Lucene search
+L

2885 matches found

CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from an access control bypass vulnerability in the allowProfiles function. This allowed attackers to...

8.1CVSS5.8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 10:6 p.m.13 views

MAL-2026-3000 Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

5.5AI score
Exploits0References6
EUVD
EUVD
added 2026/04/17 6:31 p.m.5 views

EUVD-2026-23450

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References4
OSV
OSV
added 2026/04/17 4:0 p.m.3 views

CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.9AI score0.0023EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/16 8:41 p.m.3 views

Arbitrary File Upload

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Arbitrary File Upload in the backup restoration, due to insufficient filtering of configuration files. An attacker with access to create...

8CVSS6.1AI score0.00708EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/16 8:41 p.m.4 views

EUVD-2026-23001

Weblate: Remote code execution during backup restoration...

8CVSS6.2AI score0.00708EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 8:41 p.m.4 views

GHSA-558G-H753-6M33 Weblate: Remote code execution during backup restoration

Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...

8CVSS6.4AI score0.00708EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/16 8:41 p.m.9 views

Weblate: Remote code execution during backup restoration

Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...

8CVSS6.4AI score0.00708EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 6:13 p.m.5 views

CVE-2026-33435 Weblate: Remote code execution during backup restoration

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00708EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/15 10:21 a.m.5 views

Security update for libssh

This update for libssh fixes the following issues: CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler bsc1259377. CVE-2026-0964: SCP protocol path traversal in sshscppullrequest bsc1258049. CVE-2026-0965: possible denial of service when parsing unexpected...

6.9CVSS6.5AI score0.00631EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33116

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

8CVSS6.4AI score0.00708EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/14 3:30 p.m.18 views

Arbitrary Code Injection

Overview @openai/codex is a OpenAI Codex CLI Lightweight coding agent that runs in your terminal Affected versions of this package are vulnerable to Arbitrary Code Injection via the automatic loading of .env and .codex/config.toml files when executing the CLI in a compromised repository. An...

9.8CVSS6AI score0.06583EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.4 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.4AI score0.06583EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.5 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.5AI score0.06583EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

OpenAI Codex CLI 安全漏洞

OpenAI Codex CLI is a lightweight coding agent software developed by OpenAI and run in the terminal. OpenAI Codex CLI versions prior to v0.23.0 have security vulnerabilities; these vulnerabilities stem from automatically loading malicious MCP configuration files, which may allow arbitrary code to...

9.8CVSS6.2AI score0.06583EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.32 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

0.06583EPSS
Exploits1References1
Fedora
Fedora
added 2026/04/12 3:53 p.m.8 views

[SECURITY] Fedora 42 Update: corosync-3.1.9-4.fc42

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...

8.2CVSS5.8AI score0.00994EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/04/10 10:28 a.m.11 views

CVE-2021-47960

A flaw was found in Synology SSL VPN Client. This vulnerability allows remote attackers to access sensitive files within the installation directory. By leveraging user interaction with a specially crafted web page, attackers can exploit a local HTTP server bound to the loopback interface to...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 10:16 a.m.5 views

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

6.5CVSS0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/10 9:21 a.m.8 views

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References1
Rows per page
Query Builder