Lucene search
K

1935 matches found

CVE
CVE
added 2026/04/10 4:3 p.m.9 views

CVE-2026-35660

OpenClaw is affected by a vulnerability in the Gateway agent’s /reset endpoint, prior to version 2026.3.23. The flaw grants callers with operator.write permission the ability to reset admin sessions by invoking /reset or /new with an explicit sessionKey, bypassing operator.admin requirements and ...

8.1CVSS5.9AI score0.00272EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/10 12:30 a.m.3 views

EUVD-2026-21193

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:33 p.m.2 views

CVE-2026-33771

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:33 p.m.19 views

CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 9:33 p.m.3 views

CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS5.7AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 9:33 p.m.29 views

CVE-2026-33771

CVE-2026-33771 affects Juniper CTP OS (CTP OS) and its password management function, where password complexity requirements configured in the admin menu are not saved, allowing weak passwords. This could enable an unauthenticated, network-based attacker to exploit weak local passwords and potenti...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.9 views

PT-2026-31344

Name of the Vulnerable Software and Affected Versions Kibana versions affected versions not specified Description Kibana One Workflow contains a Server-Side Request Forgery CWE-918 issue that can lead to information disclosure. An authenticated user with workflow creation and execution privileges...

7.7CVSS5.9AI score0.00226EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 9:16 p.m.5 views

CVE-2026-35208

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

5.4CVSS0.00299EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.19 views

PT-2026-30726

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

5.3CVSS6AI score0.00299EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/04/03 10:50 p.m.161 views

redhound-arsenal

Red Hound Arsenal Agent-consumable security skill library for...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30240

Name of the Vulnerable Software and Affected Versions util-linux versions prior to 2.41.4 Description A Time-of-Check-Time-of-Use TOCTOU vulnerability exists in the SUID binary /usr/bin/mount within util-linux. When setting up loop devices, the binary validates a file path with user privileges bu...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References28
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.6 views

Architectural Implications of the UK Cyber Security and Resilience Bill

The UK Cyber Security and Resilience CS&R Bill represents the most significant reform of UK cyber legislation since the Network and Information Systems NIS Regulations 2018. While existing analysis has addressed the Bill's regulatory requirements, there is a critical gap in guidance on the...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/30 5:8 a.m.128 views

RegPwnBOF

🛡️ RegPwnBOF - Simple Registry Action Tool !Download RegPwn...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/29 3:50 p.m.6 views

Weak Password Requirements

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient rate limiting in the webhook authentication process. An attacker can repeatedly guess weak webhook tokens by sending...

6.9CVSS5.9AI score0.00244EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 10:37 p.m.6 views

Weak Password Requirements

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Weak Password Requirements in the authentication process for Telegram webhooks due to missing rate limiting on secret guesses. An attacker can repeatedly attempt to guess weak secrets by...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.8 views

CSTS: A Canonical Security Telemetry Substrate for AI-Native Cyber Detection

AI-driven cybersecurity systems often fail under cross-environment deployment due to fragmented, event-centric telemetry representations. We introduce the Canonical Security Telemetry Substrate CSTS, an entity-relational abstraction that enforces identity persistence, typed relationships, and...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/15 4:36 p.m.143 views

Exploit for Type Confusion in Apple Ipados

🛡️ corunaanalysis - Understand Malware Exploit Behavior Simpl...

8.8CVSS5.8AI score0.10593EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/03/07 11:35 a.m.138 views

denkair-lab

DenkAir - Windows AD Pentesting Lab A comprehensive Windows A...

6.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/06 4:4 p.m.13 views

Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities

Summary This release addresses multiple security vulnerabilities across various components of IBM Engineering Requirements Management DOORS and DOORS Web Access product. Many vulnerabilities are rated Critical CVSS ≥ 9.0, including a Tomcat rewrite rule bypass CVE-2025-31651, Tomcat Improper...

9.8CVSS6.5AI score0.11032EPSS
Exploits2Affected Software2
OSV
OSV
added 2026/03/03 8:16 p.m.5 views

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References1
Rows per page
Query Builder