables attackers to abuse find’s built-in -exec, -execdir, and -delete actions. By crafting find commands that use these actions, an attacker can read blocked files, delete files, or r...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 1:58 p.m.5 views

CVE-2026-61434 PraisonAI before 4.6.78 Allowlist Bypass via find -exec

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.7CVSS6.3AI score0.00579EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 8:30 a.m.6 views

CVE-2026-9838

The CVE-2026-9838 entry concerns the ICS Calendar plugin for WordPress. It describes a Reflected Cross-Site Scripting (XSS) vulnerability via the htmltagtitle parameter in all versions up to and including 12.0.9. The root cause is insufficient input sanitization and output escaping, with exploita...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References10
NVD
NVD
added 2026/07/10 3:16 a.m.7 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
CVE
CVE
added 2026/07/10 1:45 a.m.12 views

CVE-2026-15319

The CVE-2026-15319 entry concerns Sipeed PicoClaw up to version 0.2.9, where the IPAllowlist function in web/backend/middleware/access_control.go within the Launcher component can be manipulated, leading to improper access controls. This vulnerability is exploitable remotely, and public disclosur...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7
Rows per page
Query Builder