Lucene search
K

219792 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RockyLinux 10 : kernel (RLSA-2026:13566)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13566 advisory. kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of service or privilege escalation CVE-2026-23270 kernel: nfsd: fix he...

9.8CVSS6.4AI score0.96775EPSS
Exploits228References11
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to properly preserve the OPENCLAWRuntime Control Environment namespace in the workspace dotenv file, which can be exploited by an attacker to manipula...

8.5CVSS5.8AI score0.00129EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37571

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the usb keene probe function. The v4l2 control handler is initialized and controls are added, but if the v4l2 device register or video register device functions...

5.5CVSS5.4AI score0.00128EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37558

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the tw9903 probe function. In a specific error path, memory allocated by v4l2 ctrl handler init and v4l2 ctrl new std is not properly released. Recommendations At...

5.5CVSS5.4AI score0.00128EPSS
Exploits0References18
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

Cisco ISE 安全漏洞

Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that arises from observing error messages when calling affected API endpoint...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: icmp: fix null-ptr-deref in icmpbuildprobe ipv6stub-ipv6devfind may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not...

7.5CVSS7.1AI score0.0049EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38243

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An authorization bypass exists in Matrix room control-command authorization due to improper trust in DM pairing-store entries. Attackers possessing DM-paired sender IDs can execute room control...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.25 views

PT-2026-38285

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0 through 4.17.11 Craft CMS versions 5.0.0 through 5.9.17 Description The GraphQL Address element resolver in src/gql/resolvers/elements/Address.php fails to perform schema scope filtering on top-level queries. While oth...

7.1CVSS5.8AI score0.00338EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

Cisco IoT Field Network Director 访问控制错误漏洞

The Cisco IoT Field Network Director is an end-to-end IoT management system developed by Cisco, Inc. This system offers features such as device management, asset tracking, and intelligent metering. There is an access control vulnerability present in the Cisco IoT Field Network Director. This...

7.7CVSS5.8AI score0.00272EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.12 views

RHCOS 3 : OpenShift Container Platform 3.11.569 (RHSA-2021:4827)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4827 advisory. - jenkins: FilePathmkdirs does not check permission to create parent directories CVE-2021-21685 - jenkins: File path filters do not...

9.8CVSS5.9AI score0.02451EPSS
Exploits0References37
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.6.51 (RHSA-2021:4799)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4799 advisory. - jenkins: FilePathmkdirs does not check permission to create parent directories CVE-2021-21685 - jenkins: File path filters do not...

9.8CVSS5.9AI score0.02451EPSS
Exploits0References30
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.14 views

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-unauth-bypass-uxjRXGpb)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists becaus...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.12 views

RHCOS 4 : OpenShift Container Platform 4.10.6 (RHSA-2022:1025)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1025 advisory. - workflow-cps: OS command execution through crafted SCM contents CVE-2022-25173 - workflow-cps-global-lib: OS command execution...

8.8CVSS6AI score0.01758EPSS
Exploits0References26
OSV
OSV
added 2026/05/05 10:17 p.m.7 views

GHSA-84HM-WFH8-C5PG sse-channel: SSE Injection via unsanitized event fields

Impact Implementations that allows user-provided values to be passed to event, retry or id fields would be susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. - Event Spoofing: Attacker can inject arbitrary SSE events into the stream - Client-side...

8.7CVSS5.9AI score0.0041EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/05 9:16 p.m.8 views

External Control of File Name or Path

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to External Control of File Name or Path through the backup restoration. An attacker can access arbitrary local files by supplying a crafted backup archive containing ...

8.7CVSS5.9AI score0.00354EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 9:15 p.m.13 views

External Control of File Name or Path

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to External Control of File Name or Path via the fetch...

8.8CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/05 9:15 p.m.4 views

GHSA-CFCJ-HQPF-HCCF @evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE)

Summary The evolver fetch subcommand in index.js writes Hub-supplied bundledfiles into a directory derived from a Hub-supplied skillid. When --out is not used, the path-sanitizing regex permits . characters, allowing a skillid of .. to escape the skills/ subdirectory and resolve to the user's...

8.8CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2026/05/05 9:4 p.m.6 views

CLSA-2026-1777627629 openssh: Fix of CVE-2026-35386

CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...

8.1CVSS5.9AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 8:16 p.m.7 views

CVE-2026-33420

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

5.3CVSS0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/05 7:30 p.m.7 views

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS6.2AI score0.00174EPSS
Exploits1References1
Rows per page
Query Builder