Lucene search
K

24 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.8 views

PT-2026-44891

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS5.8AI score0.0023EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 8:2 p.m.9 views

OpenBao's Namespace Deletion May Not Delete Data Properly

Impact When OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving unrelated storage entries around. Patches This will be patched in OpenBao...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-37251

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description An issue exists in the identity-based secrets management system where an initial failure during namespace deletion causes subsequent retries to fail to remove all data before the namespace is marked ...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.12 views

CVE-2022-31112

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

8.2CVSS6.5AI score0.01211EPSS
Exploits0References1
NVD
NVD
added 2025/11/14 3:15 p.m.6 views

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...

7.5CVSS0.00248EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-37278

Malicious code in bioql PyPI...

4.9CVSS6.5AI score0.00469EPSS
Exploits0References2
Veeam
Veeam
added 2025/04/09 12:0 a.m.10 views

Log Files Associated With Deleted Jobs or Tenants Are Not Automatically Deleted

Challenge The diagnostic log files created by Veeam Backup & Replication / Veeam Cloud Connect that are associated with a deleted or disabled job, repository, or tenant are not automatically removed and remain on disk taking up space. Cause This is expected behavior as log file management only...

6.9AI score
Exploits0
Saint
Saint
added 2024/12/20 12:0 a.m.103 views

Apache Struts file upload path traversal

Added: 12/20/2024 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

7.9AI score
Exploits0
CVE
CVE
added 2024/07/15 7:43 p.m.62 views

CVE-2024-38360

Discourse (3.2.x) is affected by a Denial of Service via the Watched Words feature. The issue arises when a moderator creates replacement words with an almost unlimited length, which can exhaust resources and reduce availability. Remediation is to upgrade to Discourse 3.2.3 or newer betas; for th...

4.9CVSS5.3AI score0.00469EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/07/09 12:5 p.m.52 views

CVE-2024-39869

Siemens SINEMA Remote Connect Server is affected: all versions prior to V3.2 SP1 allow uploading certificates, and an authenticated attacker can upload crafted certificates that cause a permanent Denial-of-Service. The vulnerability stems from improper handling during certificate upload (unusual/...

7.1CVSS6.6AI score0.0028EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/06 10:50 a.m.20 views

BIT-ARGO-CD-2023-40029

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request 7139 introduced the ability ...

9.9CVSS9.2AI score0.00975EPSS
Exploits1References3
OSV
OSV
added 2023/04/16 2:15 a.m.1 views

DEBIAN-CVE-2022-37186

In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...

5.9CVSS5.9AI score0.00725EPSS
Exploits1References1
OSV
OSV
added 2023/04/16 2:15 a.m.3 views

UBUNTU-CVE-2022-37186

In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...

5.9CVSS5.8AI score0.00725EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2023/04/16 12:0 a.m.48 views

CVE-2022-37186

In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...

5.9CVSS5.7AI score0.00725EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.1 views

SUSE CVE-2022-36062

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

6.4CVSS9.4AI score0.00596EPSS
Exploits0References14
OSV
OSV
added 2022/08/16 9:15 p.m.6 views

CVE-2022-37439

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malform...

5.5CVSS5.8AI score0.00191EPSS
Exploits0References2
Prion
Prion
added 2022/06/30 5:15 p.m.22 views

Design/Logic Flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

6.4CVSS8AI score0.01211EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/04 12:0 a.m.6 views

PT-2022-15910 · Netapp · Storagegrid

Name of the Vulnerable Software and Affected Versions: StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 Description: The issue allows disabled, expired, or locked external user accounts to access S3 data to which they previously had access. In StorageGRID 11.6.0, the user accoun...

4.9CVSS5AI score0.00735EPSS
Exploits0References4
Kitploit
Kitploit
added 2020/12/06 9:30 p.m.76 views

Hijackthis - A Free Utility That Finds Malware, Adware And Other Security Threats

HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs. HiJackThis Fork primarily detects hijacking methods rather than comparing items against a pre-built database. This allows it to detect new...

7.3AI score
Exploits0References17
Atlassian
Atlassian
added 2020/11/03 12:25 p.m.18 views

Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page

h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...

0.3AI score
Exploits0Affected Software1
Rows per page
Query Builder