Lucene search
K

219778 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

Microsoft Azure Managed Instance for Apache Cassandra 访问控制错误漏洞

Microsoft Azure Managed Instance for Apache Cassandra is a service provided by Microsoft for Apache Cassandra on Azure. There is an access control vulnerability in Microsoft Azure Managed Instance for Apache Cassandra; this vulnerability stems from improper access control mechanisms, which may...

9.9CVSS6.2AI score0.00711EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38577

Name of the Vulnerable Software and Affected Versions Azure Managed Instance for Apache Cassandra affected versions not specified Description Improper access control allows an authorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newer...

9.9CVSS6AI score0.00711EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38583

Name of the Vulnerable Software and Affected Versions Azure AI Foundry M365 published agents affected versions not specified Description Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network. Recommendations At the...

10CVSS5.8AI score0.01164EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38478

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

8.8CVSS6.2AI score0.01206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38470

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

8.8CVSS6.2AI score0.01029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38469

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38476

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 12:0 a.m.6 views

MAL-2026-3641 Malicious code in camelotlabs-core (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.10 views

PT-2026-38484

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38368

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF Npcf SMPolicyControl service lacks authentication middleware in the NewServer function, where the smPolicyGroup route group is created without attaching the RouterAuthorizationCheck middlewar...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38455

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote unauthenticated attacker to invoke arbitrary methods. Recommendations Upda...

9.8CVSS6AI score0.00819EPSS
Exploits0References8
Talos
Talos
added 2026/05/07 12:0 a.m.15 views

Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability

Talos Vulnerability Report TALOS-2025-2305 Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability May 7, 2026 CVE Number CVE-2026-30817 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore routeup functionality of Tp-Link...

6.8CVSS6AI score0.00276EPSS
Exploits0
OSV
OSV
added 2026/05/06 11:13 p.m.2 views

GHSA-9H64-2846-7X7F Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening

Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...

9.1CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 11:13 p.m.10 views

Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening

Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...

5.9AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/06 9:52 p.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...

6.3CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.10 views

EUVD-2026-28170

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 9:31 p.m.6 views

EUVD-2026-28194

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

8.5CVSS5.8AI score0.00129EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 9:31 p.m.9 views

EUVD-2026-28186

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.10 views

Duplicate Advisory: OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gvc-4f3c-2855. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/06 9:31 p.m.14 views

GHSA-9R9J-3R2W-FG3V Duplicate Advisory: OpenClaw: Workspace dotenv could override runtime-control environment variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hxvm-xjvf-93f3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace...

8.5CVSS5.7AI score0.00129EPSS
Exploits0References4
Rows per page
Query Builder