Lucene search
K

5499 matches found

NVD
NVD
added 2026/06/15 12:16 p.m.13 views

CVE-2026-34028

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...

6.9CVSS0.00397EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:5 a.m.12 views

EUVD-2026-36712

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS5.3AI score0.0012EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/15 10:4 a.m.9 views

CVE-2026-34027 Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...

5.3CVSS5.4AI score0.00305EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:4 a.m.9 views

EUVD-2026-36710

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...

5.3CVSS5.5AI score0.00305EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49199

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyId ID/Audio/ and...

6.9CVSS5.3AI score0.00397EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.11 views

SUSE CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.00166EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/12 11:9 p.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the system.run safe-bin allowlist validation. An attacker can access arbitrary files and expose sensitive configuration data by injecti...

8.3CVSS5.5AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.18 views

CVE-2026-53831

OpenClaw

8.3CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.7 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.26 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS0.00191EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/12 8:9 p.m.69 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

SolarWinds Serv-U Unauthenticated DoS: Safe Detection Script...

7.5CVSS5.9AI score0.10659EPSS
Exploits2
EUVD
EUVD
added 2026/06/12 12:31 a.m.8 views

EUVD-2026-36342

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.5AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49035

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description A policy enforcement issue exists in the system.run safe-bin allowlist validation on POSIX nodes. This flaw allows shell expansion to modify how commands are interpreted. Authenticated operators...

8.3CVSS5.2AI score0.00191EPSS
Exploits0References7
NVD
NVD
added 2026/06/11 10:16 p.m.8 views

CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS0.00166EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 10:16 p.m.5 views

DEBIAN-CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 8:48 p.m.31 views

CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:48 p.m.7 views

CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

5.5AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:48 p.m.23 views

CVE-2026-12022

The vulnerability CVE-2026-12022 affects Google Chrome on macOS, where a race in Safe Browsing could allow a renderer‑process–hijacked attacker to escape the sandbox via a malicious file. The issue is tied to Chrome versions prior to 149.0.7827.115; evidence from ENISA/EUVD and Chrome security no...

8.3CVSS5.5AI score0.00166EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/11 8:48 p.m.8 views

CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.00166EPSS
Exploits0
OSV
OSV
added 2026/06/11 2:16 p.m.7 views

UBUNTU-CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.8AI score0.00412EPSS
Exploits1References4
Rows per page
Query Builder