Lucene search
K

219817 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37092

Name of the Vulnerable Software and Affected Versions redis-server versions prior to 8.6.3 Description Redis is an in-memory data structure store. The RESTORE command fails to properly validate serialized values. An authenticated attacker with permissions to execute this command can provide a...

9CVSS6.2AI score0.02995EPSS
Exploits0References59
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.7 views

PT-2026-37093

Name of the Vulnerable Software and Affected Versions RedisBloom versions prior to 2.8.20 Description RedisBloom, a probabilistic data structures module for Redis, fails to properly validate serialized values processed via the 'RESTORE' command. An authenticated attacker with permissions to execu...

9CVSS6.2AI score0.01206EPSS
Exploits0References31
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-36973

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git operation of the file src/code mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attac...

7.5CVSS6.8AI score0.01339EPSS
Exploits0References6
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/05/05 12:0 a.m.15 views

InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Google Chrome 访问控制错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a access control vulnerability. This vulnerability stemmed from insufficient policy enforcement in Autofill, which could allow remote attackers to exploit the vulnerability through...

4.3CVSS5.8AI score0.00157EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the Extensions policy, which could allow remote attackers to bypass autonomous access control...

4.2CVSS5.9AI score0.00172EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/04 10:20 p.m.13 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/04 10:20 p.m.16 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS6.1AI score0.96775EPSS
Exploits228References5
RedHat Linux
RedHat Linux
added 2026/05/04 9:46 p.m.8 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/04 9:46 p.m.22 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.2AI score0.96775EPSS
Exploits228References5
Snyk
Snyk
added 2026/05/04 9:30 p.m.10 views

Access Control Bypass

Overview rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Access Control Bypass via the API authentication process. An attacker can gain unauthorized access to other users' data and perform actions on their behalf by using any valid ...

8.6CVSS5.8AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 9:28 p.m.10 views

Directory Traversal

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Directory Traversal via the normalize or equal functions. An attacker can bypass path-based access controls by submitting specially crafted percent-encoded or dot segmen...

8.7CVSS6.3AI score0.00521EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/04 9:14 p.m.16 views

OpenClaw's Gateway Control UI bootstrap config required Gateway auth

Summary Gateway Control UI bootstrap config required Gateway auth. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact When Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without ...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/04 9:14 p.m.5 views

GHSA-93RG-2XM5-2P9V OpenClaw's Gateway Control UI bootstrap config required Gateway auth

Summary Gateway Control UI bootstrap config required Gateway auth. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact When Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without ...

6.9CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/04 8:22 p.m.11 views

Access Control Bypass

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Access Control Bypass via the MCP loopback process. An attacker can gain unauthorized access to owner-gated operations by spoofing owner-context metadata in request headers. Remediation...

8.5CVSS5.8AI score0.00112EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 8:21 p.m.5 views

GHSA-Q3JJ-46PQ-826R OpenClaw's ACP child sessions inherit subagent security envelope constraints

Summary ACP child sessions inherit subagent security envelope constraints. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A restricted subagent spawning an ACP child session could fail to carry forward subagent-only...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/04 8:19 p.m.8 views

Arbitrary Command Injection

Claude Code is vulnerable to Arbitrary Command Injection. The vulnerability is due to lack of validation of the git worktree commondir file when determining folder trust, which allows an attacker to bypass trust checks and execute malicious hooks...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:44 p.m.6 views

Incus has Unbounded YAML Metadata Decode via Parsing

Summary User provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when parsed by Incus would lead to a very large YAML document being loaded int...

5.3CVSS5.7AI score0.00269EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 7:42 p.m.11 views

CVE-2026-6525

A flaw was found in the IEEE 802.11 dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service. Mitigation If the IEEE 802.11 protocol dissector is not being used, it can be...

5.5CVSS5.7AI score0.00181EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/05/04 7:17 p.m.92 views

Exploit for Missing Authentication for Critical Function in Cpanel

A recente vulnerabilidade CVE-2026-41940 trouxe grande preocupaç...

9.8CVSS6AI score0.981EPSS
Exploits64
Rows per page
Query Builder