Lucene search
K

35848 matches found

OSV
OSV
added 6 days ago5 views

ALSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
OSV
OSV
added 6 days ago7 views

ALSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS7.1AI score0.02806EPSS
Exploits1References28
OSV
OSV
added 2026/07/03 7:24 p.m.2 views

SUSE-SU-2026:2755-1 Security update for xdg-dbus-proxy

This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.9AI score0.00175EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/02 7:10 p.m.6 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 6:1 p.m.7 views

CVE-2026-48743

A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...

7.5CVSS5.6AI score0.00298EPSS
Exploits1References4
OSV
OSV
added 2026/07/02 5:23 p.m.7 views

GHSA-P73F-W79W-JQR5 OpenClaw: Native command authorization could skip owner-command enforcement

Summary Native command authorization could skip owner-command enforcement. In affected versions, a sender able to trigger native command handling could authorize a native command without enforcing the configured owner-only command policy. This advisory is scoped to the named feature and...

7.2CVSS6AI score0.00267EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 5:8 p.m.6 views

GHSA-3WQP-PRF6-2M72 OpenClaw: Feishu dynamic-agent bindings could miss configWrites enforcement

Summary Feishu dynamic-agent bindings could miss configWrites enforcement. In affected versions, a Feishu sender using dynamic-agent binding behavior could create or update bindings without honoring the configured config-write control. This advisory is scoped to the named feature and configuratio...

3.1CVSS6AI score0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 4:58 p.m.10 views

EUVD-2026-36315

OpenClaw: Embedded runner policy could be confused by provider aliases...

4.8CVSS5.7AI score0.00093EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 4:58 p.m.3 views

GHSA-P39J-X9H5-Q66M OpenClaw: Embedded runner policy could be confused by provider aliases

Summary Embedded runner policy could be confused by provider aliases. In affected versions, a request using provider aliases could compare policy against an alias instead of the canonical provider identity. This advisory is scoped to the named feature and configuration. It does not change...

4.8CVSS5.9AI score0.00093EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 4:56 p.m.5 views

GHSA-77PV-3W4Q-VRJ5 OpenClaw: QQBot pre-dispatch slash commands could skip allowFrom checks

Summary QQBot pre-dispatch slash commands could skip allowFrom checks. In affected versions, a QQBot sender able to invoke slash commands could dispatch the command before applying the configured allowFrom policy. This advisory is scoped to the named feature and configuration. It does not change...

6.9CVSS6AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:54 p.m.4 views

GHSA-HCM3-8F6R-6XWG OpenClaw: Browser debug/export routes could reuse already-open blocked tabs

Summary Browser debug/export routes could reuse already-open blocked tabs. In affected versions, a caller that can reference an already-open browser tab could reuse blocked private-network tabs without reapplying the expected SSRF policy. This advisory is scoped to the named feature and...

6.5CVSS6AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:48 p.m.5 views

GHSA-W4V6-G3WM-W36C OpenClaw: QQBot admin commands could skip DM-only and allowFrom policy

Summary QQBot admin commands could skip DM-only and allowFrom policy. In affected versions, a QQBot sender able to trigger the exported command could route admin commands without the QQBot-specific DM-only and allowFrom checks. This advisory is scoped to the named feature and configuration. It do...

9.3CVSS6AI score0.00148EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:45 p.m.7 views

GHSA-GP79-M99V-GJMH OpenClaw: Mattermost handlers could fall open when channel type was missing

Summary Mattermost handlers could fall open when channel type was missing. In affected versions, a Mattermost event missing channel type metadata could continue without applying the intended DM policy decision. This advisory is scoped to the named feature and configuration. It does not change...

6.3CVSS6AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 2:13 p.m.4 views

PYSEC-2026-645 instack-undercloud vulnerable to symlink attack on tmp files

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

6.4CVSS6.6AI score0.00347EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55464

Name of the Vulnerable Software and Affected Versions kerberos-io/agent versions prior to 3.6.26 Description An issue exists in the Kerberos Hub upload path where the agent sends credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the...

6.9CVSS6AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-13601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open...

7.1CVSS6AI score0.0012EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-55628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by t...

5.5CVSS6AI score0.00098EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/01 11:6 p.m.7 views

CVE-2026-55628

A flaw was found in ImageMagick. The -concatenate operation, used for combining images, lacks proper security policy checks. This oversight could allow an attacker to read from or write to file paths that should otherwise be restricted by the security policy. This could lead to unauthorized acces...

6.1CVSS5.6AI score0.00098EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/01 8:45 p.m.8 views

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2Affected Software1
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.14 views

CVE-2026-49835 vulnerabilities

Vulnerabilities for packages: falcoctl, teleport, trivy, aactl, goreleaser, kyverno, policy-controller, tekton-chains, trivy-operator, kyverno-notation-aws, zarf, neuvector-sigstore-interface, gitsign, kubescape, tflint, spire-server, crossplane, tkn...

6.1AI score
Exploits0
Rows per page
Query Builder