CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

663 matches found

Cvelist•added 2026/03/24 7:15 p.m.•18 views

CVE-2026-33330 FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save...

7.1CVSS0.00014EPSS

Exploits1References3

CNVD•added 2026/03/24 12:0 a.m.•1 views

OpenClaw has an unspecified vulnerability (CNVD-2026-14838)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to enforce sender authorization checks on interactive callbacks in shared workspace deployments, which can be exploited by an attacker to cause...

8.1CVSS5.9AI score0.00042EPSS

Exploits0References1

Veracode•added 2026/03/21 5:24 a.m.•4 views

Code Injection

SimpleEval is vulnerable to code injection. The vulnerability is due to objects leaking dangerous modules through to direct access inside the sandbox, where dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call...

9.8CVSS8.4AI score0.00052EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/20 4:16 a.m.•2 views

DEBIAN-CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

8.1CVSS5.3AI score0.00059EPSS

Exploits0References1

UbuntuCve•added 2026/03/20 4:16 a.m.•0 views

CVE-2026-32942

9.3CVSS5.8AI score0.00059EPSS

Exploits0References4

CVE•added 2026/03/20 3:43 a.m.•7 views

CVE-2026-32942

PJSIP (C library) contains a heap use-after-free in the ICE session for versions 2.16 and earlier, caused by race conditions between session destruction and callbacks. This may lead to crashes; upgrading to version 2.17 fixes the issue. References confirm affected versions and fix.

9.3CVSS5.7AI score0.00059EPSS

Exploits0References3Affected Software1

AlpineLinux•added 2026/03/20 3:43 a.m.•1 views

CVE-2026-32942

9.3CVSS5.3AI score0.00059EPSS

Exploits0

Cvelist•added 2026/03/20 3:43 a.m.•20 views

CVE-2026-32942 PJSIP has ICE session use-after-free race conditions

9.3CVSS0.00059EPSS

Exploits0References3

Positive Technologies•added 2026/03/20 12:0 a.m.•3 views

PT-2026-26551

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and below Description PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free issue in the ICE session. This occurs when race conditions happen...

9.3CVSS5.8AI score0.00059EPSS

Exploits0References8

NVD•added 2026/03/19 10:16 p.m.•2 views

CVE-2026-32005

OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...

8.1CVSS0.00042EPSS

Exploits0References3

OSV•added 2026/03/19 10:16 p.m.•1 views

CVE-2026-32005

6.8CVSS5.9AI score

Exploits0References3

Vulnrichment•added 2026/03/19 10:6 p.m.•1 views

CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip

7.6CVSS5.8AI score0.00042EPSS

Exploits0References3

CVE•added 2026/03/19 10:6 p.m.•3 views

CVE-2026-32005

OpenClaw CVE-2026-32005 affects versions before 2026.2.25. The root cause is a failure to enforce sender authorization checks for interactive callbacks (block_action, view_submission, view_closed) in shared workspace deployments, allowing unauthorized workspace members to bypass allowFrom restric...

8.1CVSS5.8AI score0.00042EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/03/19 10:6 p.m.•15 views

CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip

7.6CVSS0.00042EPSS

Exploits0References3

ATTACKERKB•added 2026/03/19 10:6 p.m.•1 views

CVE-2026-32005

7.6CVSS5.8AI score0.00042EPSS

Exploits0References4

EUVD•added 2026/03/19 10:6 p.m.•5 views

EUVD-2026-13261

7.6CVSS5.8AI score0.00042EPSS

Exploits0References3

SUSE CVE•added 2026/03/19 12:25 a.m.•0 views

SUSE CVE-2026-32836

drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...

6.9CVSS5.3AI score0.00016EPSS

Exploits1References3

CNNVD•added 2026/03/19 12:0 a.m.•3 views

OpenClaw 安全漏洞

8.1CVSS5.8AI score0.00042EPSS

Exploits0References3

EUVD•added 2026/03/17 9:31 p.m.•1 views

EUVD-2026-12631

drlibs version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and...

6.9CVSS5.8AI score0.00016EPSS

Exploits1References3

OSV•added 2026/03/17 8:16 p.m.•0 views

CVE-2026-32836

drlibs drflac.h version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and...

5.5CVSS5.9AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by