Lucene search
K

27 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/29 5:21 p.m.6 views

CVE-2026-57952

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...

6CVSS5.8AI score0.00171EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 5:21 p.m.34 views

CVE-2026-57952 Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...

6CVSS0.00171EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 12:25 p.m.2 views

SUSE-SU-2026:2657-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to cra...

7.8CVSS6.2AI score0.00296EPSS
Exploits2References13
OSV
OSV
added 2026/06/16 9:44 a.m.3 views

SUSE-SU-2026:22139-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2026-10275: global buffer overflow during key pair generation tests due to missing input validation bsc1267246. - CVE-2026-40528: stack and heap buffer overrun in the dokeyvalue function due to missing length check allows for memory corrupti...

7.8CVSS5.8AI score0.00296EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 8:50 a.m.4 views

SUSE-SU-2026:22103-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2026-10275: global buffer overflow during key pair generation tests due to missing input validation bsc1267246. - CVE-2026-40528: stack and heap buffer overrun in the dokeyvalue function due to missing length check allows for memory corrupti...

7.8CVSS5.8AI score0.00296EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/08 2:59 p.m.7 views

CVE-2026-40528

A flaw was found in OpenSC. A local attacker can exploit this vulnerability by supplying a specially crafted profile configuration file to the pkcs15-init utility. This can lead to a stack and heap buffer overrun, allowing the attacker to corrupt memory. This memory corruption could potentially...

7.8CVSS5.6AI score0.00146EPSS
Exploits0References5
NVD
NVD
added 2026/05/29 2:16 p.m.16 views

CVE-2026-40528

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry...

7.8CVSS0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 1:38 p.m.40 views

CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry...

3.8CVSS0.00146EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 1:38 p.m.3 views

CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry...

1CVSS6.2AI score0.00146EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38234

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description Insufficient access control in the Nostr plugin HTTP profile routes allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References6
NVD
NVD
added 2026/05/05 12:16 p.m.14 views

CVE-2026-42433

OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...

7.1CVSS0.00295EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:15 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the operator.write message-tool. An attacker can modify persistent Matrix profile configuration without proper authorization by sending crafted requests throug...

7.6CVSS5.7AI score0.00295EPSS
Exploits0References3
OSV
OSV
added 2025/10/15 2:15 p.m.6 views

CVE-2025-48008

When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS ar...

8.7CVSS5.8AI score0.00418EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/15 1:55 p.m.13 views

CVE-2025-55669 BIG-IP HTTP/2 vulnerability

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00358EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-33143

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00868EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.7 views

CVE-2024-27278

OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users...

5.4CVSS6.3AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2025/01/06 3:15 p.m.4 views

CVE-2024-8474

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...

7.5CVSS7.5AI score0.00535EPSS
Exploits0References1
NVD
NVD
added 2024/01/11 2:15 p.m.21 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

4.6CVSS4.8AI score0.00286EPSS
Exploits0References3
Prion
Prion
added 2024/01/11 2:15 p.m.19 views

Design/Logic Flaw

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

4.3CVSS7.1AI score0.00309EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/01/11 12:0 a.m.25 views

CVE-2023-51749

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

8.8AI score0.00309EPSS
Exploits1References3
Rows per page
Query Builder