Lucene search
K

1065 matches found

Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.68 views

📄 Remote Sunrise Helper for Windows 2026.14 Arbitrary File Read

Remote Sunrise Helper for Windows 2026.14 suffers from an unauthenticated file read vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File Read Date: 2026-04-20 Exploit Author: Chokri Hammedi Software: https://rs.ltd/latest.php?os=win...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/17 10:17 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the host-media attachment read helper. An attacker can access unauthorized local files by bypassing sender or group-scoped policy restrictions through the...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:17 p.m.5 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the outbound media handling. An attacker can access arbitrary local files by referencing host-local paths outside the intended media storage boundary in reply text...

9.6CVSS6.4AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 8:41 p.m.12 views

GHSA-MQPH-7H49-HQFM Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository

Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18516 Workarounds The CDN add-on is not enabled by default. References Thanks to @spbavarva for reporting this responsibly via GitHub...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

WSO2 API Manager 安全漏洞

The WSO2 API Manager is a set of API lifecycle management solutions provided by the American company WSO2. There is a security vulnerability present in the WSO2 API Manager publishers. This vulnerability stems from the component’s inability to disable external entity resolution when accepting XML...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.7 views

Cisco ThousandEyes Enterprise Agent 安全漏洞

Cisco ThousandEyes Enterprise Agent is an application developed by Cisco, a US-based company. It provides extended visibility, automated insights, and seamless workflows. There is a security vulnerability in Cisco ThousandEyes Enterprise Agent, which stems from improper access control in the loca...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 3:30 p.m.6 views

EUVD-2026-22274

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/14 3:30 p.m.5 views

EUVD-2026-22276

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References4
NVD
NVD
added 2026/04/14 3:16 p.m.4 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS0.00204EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 3:16 p.m.2 views

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS0.002EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 1:56 p.m.24 views

CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS0.00204EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 1:56 p.m.2 views

CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:56 p.m.2 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/14 1:56 p.m.10 views

CVE-2026-4344

CVE-2026-4344 describes a Stored XSS vulnerability in the Autodesk Fusion desktop application. A malicious HTML payload in the component name, when shown in a delete confirmation dialog and clicked by a user, can execute script in the user’s context. The CVE notes potential to read local files or...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 1:56 p.m.2 views

CVE-2026-4345 Stored Cross-Site Scripting (XSS) Vulnerability in Design Name

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 1:47 p.m.13 views

CVE-2026-4369

The CVE-2026-4369 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Autodesk Fusion desktop app tied to a malicious payload in an assembly variant name. The vulnerability can be triggered when the affected variant name is rendered in the delete confirmation dialog, and a user c...

7.1CVSS6.1AI score0.002EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:47 p.m.1 views

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32646

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.3 views

Autodesk Fusion 跨站脚本漏洞

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads stored in the design names. This vulnerability can lead to storage-based cross-site scripting...

7.1CVSS6AI score0.00204EPSS
Exploits0References3
Debian
Debian
added 2026/04/13 6:33 p.m.6 views

[BSA-131] Security Update for flatpak

Simon McVittie uploaded new packages for flatpak which fixed the following security problems, the same as in DSA 6207-1: CVE-2026-34078, which allowed a Flatpak app to break out of the sandbox, resulting in code execution in the host context CVE-2026-34079, which allowed a Flatpak app to delete...

10CVSS6.2AI score0.0168EPSS
Exploits0
Rows per page
Query Builder