Lucene search
K

1687 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:8 p.m.7 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jasperreports (CVE-2025-10492)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-10492 reported for jasperreports-7.0.2.jar. Vulnerability Details CVEID:CVE-2025-10492 DESCRIPTION: A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied...

9.8CVSS7.3AI score0.00876EPSS
Exploits0Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/04 12:0 a.m.5 views

Security update for hauler (moderate)

openSUSE security update: security update for hauler ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20662-1 Rating: moderate References: bsc1258614 Cross-References: CVE-2026-24122 CVSS scores: CVE-2026-24122 SUSE : 3.7...

6.3CVSS5.9AI score0.00197EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

TRENDnet TEW-821DAP 数据伪造问题漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. Versions of TRENDnet TEW-821DAP prior to 1.12B01 contained a data falsification vulnerability. This vulnerability stems from insufficient validation of data authenticity in the platformdoupgradecameodev function within the...

8.1CVSS5.8AI score0.00234EPSS
Exploits1References1
OSV
OSV
added 2026/04/30 4:39 p.m.5 views

OPENSUSE-SU-2026:20662-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.2 bsc1258614, CVE-2026-24122: Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 in the gomodules group across 1 directory fix for new helm chart features Bump github.com/sigstore/rekor from 1.4.3 ...

3.7CVSS5.8AI score0.00197EPSS
Exploits2References2
OSV
OSV
added 2026/04/29 9:10 p.m.7 views

GHSA-MP4J-H6GH-F6MP n8n has SQL Injection in SeaTable Node

Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...

6.8CVSS5.8AI score0.00342EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 7:37 p.m.12 views

CVE-2026-41399

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

8.7CVSS0.00318EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.36 views

CVE-2026-41399 OpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket Upgrades

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

8.7CVSS0.00318EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.2 views

CVE-2026-41399

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

8.7CVSS5.2AI score0.00318EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 6:9 p.m.3 views

EUVD-2026-26107

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

8.7CVSS5.2AI score0.00318EPSS
Exploits0References2
CVE
CVE
added 2026/04/28 6:9 p.m.13 views

CVE-2026-41399

OpenClaw before 2026.3.28 allows unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget Allocation, enabling unauthenticated attackers to exhaust socket and worker capacity and disrupt WebSocket availability for legitimate clients. The issue is tracked as CVE-20...

8.7CVSS5.2AI score0.00318EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35783

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description OpenClaw accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. This allows unauthenticated network attackers to exhaust socket and worker...

8.7CVSS5.8AI score0.00318EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from accepting unlimited concurrent unauthenticated WebSocket upgrades, which could allow unauthenticated...

8.7CVSS5.8AI score0.00318EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.3 views

PT-2026-35080

Name of the Vulnerable Software and Affected Versions tough versions prior to 0.22.0 Description Remote authenticated users with delegated signing authority can bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cache. This occurs because the lo...

7.1CVSS5.1AI score0.00246EPSS
Exploits0References13
Oracle linux
Oracle linux
added 2026/04/24 12:0 a.m.24 views

virt:kvm_utils3 bug fix update

hivex 1.3.18-23 - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 1.3.18-22.el8 - Resolves: bz2000225 Rebase virt:rhel module:stream based on AV-8.6 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 1.3.18 - Resolves: bz1810193 Upgrade...

6.5CVSS7.2AI score0.04794EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 6:56 a.m.11 views

Security Bulletin: Due to use of jetty-server-12.0.16.jar, IBM Sterling Connect:Direct Web Services is affected by response not compressed issue for corresponding HTTP request, causing the leak.

Summary jetty-server-12.0.16.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-1605. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with...

7.5CVSS5.7AI score0.00625EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/21 5:24 p.m.4 views

GHSA-2GW9-C2R2-F5QF Neko has a Self-service Privilege Escalation for Authenticated Users

Impact Any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session termination, etc.. This results in a complete compromise of the instance. Patches The vulnerability has been patched in the...

8.8CVSS5.7AI score0.00437EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.3 views

Debian dsa-6211 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6211 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6211-1 [email protected]...

9.8CVSS6.1AI score0.0035EPSS
Exploits0References9
NVD
NVD
added 2026/04/17 10:16 p.m.7 views

CVE-2026-40306

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 9:9 p.m.15 views

CVE-2026-40306

DNN Platform (DotNetNuke) CVE-2026-40306 describes a flaw where all new installations of DNN 10.x.x–10.2.1 use the same Host GUID. Red Hat, NVD, CVE listings, and related advisories indicate this shortcoming stems from predictable HostGUID values introduced in releases prior to 10.2.2, which patc...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:9 p.m.3 views

CVE-2026-40306

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder