Lucene search
K

545 matches found

CNNVD
CNNVD
added 2026/05/19 12:0 a.m.7 views

MantisBT 安全漏洞

MantisBT is a set of web-based open-source defect tracking systems developed by the MantisBT team. This system provides project management and defect tracking services through web-based operations. Versions 2.28.0 and 2.28.1 of MantisBT contain security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:36 p.m.7 views

CVE-2026-44377

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

9.1CVSS5.9AI score0.00735EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/10 12:0 a.m.6 views

MAL-2026-3646 Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/05/05 9:31 a.m.6 views

EUVD-2026-27233

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

4.6CVSS5.9AI score0.00376EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2013-0266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable...

5.5CVSS5.7AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a security vulnerability. This vulnerability stemmed from storing the Nostr privateKey in plain text within the configuration files. It was exploited through a call...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:57 p.m.4 views

CVE-2026-41332

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 p.m.6 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

9.8CVSS6.5AI score0.07061EPSS
Exploits1References1
CVE
CVE
added 2026/04/14 12:0 a.m.36 views

CVE-2025-61260

The CVE-2025-61260 issue affects the OpenAI Codex CLI, specifically versions prior to 0.23.0. The root cause is improper handling of repository-local configuration files (notably .env and .codex/config.toml) that are loaded automatically when the codex command is executed in a malicious or compro...

9.8CVSS6.5AI score0.07061EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/10 9:21 a.m.27 views

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

6.5CVSS0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

systemd 安全漏洞

Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Prior to version 260, there was a security vulnerability...

6.4CVSS5.8AI score0.00072EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/09 2:5 p.m.10 views

Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/04/08 9:52 p.m.3 views

Command Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.6CVSS6.2AI score0.00419EPSS
Exploits1References2
Fedora
Fedora
added 2026/04/08 12:54 a.m.3 views

[SECURITY] Fedora 43 Update: corosync-3.1.10-2.fc43

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...

8.2CVSS5.9AI score0.00994EPSS
Exploits2
Snyk
Snyk
added 2026/03/26 8:33 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the importConfig process. An attacker can execute arbitrary code on the server by importing a crafted configuration file containing malicious paths. Details A Directory Traversal attack also known as path travers...

8.8CVSS7.1AI score0.00434EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.3 views

CVE-2025-36051

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...

6.2CVSS5.8AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

9.3CVSS6.2AI score0.00527EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 9:16 p.m.4 views

CVE-2026-30976

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

8.6CVSS0.00669EPSS
Exploits0References3
CVE
CVE
added 2026/03/23 9:0 p.m.7 views

CVE-2025-60949

CVE-2025-60949 affects Census CSWeb. In version 8.0.1, the path app/config can be exposed over HTTP in some deployments, allowing a remote, unauthenticated attacker to request configuration files and obtain leaked secrets. Impact is described in CVE records as high confidentiality/integrity risks...

9.3CVSS5.8AI score0.00405EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/20 10:40 p.m.21 views

CVE-2026-32810 Halloy has insecure file permissions on credential files

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

4.8CVSS0.00175EPSS
Exploits1References2
Rows per page
Query Builder