Lucene search
K

3330 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49559

If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...

5.1CVSS5.1AI score0.00038EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 7:0 a.m.11 views

Malicious code in node-denv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b0701ad772209918c78eb4d038cce43946517f3558cbec1988c121c115a641d node-denv presents itself as a pino-compatible logging middleware index.js exports module.exports.pino = middleware and mimics pino's option shape...

6.4AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.11 views

SUSE CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.12 views

SUSE CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.6 views

CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by...

6.5CVSS5.3AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 p.m.11 views

CVE-2026-44786

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

7.5CVSS0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:26 p.m.6 views

CVE-2026-47263 Discourse: Prevent webhook payload disclosure on event redelivery

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /webhookevents/ in Jobs::RedeliverWebHookEvents did not pass groupids, leaving the channel...

4.3CVSS5.2AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:25 p.m.9 views

CVE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.2AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:22 p.m.26 views

CVE-2026-44786

CVE-2026-44786 affects Discourse: versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1 allow chat events from public category channels to be published to MessageBus without proper permission scoping, enabling any MessageBus subscr...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/12 7:9 p.m.12 views

EUVD-2026-35401

TYPO3 CMS has Insecure Deserialization via Core API...

6.3CVSS5.2AI score0.00215EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.32 views

CVE-2026-50085 Aqara Board IoT insecure debug API

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

8.6CVSS0.00278EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/12 3:1 p.m.10 views

EUVD-2026-36475

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

8.6CVSS5.5AI score0.00278EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-44890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. In netty-codec- redis prior to versions 4.1.135.Final and 4.2.15.Final...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-49031

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An issue in message.action forwarding allows model-controlled metadata to forward action payloads containing Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept...

6.5CVSS5.2AI score0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 10:16 p.m.12 views

CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS0.00371EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 10:16 p.m.5 views

DEBIAN-CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53810

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...

8.8CVSS0.00419EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:52 p.m.8 views

CVE-2026-44890 Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.2AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 8:52 p.m.65 views

CVE-2026-44890

Netty has Unbounded Direct Memory Consumption in its RedisDecoder (CVE-2026-44890). In netty-codec-redis, versions before 4.1.135.Final and 4.2.15.Final allow an attacker to cause a DoS by sending crafted Redis payloads across multiple connections that omit "\r\n", exhausting the server’s direct ...

7.5CVSS5.4AI score0.00371EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/11 8:52 p.m.35 views

CVE-2026-44890 Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS0.00371EPSS
Exploits0References3
Rows per page
Query Builder