Lucene search
K

641 matches found

Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26336

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.1 Description Langflow is susceptible to an arbitrary file write issue through the POST /api/v2/files API endpoint. The vulnerability stems from a lack of boundary containment checks in the storage layer, which...

9.9CVSS6.1AI score0.01417EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.13 views

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-1610)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the...

7.8CVSS7.5AI score0.00519EPSS
Exploits6References241
Snyk
Snyk
added 2026/03/09 7:52 p.m.11 views

Use of GET Request Method With Sensitive Query Strings

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the process that appends authentication material to the browser URL query string and persists it in browser localStorage. An...

8.4CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/09 7:52 p.m.13 views

OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage

OpenClaw's macOS Dashboard flow exposed Gateway authentication material to browser-controlled surfaces. Before the fix, the macOS app appended the shared Gateway token and password to the Dashboard URL query string when opening the Control UI in the browser. The Control UI then imported the token...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/07 5:7 a.m.6 views

CVE-2026-30821 Flowise: Arbitrary File Upload via MIME Spoofing

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELISTURLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on th...

8.2CVSS6AI score0.1833EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/04 7:45 p.m.5 views

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

6.2CVSS5.9AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 8:16 p.m.5 views

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

3.3CVSS5.8AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 7:43 p.m.6 views

EUVD-2025-208255

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

6.2CVSS5.9AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22799

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

6.2CVSS5.9AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.6 views

CVE-2026-23939

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

7.5CVSS5.9AI score0.00409EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 8:31 p.m.6 views

CVE-2026-27510

Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...

8.8CVSS6.6AI score0.00292EPSS
Exploits1References3
NVD
NVD
added 2026/02/26 8:31 p.m.12 views

CVE-2026-23939

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

7.5CVSS0.00409EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/26 7:41 p.m.6 views

EUVD-2026-8886

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

6.9CVSS5.5AI score0.00409EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 7:41 p.m.6 views

CVE-2026-23939 Path Traversal in Local File Store Backend

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

6.9CVSS6AI score0.00409EPSS
Exploits0References8
OSV
OSV
added 2026/02/26 7:41 p.m.4 views

EEF-CVE-2026-23939 Path Traversal in Local File Store Backend

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

6.9CVSS5.8AI score0.00409EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 7:41 p.m.5 views

CVE-2026-23939 Path Traversal in Local File Store Backend

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

6.9CVSS5.4AI score0.00409EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/26 7:41 p.m.24 views

CVE-2026-23939 Path Traversal in Local File Store Backend

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

6.9CVSS0.00409EPSS
Exploits0References4
CVE
CVE
added 2026/02/26 7:41 p.m.29 views

CVE-2026-23939

The CVE-2026-23939 issue affects the Local Storage backend of hexpm (Elixir.Hexpm.Store.Local) used in self-hosted deployments. The vulnerability is a path traversal flaw in local storage routines get/3, put/4, delete/2, and delete_many/2 within lib/hexpm/store/local.ex, allowing relative path tr...

7.5CVSS5.5AI score0.00409EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.9 views

PT-2026-22179

Name of the Vulnerable Software and Affected Versions Unitree Go2 versions 1.1.7 through 1.1.11 Description Remote code execution is possible due to a lack of integrity protection and validation of user-created programs when used with the Unitree Go2 Android application com.unitree.doggo2. The...

9.6CVSS6AI score0.00292EPSS
Exploits1References30
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.10 views

PT-2026-22180

Name of the Vulnerable Software and Affected Versions hexpm versions prior to 5d2ccd2f14f45a63225a73fb5b1c937baf36fdc0 Description A path traversal issue exists in hexpm’s Local Storage backend, impacting self-hosted deployments. The issue resides within the 'Elixir.Hexpm.Store.Local' module and...

6.9CVSS5.9AI score0.00409EPSS
Exploits0References6
Rows per page
Query Builder