Lucene search
K

48594 matches found

CVE
CVE
added 2026/06/16 6:4 p.m.17 views

CVE-2026-53844

OpenClaw vulnerability CVE-2026-53844 affects OpenClaw prior to version 2026.4.29, involving a session visibility check bypass in the shared memory search path. The issue enables authenticated callers to skip session visibility guards and access memory entries that should not be visible to their ...

6.5CVSS5.3AI score0.0021EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/16 6:4 p.m.22 views

CVE-2026-53843

OpenClaw prior to 2026.5.26 contains an authorization bypass where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and al...

8.8CVSS5.3AI score0.00275EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/16 6:4 p.m.16 views

CVE-2026-53841

OpenClaw prior to version 2026.5.12 exposes a stored cross-site scripting risk in exported session HTML. The vulnerability arises because the exported content preserves unsafe javascript: and data: links, enabling browser-side scripts when a trusted operator opens the exported file and activates ...

6.1CVSS5.1AI score0.00188EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/16 5:49 p.m.63 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 ⚠ This tool is created solely for education...

9.8CVSS6.2AI score0.981EPSS
Exploits64
EUVD
EUVD
added 2026/06/16 3:18 p.m.6 views

EUVD-2026-37126

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...

9.3CVSS5.4AI score0.00357EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 1:16 p.m.11 views

CVE-2026-9507

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS0.00403EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 1:14 p.m.28 views

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities (CVE-2026-23193, CVE-2026-23231, CVE-2026-3497)

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities. Vulnerability Details CVEID:CVE-2026-3497 DESCRIPTION: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions...

8.8CVSS6.8AI score0.0218EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2026/06/16 11:47 a.m.27 views

CVE-2026-9507 Session fixation vulnerability in Enhancesoft's osTicket

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 11:47 a.m.11 views

EUVD-2026-37079

A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier OSTSESSID active after a successful login. The issue lies in the fact that the application does not invalidate the...

5.1CVSS5.2AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 11:47 a.m.14 views

CVE-2026-9507

CVE-2026-9507 affects osTicket v1.18.2. A session fixation flaw arises because the application does not invalidate the pre-authentication cookie or generate a new identifier for the authenticated context (OSTSESSID). As a result, an attacker could set a known session ID in the victim’s browser an...

5.1CVSS5.2AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.6 views

EUVD-2026-37047

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

8.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.40 views

Apache OFBiz 17.12.03 - Cross-Site Scripting

Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request. id: CVE-2020-9496 info: name: Apache OFBiz 17.12.03 - Cross-Site Scripting author: dwisiswant0 severity: medium description: Apache OFBiz 17.12.03 contains cross-site scripting a...

6.1CVSS6.3AI score0.98926EPSS
Exploits16References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.26 views

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

6.1CVSS5.6AI score0.98463EPSS
Exploits3References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.181 views

Citrix Bleed - Leaking Session Tokens

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA ?virtual?server. id: CVE-2023-4966 info: name: Citrix Bleed - Leaking Session Tokens author: DhiyaneshDK severity: high description: | Sensiti...

9.4CVSS7.5AI score0.99999EPSS
Exploits15References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.69 views

Western Digital MyCloud NAS - Authentication Bypass

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...

10CVSS8.7AI score0.86586EPSS
Exploits6References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-49814

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A memory safety issue exists in the checkSsrcCollisionOnRcv function within the RtpSession.cpp file due to a missing null check. This flaw allows a remote attack...

7.5CVSS6.1AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49818

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description An integer overflow in the numberOfReportBlocks of RtpSession.cpp can lead to an out-of-bounds write. This issue allows for remote escalation of privilege without requiring user...

8.8CVSS5.7AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49812

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A memory corruption issue in the Modem component can be triggered during a SIP REFER request. This flaw allows for remote code execution without requiring additional execution privileg...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50167

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with workflow edit access can configure a 'Respond to Webhook' node to serve binary content using an attacker-controlled...

7.6CVSS5.9AI score0.00216EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49758

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description Exported session HTML preserves unsafe javascript: and data: links in generated content. This allows for the execution of browser-side scripts if a trusted operator opens the exported file and...

6.1CVSS5.5AI score0.00188EPSS
Exploits0References5
Rows per page
Query Builder