Lucene search
K

19509 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot:...

7.5CVSS5.9AI score0.00172EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.3 views

PT-2026-32527

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 ImageMagick versions prior to 6.9.13-44 Description The -sample operation contains an out-of-bounds read, which occurs when a specific offset is configured via the sample:offset define. Recommendations...

7.1CVSS5.7AI score0.00194EPSS
Exploits0References117
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.21 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1540)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1540 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.8 views

PT-2026-32273

Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References2
OSV
OSV
added 2026/04/12 1:1 a.m.4 views

MAL-2026-2873 Malicious code in ts-schema-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa35c0f1b632f24027499340dfbe35df1f1d57bed2a5ad8327d688a7b23507a3 The package ts-schema-helpers was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/12 12:0 a.m.7 views

Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents

Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.8 views

AstrBot 代码问题漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.22.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the postdata.get function in the API Endpoint component, which could...

6.5CVSS6.7AI score0.00257EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/04/11 5:8 p.m.81 views

infosec-notebook

infosec-notebook Personal cybersecurity notes and references...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/11 9:20 a.m.2 views

MAL-2026-2553 Malicious code in paysafe-payments-sdk-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e93e9be8a06ed53e5f7b88d33e9f020bf96f51c343c2ffe9bd620bc498c011bf The package paysafe-payments-sdk-common was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.6 views

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source project. OpenClaw has a path traversal vulnerability, which stems from insufficient validation of path parameters, potentially leading to information leakage...

6.5CVSS6.6AI score0.00944EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.7 views

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.2.1 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file...

5.1CVSS5.7AI score0.00266EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/04/10 7:39 p.m.4 views

1claw-crewai-tools (=0.1.0), aacp-crewai (=0.1.0) +1044 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.11.4)

uv PYPI version =0.10.0, =1.10.30, =1.10.30, =0.31.5, =1.3.0, =1.6.0, =1.6.0, =1.2.2, =1.2.4, =0.6.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PJJW-68HJ-V9MW...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/10 4:43 p.m.8 views

Malicious code in @b2b-portal/form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...

5.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 9:31 a.m.5 views

Spring Cloud Gateway's SSL bundle configuration silently bypassed

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 7:32 a.m.2 views

CVE-2026-22750 SSL bundle configuration silently bypassed in Spring Cloud Gateway

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

SvelteKit 安全漏洞

SvelteKit is an open-source web development framework developed in Svelte. Versions of SvelteKit prior to 2.57.1 contained security vulnerabilities. These vulnerabilities stemmed from a scenario where requests could bypass the BODYSIZELIMIT, potentially leading to denial-of-service attacks...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from nodes that performed operations without revalidating according to the current command policy during...

5.9CVSS5.9AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32982

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

ajenti 竞争条件问题漏洞

Ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Prior to version 0.112, there was a race condition vulnerability in Ajenti. This vulnerability allowed for bypassing of user authentication within a short period after authentication was performed...

9.1CVSS5.8AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder