Lucene search
K

89763 matches found

CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from incomplete navigation protection, which could allow attackers to bypass SSRF policies and perform...

7.7CVSS5.8AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-38250

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.20 Description An issue in QQBot direct media upload allows for server-side request forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. This occurs because URL...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.12 views

RHCOS 4 : OpenShift Container Platform 4.7.13 (RHSA-2021:2122)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2122 advisory. - golang: data race in certain net/http servers including ReverseProxy can lead to DoS CVE-2020-15586 - golang: ReadUvarint and...

8.1CVSS5.8AI score0.3783EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform organized by Masa CMS. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cTrash.empty function not verifying the anti-CSRF token, which could allow attackers to induce...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.2.36 openshift (RHSA-2020:2594)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2594 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

6.3CVSS7.3AI score0.03679EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38228

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.restore function fails to properly validate anti-CSRF Cross-Site Request Forgery toke...

8.7CVSS5.7AI score0.00151EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

OpenClaw 输入验证错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.5 had a vulnerability related to input validation errors. This vulnerability stemmed from server-side request forgery in the CDP/json/version WebSocket endpoint, which might all...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38290

Name of the Vulnerable Software and Affected Versions dssrf versions prior to 1.3.0 Description A flaw in the library allows attackers to bypass Server-Side Request Forgery SSRF protections by using various IPv6 address categories. This occurs because the is url safe function fails to properly...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38308

Name of the Vulnerable Software and Affected Versions MISP Modules versions prior to 3.0.7 Description Unsafe remote resource fetching exists in expansion modules. The html to markdown module accepts arbitrary HTTPS URLs without sufficient validation, enabling Server-Side Request Forgery SSRF—a...

5.8CVSS6AI score0.00102EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the createBundle method in csettings.cfc, which did not properly validate the anti-CSRF token...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38265

Name of the Vulnerable Software and Affected Versions New API versions 0.11.9-alpha.1 and earlier Description New API, a large language model LLM gateway and artificial intelligence AI asset management system, contains a Server-Side Request Forgery SSRF flaw. This issue occurs due to insufficient...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37630

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS5.8AI score0.00095EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cTrash.restore function not properly verifying the anti-CSRF token, allowing attackers to...

8.7CVSS5.7AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-38237

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A server-side request forgery issue exists in the browser navigation policy. This allows attackers to bypass hostname validation using DNS rebinding attacks, which involve exploiting inconsisten...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38226

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cUsers.updateAddress function fails to properly validate anti-CSRF Cross-Site Request Forger...

7.1CVSS5.8AI score0.00165EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that stems from a server-side request forgery vulnerability in QQBot direct media uploads that skips URL authentication. An attacker can exploit this...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38227

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.empty function fails to validate anti-CSRF Cross-Site Request Forgery tokens for tras...

7.2CVSS5.8AI score0.00165EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cUsers.updateAddress function not properly verifying the anti-CSRF token, allowing attacke...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

HCL BigFix Service Management 跨站请求伪造漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may lead to unauthoriz...

5.7CVSS5.7AI score0.00095EPSS
Exploits0References1
Rows per page
Query Builder