Lucene search
K

219817 matches found

EUVD
EUVD
added 2026/05/06 9:31 p.m.7 views

EUVD-2026-28007

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 9:31 p.m.8 views

EUVD-2024-28087

HCL BigFix Service Management SX is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system...

8.3CVSS5.8AI score0.00248EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/06 9:8 p.m.29 views

CVE-2026-43198

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS5.8AI score0.0028EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/06 8:51 p.m.92 views

Exploit for CVE-2026-40776

CVE-2026-40776 Eventin wp-event-solution Broken Access C...

5.8AI score0.00414EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/05/06 8:47 p.m.11 views

CVE-2026-43190

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

8.2CVSS5.7AI score0.00463EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/06 8:28 p.m.11 views

Malicious code in test-py-conn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/06 8:28 p.m.9 views

MAL-2026-3356 Malicious code in test-py-conn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.10 views

CVE-2026-42436

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.6 views

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH conso...

7.4CVSS5.8AI score0.00753EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.9 views

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.8CVSS6.2AI score0.00174EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.14 views

CVE-2026-25588

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

8.8CVSS6.2AI score0.01029EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 8:16 p.m.6 views

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS0.00288EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.9 views

CVE-2026-44114 OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

8.5CVSS5.8AI score0.00129EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.5 views

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References5
CVE
CVE
added 2026/05/06 7:49 p.m.15 views

CVE-2026-44110

OpenClaw is affected by CVE-2026-44110, with vulnerability present in versions before 2026.4.15. The issue is an authorization bypass in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without be...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.7 views

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.31 views

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS0.00288EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.8 views

CVE-2026-43579

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.8 views

CVE-2026-43579 OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.31 views

CVE-2026-43579 OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS0.00218EPSS
Exploits0References3
Rows per page
Query Builder