Lucene search
K

65326 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49268

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.29 views

CVE-2026-50881

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.13 views

CVE-2026-50881

The vulnerability CVE-2026-50881 affects impworks Bonsai v6.0 and is due to incorrect access control. Authenticated attackers with Editor privileges can escalate to Administrator and perform unauthorized account, password, and configuration changes. The NVD/ENISA and related sources describe the ...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49322

Name of the Vulnerable Software and Affected Versions impworks Bonsai version 6.0 Description Incorrect access control allows authenticated attackers with Editor privileges to escalate their privileges to Administrator. This can lead to unauthorized changes to accounts, passwords, and system...

8.1CVSS5.9AI score0.00248EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-8358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for tw...

6.9CVSS6.1AI score0.00171EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

openSUSE 16 Security Update : java-17-openj9 (openSUSE-SU-2026:20943-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20943-1 advisory. Changes in java-17-openj9: - Make post scripts less noisy bsc1267355 - Use libalternatives instead of update-alternatives for distributions wher...

9.8CVSS7.1AI score0.01157EPSS
Exploits2References85
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36621

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...

7.7CVSS5.2AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 12:3 a.m.25 views

RLSA-2026:25049 Critical: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...

9CVSS6AI score0.12797EPSS
Exploits8References7
Snyk
Snyk
added 2026/06/12 11:6 p.m.7 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation in the QQBot streaming command. An attacker can alter configuration settings by accessing the command without meeting explicit allowlist entry requirements. Remediation...

7.7CVSS5.9AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 11:6 p.m.4 views

User Impersonation

Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to User Impersonation in the QQBot streaming command. An attacker can alter configuration settings by accessing the command without meeting explic...

7.7CVSS5.9AI score0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.7 views

CVE-2026-53833 QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...

7.7CVSS5.2AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 7:59 p.m.32 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:44 p.m.30 views

CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 3:46 p.m.8 views

EUVD-2026-36498

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to restrict roleupdated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change...

4.3CVSS5.3AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 3:46 p.m.16 views

CVE-2026-3433

Mattermost is affected in versions 11.6.x &lt;= 11.6.1, 11.5.x &lt;= 11.5.4, 10.11.x &lt;= 10.11.15, 10.11.x

4.3CVSS5.3AI score0.0018EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.21 views

CVE-2026-44631

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service. Mitigation Only loadtrustedApache configuration; the bug triggers...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 8:44 a.m.3 views

SUSE-SU-2026:22133-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Update to version 20260430.00: Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604 bsc1260264, CVE-2026-33186 Backport oslogin changes for sles16 to...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References18
NVD
NVD
added 2026/06/12 4:17 a.m.13 views

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

8.1CVSS0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.8 views

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

8.1CVSS5.2AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.31 views

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

8.1CVSS0.00264EPSS
Exploits0References1
Rows per page
Query Builder