Lucene search
K

350 matches found

Snyk
Snyk
added 2026/03/03 9:34 p.m.7 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the safeBins process. An attacker can execute arbitrary commands in the application runtime context by placing a malicious binary with the same name as a...

8.5CVSS6AI score0.00133EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/27 5:9 p.m.189 views

Exploit for CVE-2025-70341

CVE-2025-70341: Insecure Permissions + Arbitrary Code Executio...

6.6AI score0.00216EPSS
Exploits2
OSV
OSV
added 2026/02/19 11:15 a.m.11 views

CVE-2025-15561

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 10:53 a.m.31 views

CVE-2025-15561 Local Privilege Escalation in NesterSoft WorkTime

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The...

0.00104EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.55 views

PT-2026-20800

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT AuthoritySYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:ProgramDatawtaClientExe directory, which is writable by "Everyone". The executable...

5.6AI score0.00104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.7 views

CVE-2026-23740

A flaw was found in Asterisk. When the astcoredumper writes its gdb init and output files to a world-writable directory, a local attacker with write permissions to that directory can exploit this vulnerability. By manipulating the gdb init file and output paths, the attacker can cause the system ...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References4
NVD
NVD
added 2026/02/06 5:16 p.m.7 views

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

7.8CVSS0.00112EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/06 5:16 p.m.5 views

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/06 4:43 p.m.3 views

CVE-2026-23740 Asterisk vulnerable to potential privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

5.8AI score0.00112EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:43 p.m.4 views

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/06 4:43 p.m.36 views

CVE-2026-23740 Asterisk vulnerable to potential privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

0.00112EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 4:43 p.m.30 views

CVE-2026-23740

Asterisk contains a local privilege escalation flaw: if ast_coredumper writes gdb init/output to a world-writable directory (e.g., /tmp), a local attacker with write access to that directory can cause arbitrary commands to execute as root or overwrite files by manipulating the gdb init and output...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

Asterisk 安全漏洞

Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. Versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2 have security vulnerabilities. These vulnerabilities stem from astcoredump...

7.8CVSS6.1AI score0.00112EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/02/06 12:0 a.m.6 views

Zabbix Agent Binaries Path Abuse Scanner

This scanner performs automated static analysis of Zabbix Agent binaries to detect hardcoded OpenSSL configuration paths that may enable provider or engine abuse. It identifies embedded OPENSSLDIR, ENGINESDIR, and MODULESDIR values, extracts OpenSSL version information, and checks for dynamic...

7.3CVSS6.1AI score0.00325EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-23740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.53 views

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/30 8:12 p.m.6 views

EUVD-2026-5009

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

6.7CVSS6.5AI score0.0028EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/30 8:12 p.m.4 views

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

6.7CVSS6.5AI score0.0028EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/30 8:12 p.m.32 views

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

6.7CVSS0.0028EPSS
Exploits1References3
CVE
CVE
added 2026/01/30 8:12 p.m.65 views

CVE-2026-25129

PsySH (PHP) is affected by a CWD-based configuration poisoning vulnerability. Prior to versions 0.11.23 and 0.12.19, PsySH auto-loads and executes a .psysh.php file from the current working directory at startup. If an attacker can write to a directory that a victim later uses as the CWD, they can...

7.3CVSS6.5AI score0.0028EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder