Lucene search
K

70 matches found

Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-26292 Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

0.00174EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:4 p.m.9 views

CVE-2026-56663

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

8.5CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
HackRead
HackRead
added 2026/06/05 1:6 p.m.21 views

Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords

Threat actors are deploying an updated SHub Stealer variant named Reaper that exploits the native macOS Script Editor to bypass OS-level protections and compromise cryptocurrency assets...

5.5AI score
Exploits0
OSV
OSV
added 2026/05/26 7:31 p.m.14 views

JLSEC-2026-549

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file...

5.5CVSS5.8AI score0.00242EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to perform certain UI gestures to bypass download protections through a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 6:32 p.m.20 views

CVE-2026-8429

SPIP versions prior to 4.4.14 are affected by a remote code execution vulnerability in the private space, allowing an attacker to execute arbitrary code in the web server context. Affected component: SPIP core (private space); impact is high on confidentiality, integrity, and availability as desc...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 9:31 p.m.9 views

GHSA-R747-33R4-RMJW Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...

6.3CVSS5.7AI score0.00236EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were due to file-reading vulnerabilities, which could allow attackers to bypass navigation protections and create or...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/04/28 6:10 p.m.28 views

CVE-2026-42430

OpenClaw before 2026.4.8 contains a server-side request forgery (SSRF) vulnerability in Playwright redirect handling that bypasses strict SSRF checks. Affected product: OpenClaw (npm package) with versions prior to 2026.4.8. Root cause: improper handling of Playwright redirects enabling request-t...

6.5CVSS5.2AI score0.00188EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/28 12:31 a.m.14 views

GHSA-F5FM-9JMP-C88R Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...

6.9CVSS5.8AI score0.00251EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/17 10:38 a.m.9 views

Improper Access Control

Hono is vulnerable to Improper Access Control. The vulnerability is due to inconsistent cookie parsing between browsers and the parse function, where differently formatted cookie names may be normalized to the same key, allowing attacker-controlled cookies to override legitimate ones and bypass...

4.8CVSS5.1AI score0.00284EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.18 views

CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chattype are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group...

9.8CVSS0.00309EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:18 p.m.3 views

CVE-2026-24640

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection a...

6.6CVSS6.3AI score0.00632EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.12 views

Hono 安全漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from inconsistent URL decoding when using serveStatic and routing-based middleware protections. This allowed paths containing...

9.8CVSS5.8AI score0.00437EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 4:6 p.m.8 views

CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS5.6AI score0.00323EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/02/24 3:53 a.m.171 views

ElysiumVanguard

🌌 Elysium Vanguard: TITAN v13.0 Hardware-Bridged Kernel E...

5.5AI score
Exploits0
CVE
CVE
added 2026/02/19 9:0 a.m.17 views

CVE-2026-22269

CVE-2026-22269 affects Dell PowerProtect Data Manager

4.7CVSS5.6AI score0.00171EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/18 12:57 a.m.7 views

GHSA-83G3-92JG-28CX Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

7.1CVSS5.9AI score0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/01/30 10:7 p.m.12 views

CVE-2020-37043

The CVE concerns 10-Strike Bandwidth Monitor 3.9. A buffer overflow in the registration key input allows exploitation that can bypass SafeSEH, ASLR and DEP, enabling remote code execution and arbitrary system commands. Connected sources confirm the targeted software and the exploitation path, but...

9.8CVSS6.6AI score0.00709EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37036

RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching...

8.4CVSS6.4AI score0.00201EPSS
Exploits0References4
Rows per page
Query Builder