Lucene search
K

13 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.2 views

CVE-2026-35642

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from a group reaction event that bypassed the requireMention access control mechanism, potentially leading t...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References3
OSV
OSV
added 2026/03/02 4:28 p.m.5 views

CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

8.5CVSS6AI score0.0041EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.5 views

CVE-2023-43488

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

7.9CVSS6.7AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.6 views

Google ChromeOS 安全漏洞

Google ChromeOS is an operating system from the American company Google. Google ChromeOS suffers from an elevation of privilege vulnerability that originates from debug shell accessibility, which can be exploited by an attacker to access restricted system functions and data via elevation of...

7.4CVSS7.3AI score0.00084EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.5 views

Trellix Agent 代码问题漏洞

Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent TA for Windows versions prior to 5.7.8. An attacker could exploit the vulnerability t...

6.7CVSS6.6AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2022/04/14 6:15 p.m.4 views

CVE-2022-22391

IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059...

4.3CVSS5.8AI score0.00676EPSS
Exploits0References2
Prion
Prion
added 2022/01/14 5:15 a.m.15 views

Path traversal

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

3.3CVSS6.5AI score0.00452EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2020/12/07 12:0 a.m.127 views

Huawei HedEx Lite 200R006C00SPC005 - Path Traversal Vulnerability

Exploit Title: Huawei HedEx Lite 200R006C00SPC005 - Path Traversal Vendor Homepage: https://www.huawei.com/ Software Link: https://support.huawei.com/carrier/docview!docview?nid=SCL1000005027&path=PAN-ET/PAN-T/PAN-T-HedEx Version: 200R006C00SPC005 Product & Service Introduction:...

Exploits0
CNVD
CNVD
added 2017/08/25 12:0 a.m.4 views

Unspecified Vulnerability in Red Hat Enterprise Virtualization Manager

Red Hat Enterprise Virtualization RHEV Manager is a core component of Red Hat's RHEV Enterprise Virtualization Platform. The component contains KVM tools that provide virtualization management capabilities. A security vulnerability exists in Red Hat Enterprise Virtualization Manager 3.6 and earli...

5.9CVSS5.8AI score0.01885EPSS
Exploits0References1
Prion
Prion
added 2017/03/14 5:59 p.m.19 views

Privilege escalation

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This...

7.2CVSS6.5AI score0.0529EPSS
Exploits5References5Affected Software1
Cvelist
Cvelist
added 2017/03/14 5:0 p.m.37 views

CVE-2017-6516

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This...

6.5AI score0.0529EPSS
Exploits5References5
OSV
OSV
added 2017/02/22 2:59 a.m.4 views

CVE-2017-3843

A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.50...

4.3CVSS5.8AI score0.0149EPSS
Exploits0References3
Rows per page
Query Builder