CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:15 p.m.•7 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS5.9AI score0.00123EPSS

RedhatCVE•added 2026/06/05 7:10 p.m.•9 views

CVE-2026-35674

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...

8.8CVSS5.7AI score0.00248EPSS

Cvelist•added 2026/06/05 5:49 p.m.•24 views

CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS0.00533EPSS

NVD•added 2026/06/01 5:17 p.m.•10 views

CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

7.8CVSS0.00129EPSS

Exploits0References4

OSV•added 2026/06/01 2:58 p.m.•6 views

USN-8358-1 haveged vulnerability

It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use this issue to execute privileged commands...

7.8CVSS5.9AI score0.00185EPSS

CVE•added 2026/05/29 3:11 p.m.•28 views

CVE-2026-35674

OpenClaw prior to 2026.5.18 has a scope bypass vulnerability in the Gateway chat.send route. If an attacker holds operator.write scope, they can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized mutations t...

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/29 3:11 p.m.•7 views

CVE-2026-35674

CNNVD•added 2026/05/29 12:0 a.m.•11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44898

Positive Technologies•added 2026/05/26 12:0 a.m.•11 views

PT-2026-43211

Name of the Vulnerable Software and Affected Versions Xibo CMS versions prior to 4.4.2 Description A vulnerability chain involving Stored Cross-Site Scripting XSS and Iframe Sandbox escape exists in the Xibo CMS. Users with DataSet permissions can utilize the Data Connector functionality to craft...

7.6CVSS5.5AI score0.00146EPSS

Exploits0References6

Tenable Nessus•added 2026/05/21 12:0 a.m.•11 views

F5 Networks BIG-IP : BIG-IP scripted monitor vulnerability (K000161040)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161040 advisory. A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the...

8.7CVSS5.9AI score0.00235EPSS

OSV•added 2026/05/20 10:16 a.m.•3 views

ALPINE-CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

UbuntuCve•added 2026/05/20 10:16 a.m.•6 views

CVE-2026-41054

CVE•added 2026/05/20 8:56 a.m.•161 views

Exploits0References8

CVE-2026-41054

CVE-2026-41054 affects haveged. In haveged’s source havegecmd.c, socket_handler checks the caller via an abstract UNIX socket and returns a negative acknowledgment for non-root users, but execution is not halted, enabling a local unprivileged user to reach privileged actions (e.g., MAGIC_CHROOT)....

EUVD•added 2026/05/20 8:56 a.m.•10 views

Exploits0References8

EUVD-2026-31076

Vulnrichment•added 2026/05/20 8:56 a.m.•8 views

CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit

EUVD•added 2026/05/13 6:30 p.m.•9 views

EUVD-2026-29962

A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a...

8.7CVSS5.8AI score0.00235EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•6 views

PT-2026-40657

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description An issue exists in an undisclosed TMOS Shell tmsh command that allows an authenticated attacker with administrator or...

8.3CVSS5.8AI score0.00107EPSS

Snyk•added 2026/05/06 9:19 p.m.•11 views

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the DM pairing-store process. An attacker can gain unauthorized access to privileged room control commands by leveraging DM-paired sender IDs to bypass...

8.8CVSS5.8AI score0.00288EPSS