Lucene search
K

66 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-9640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restricti...

7.2CVSS6AI score0.00342EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS0.00342EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52844

Name of the Vulnerable Software and Affected Versions LXD versions 6.0 through 6.8 LXD versions 5.21.0 through 5.21.4 LXD versions 5.0.0 through 5.0.6 Description An issue exists in the handling of project-restriction policies during snapshot restoration. An authenticated project operator in a...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References8
NVD
NVD
added 2026/06/11 9:16 p.m.13 views

CVE-2026-53809

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS0.00093EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:6 p.m.9 views

CVE-2026-53809 OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS5.3AI score0.00093EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:6 p.m.30 views

CVE-2026-53809 OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS0.00093EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/04 12:4 p.m.11 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.8AI score0.00328EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 4:46 p.m.21 views

CVE-2026-44998

OpenClaw prior to version 2026.4.20 contains a tool policy bypass vulnerability in which bundled MCP and LSP tools can be appended to the effective tool set after policy filtering. This allows attackers with local agent access to bypass profile policies, allow/deny lists, owner-only restrictions,...

5.4CVSS5.8AI score0.00706EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities were caused by incorrect message classification in the Feixi Card operation callback, which could allow attackers to...

5.4CVSS5.8AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 9:31 p.m.9 views

EUVD-2026-28166

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-5401

Malware in sbrugna...

5CVSS6.4AI score0.01246EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-10402

Malware in sbrugna...

5.9CVSS5.9AI score0.0116EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-4970

Malware in sbrugna...

2.1CVSS6.4AI score0.00353EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-4852

Malware in sbrugna...

4.6CVSS6.4AI score0.00347EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 12:40 a.m.8 views

CVE-2013-5561

The Safe Search enforcement feature in Cisco Adaptive Security Appliance ASA CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622...

5CVSS7.1AI score0.01246EPSS
Exploits0References1
OSV
OSV
added 2024/10/12 11:9 a.m.5 views

OESA-2024-2253 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files...

3.6CVSS6.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2024/07/15 10:2 p.m.13 views

CGA-M6MG-M5FQ-M297

Bulletin has no description...

7.5CVSS7.1AI score0.01414EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:57 a.m.14 views

BIT-MINIO-2021-41137

Minio is a Kubernetes native application for cloud storage. All users on release RELEASE.2021-10-10T16-53-30Z are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid should return owner true for rootCreds. In the affected version, poli...

8.4AI score
Exploits0References4
NVD
NVD
added 2023/12/20 4:15 p.m.21 views

CVE-2023-3742

Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. Chromium security severity: High...

6.8CVSS0.00214EPSS
Exploits1References2
Prion
Prion
added 2023/12/20 4:15 p.m.16 views

Design/Logic Flaw

Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. Chromium security severity: High...

4.6CVSS6.2AI score0.00214EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder