Lucene search
K

13633 matches found

RedhatCVE
RedhatCVE
added 2026/03/06 2:37 p.m.5 views

CVE-2026-29122

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS5.8AI score0.00139EPSS
Exploits1References1
CVE
CVE
added 2026/03/06 7:56 a.m.20 views

CVE-2026-2331

CVE-2026-2331 describes unauthenticated read/write access to sensitive filesystem areas via AppEngine Fileaccess over HTTP caused by improper access restrictions. A critical filesystem directory was exposed through the HTTP-based file access feature, allowing access without authentication. Impact...

9.8CVSS6AI score0.00886EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/06 6:54 a.m.5 views

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS5.8AI score0.00484EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 6:42 a.m.3 views

CVE-2026-28800

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

6.4CVSS5.7AI score0.00213EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 6:42 a.m.27 views

CVE-2026-28800 Natro Macro: Malicious actions allowed through Discord RC Commands by any user

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

6.4CVSS0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/06 6:42 a.m.3 views

CVE-2026-28800 Natro Macro: Malicious actions allowed through Discord RC Commands by any user

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

6.4CVSS5.7AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/03/06 6:42 a.m.15 views

CVE-2026-28800

Natro Macro (AutoHotkey) prior to 1.1.0 is affected: if Discord Remote Control is set up in a non-private channel, any user with permission to send messages can execute arbitrary actions on the victim’s machine, including keyboard and mouse inputs and full file access. The issue has been patched ...

8CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/06 6:42 a.m.5 views

CVE-2026-28800 Natro Macro: Malicious actions allowed through Discord RC Commands by any user

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

6.4CVSS5.7AI score0.00213EPSS
Exploits0References3
OSV
OSV
added 2026/03/06 4:59 a.m.2 views

CVE-2026-28429 Talishar: Critical Path Traversal in gameName Parameter

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone...

7.5CVSS5.7AI score0.00704EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/06 4:45 a.m.2 views

CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...

5.4CVSS5.7AI score0.00116EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.4 views

CVE-2026-29121

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00148EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.14 views

WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

7.5CVSS7.5AI score0.02584EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23660

Name of the Vulnerable Software and Affected Versions AppEngine affected versions not specified Description An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical...

9.8CVSS6AI score0.00886EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23649

Name of the Vulnerable Software and Affected Versions Talishar versions prior to commit 6be3871 Description A Path Traversal issue exists in Talishar, a fan-made Flesh and Blood project. The gameName parameter is susceptible to directory traversal sequences e.g., ../ due to a lack of internal...

7.5CVSS5.7AI score0.00704EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23653

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...

6.4CVSS5.7AI score0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

Amazon Linux 2023 : assertj-core, assertj-core-javadoc (ALAS2023-2026-1448)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1448 advisory. AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in...

9.1CVSS7.2AI score0.00542EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 10:16 p.m.4 views

CVE-2026-28482

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

7.1CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28482

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS6AI score0.00136EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.29 views

CVE-2026-28482 OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS0.00136EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28459

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

7.1CVSS6AI score0.00363EPSS
Exploits0References5
Rows per page
Query Builder