Lucene search
K

162 matches found

CVE
CVE
added 2026/05/15 8:29 p.m.29 views

CVE-2026-45385

Summary (grounded): Open WebUI (self-hosted offline AI) contains an IDOR vulnerability in the update_message_by_id API for channels of type group/dm. In these paths, the code only verifies that the caller is a channel member (is_user_channel_member) and does not confirm message ownership, enablin...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:0 a.m.9 views

CVE-2026-8131 SourceCodester SUP Online Shopping replymsg.php sql injection

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-38654

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A security flaw in the file '/admin/replymsg.php' allows for remote SQL injection. This occurs through the manipulation of the msgid argument. SQL injection is a technique where...

7.5CVSS7.1AI score0.00318EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/06 11:32 a.m.29 views

CVE-2025-71291 misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()

In the Linux kernel, the following vulnerability has been resolved: misc: bcmvk: Fix possible null-pointer dereferences in bcmvkread In the function bcmvkread, the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause...

0.00123EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.5 views

CVE-2026-41402

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

4.2CVSS5.2AI score0.00266EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/28 6:9 p.m.7 views

EUVD-2026-26109

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

4.2CVSS5.2AI score0.00266EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were caused by a range bypass in the Webhook replay buffer deduplication process, which could allow authentication...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/27 11:24 p.m.6 views

CVE-2026-41362 OpenClaw 2026.2.19 through 2026.3.30 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS5.8AI score0.00274EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:35 p.m.4 views

CVE-2026-39971

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipityisResponseClean is not...

7.2CVSS5.9AI score0.00255EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 11:35 p.m.6 views

CVE-2026-39971 Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipityisResponseClean is not...

7.2CVSS5.9AI score0.00255EPSS
Exploits1References2
OSV
OSV
added 2026/04/14 11:35 p.m.3 views

CVE-2026-39971 Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipityisResponseClean is not...

7.2CVSS6AI score0.00255EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/14 10:32 p.m.7 views

Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

Summary Serendipity inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

7.2CVSS5.9AI score0.00255EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/14 10:32 p.m.4 views

GHSA-458G-Q4FH-MJ6R Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

Summary Serendipity inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

7.2CVSS5.9AI score0.00255EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/08 5:6 p.m.5 views

CVE-2026-35515

A flaw was found in Nest, a framework for building Node.js server-side applications. An attacker can exploit a vulnerability in the SseStream.transform function by injecting newline characters into message.type and message.id fields. This allows the attacker to inject arbitrary Server-Sent Events...

6.5CVSS5.9AI score0.00234EPSS
Exploits0References4
OSV
OSV
added 2026/04/06 5:59 p.m.3 views

GHSA-36XV-JGW5-4Q75 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Impact What kind of vulnerability is it? Who is impacted? SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and \n as field delimiters and \n\n as...

6.3CVSS6.1AI score0.00234EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/02 8:59 p.m.4 views

Replay Attack

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Replay Attack in the replay deduplication process. An attacker can bypass intended access restrictions by reusing messageId values across authenticated sibling-target delivery paths...

5.4CVSS5.8AI score0.00274EPSS
Exploits0References2
Circl
Circl
added 2026/03/31 5:24 p.m.4 views

GHSA-W36R-F268-PWRJ

creationtimestamp| type| source ---|---|--- 2026-03-31 17:24:58+00:00| seen| Telegram/ky16Z8CpY9UfGCFQKDuXqskkeRzODLCHisg6zhKBGmfTV8...

4.8AI score
Exploits0
NVD
NVD
added 2026/03/18 9:16 p.m.10 views

CVE-2026-25745

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint e.g. PUT or POST updates by message/note ID only and does not verify that the message belongs to the current patient or...

6.5CVSS0.00274EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 8:30 p.m.2 views

CVE-2026-25745

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint e.g. PUT or POST updates by message/note ID only and does not verify that the message belongs to the current patient or...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.5 views

CVE-2026-2488

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

4.3CVSS5.9AI score0.0022EPSS
Exploits0References1
Rows per page
Query Builder