Lucene search
+L

8074 matches found

EUVD
EUVD
added 4 hours ago8 views

EUVD-2026-45409

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/accesscontrol.go of the component First Run Setup. Performing a manipulation of the argument allowedcidrs results in authentication bypass using alternate...

6.3CVSS5.1AI score
Exploits0References9
CVE
CVE
added yesterday7 views

CVE-2026-16198

The CVE affects Sipeed PicoClaw ≤ 0.2.9, specifically the First Run Setup’s web/backend/middleware/access_control.go where manipulation of the allowed_cidrs argument enables authentication bypass via an alternate channel. The issue can be triggered remotely and has high attack complexity with no ...

6.3CVSS5.1AI score
Exploits0References8
EUVD
EUVD
added yesterday8 views

EUVD-2026-45370

A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setupconntrack of the file /sbin/rc. Executing a manipulation of the argument cttcptimeout can lead to out-of-bounds write. The attack may be performed from remote. This project is supersed...

9CVSS7.5AI score
Exploits0References5
Nuclei
Nuclei
added yesterday34 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS8.6AI score0.8413EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday12 views

OpenCATS - Command Injection

OpenCATS prior to commit 3002a29 contains a command injection caused by injection of PHP statements into the installer AJAX endpoint's databaseConnectivity action parameter, letting unauthenticated attackers execute arbitrary code, exploit requires incomplete installation wizard. id: CVE-2026-277...

9.2CVSS5.8AI score0.22189EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday96 views

Trendnet AC2600 TEW-827DRU - Credentials Disclosure

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. id: CVE-2021-20150 info: name: Trendnet AC2600 TEW-827DR...

5.3CVSS5.7AI score0.4006EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-46420 setup-php: Command Injection in Repository-Derived PHP Version Resolution

setup-php is a GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and tools. From 2.25.0 prior to 2.37.1, shivammathur/setup-php resolves the PHP version from repository-controlled files such as .php-version, composer.lock through platform-overrides.php, and...

5.6CVSS0.00852EPSS
Exploits1References3
CVE
CVE
added 2 days ago21 views

CVE-2026-46420

CVE-2026-46420 affects the GitHub Action setup-php (shivammathur/setup-php). From 2.25.0 up to, but not including, 2.37.1, the action resolves the PHP version from repository-controlled files (e.g., .php-version, composer.lock via platform-overrides.php, and composer.json via config.platform.php)...

5.6CVSS5.5AI score0.00852EPSS
Exploits1References3
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-11575 PhonePe Payment Solutions < 3.1.0 - Unauthenticated Payment Bypass via Forged Callback

The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash...

0.00208EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-62222

OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...

7.8CVSS0.00118EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-62222 OpenClaw < 2026.5.22 Untrusted Plugin Loading via Setup-mode

OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...

7.8CVSS0.00118EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-62222

Technical details about CVE-2026-62222 (affected product/component, root cause, impact, patch/versions, exploit info) are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6.2AI score0.00118EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45110

OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...

7.8CVSS6.2AI score0.00118EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago65 views

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. id: CVE-2022-23134 info: name: Zabbix Setup...

5.3CVSS6.8AI score0.84657EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in cosmos-gradio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bf1266e0846a392e9aaa6805756d26dc427a04415e8a422d53ffce7a1a0c2e2 cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-versi...

6.3AI score
Exploits0References2
OSV
OSV
added 5 days ago5 views

MAL-2026-10617 Malicious code in cosmos-cuda (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function beacon'build' from setup.py during sdist build/install and beacon'import' from...

6.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago10 views

Malicious code in cosmos-cuda (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function beacon'build' from setup.py during sdist build/install and beacon'import' from...

6.6AI score
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-12988

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS0.00169EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-12988

CVE-2026-12988 affects the WP 2FA WordPress plugin up to version 3.1.1.2. The root cause is that the plugin does not verify that the email address used during two-factor authentication setup belongs to the user, enabling an attacker who already has the user’s credentials to redirect the setup ver...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43554

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References5
Rows per page
Query Builder