Lucene search
+L

451 matches found

CVE
CVE
added 2026/03/26 6:55 a.m.24 views

CVE-2026-32680

The issue concerns RATOC RAID Monitoring Manager for Windows. If users customize the installer’s target folder, that folder may retain insecure ACLs, allowing non-administrative users to alter its contents. This can enable a non-administrative user to execute arbitrary code with SYSTEM privileges...

8.5CVSS7.4AI score0.00145EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:27 a.m.4 views

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

4.3CVSS6.1AI score0.00621EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2025-208639

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

6.3CVSS5.7AI score0.00597EPSS
Exploits0References3
NVD
NVD
added 2026/03/13 7:53 p.m.3 views

CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

6.3CVSS0.00597EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 3:21 p.m.4 views

CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

6.3CVSS5.7AI score0.00597EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 3:21 p.m.5 views

CVE-2025-66249 Apache Livy: Unauthorized directory access

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

6.3CVSS5.9AI score0.00597EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 5:16 p.m.8 views

CVE-2026-1471

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

6.5CVSS0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24726

Name of the Vulnerable Software and Affected Versions Neo4j Enterprise edition versions prior to 2026.01.4 Description Excessive caching of authentication context in Neo4j Enterprise edition allows authenticated users to inherit the context of the first user who authenticated after a restart. Thi...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/03 10:59 p.m.15 views

In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program

Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...

8.8CVSS5.9AI score0.00286EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 10:13 p.m.17 views

OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt

Summary In openclaw versions up to and including 2026.2.22-2, a non-default exec-approval configuration could allow a skill-name collision to bypass an ask=on-miss prompt. When autoAllowSkills=true, a path-scoped executable such as ./skill-bin could resolve to basename skill-bin, satisfy the skil...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/03 10:13 p.m.4 views

GHSA-7FF8-XJH3-MGH6 OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt

Summary In openclaw versions up to and including 2026.2.22-2, a non-default exec-approval configuration could allow a skill-name collision to bypass an ask=on-miss prompt. When autoAllowSkills=true, a path-scoped executable such as ./skill-bin could resolve to basename skill-bin, satisfy the skil...

7.3CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/03/03 6:54 p.m.6 views

GHSA-VMQR-RC7X-3446 OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints

When sort is explicitly added to tools.exec.safeBins non-default, the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: =2026.2.22. Once that...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.12 views

PT-2026-26392

Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...

7.3CVSS5.8AI score0.00286EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/23 6:48 a.m.10 views

ImageMagick: ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems

A vulnerability for an integer overflow has been identified in the ImageMagick image processing software suite on 32-bit systems with non-default resource limits. An attacker can exploit this flaw by providing a specially crafted malicious image file BMP format for processing. Successful...

7.5CVSS5.7AI score0.00755EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/07 1:23 a.m.8 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 12:30 a.m.5 views

EUVD-2026-5525

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:14 p.m.8 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.5 views

openSUSE 15 Security Update : python-python-multipart (SUSE-SU-2026:0307-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0307-1 advisory. - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301. Tenable has extracted the preceding description block direct...

8.6CVSS5.5AI score0.02228EPSS
Exploits5References4
OSV
OSV
added 2026/01/28 4:7 p.m.3 views

OPENSUSE-SU-2026:20125-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References2
OSV
OSV
added 2026/01/28 4:3 p.m.9 views

SUSE-SU-2026:20188-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References3
Rows per page
Query Builder