Lucene search
K

848 matches found

Akamai Blog
Akamai Blog
added 2026/03/17 12:0 p.m.12 views

The Agentic Security Crisis: Why You Need to Act Now

...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24619

Summary The /studiocms api/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target...

8.8CVSS5.9AI score0.00564EPSS
Exploits3References8
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9930

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

8.4CVSS6AI score0.00196EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28485

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/05 9:59 p.m.14 views

CVE-2026-28485

OpenClaw has a vulnerability identified as CVE-2026-28485 affecting versions 2026.1.5 prior to 2026.2.12. The issue is that the /agent/act browser-control HTTP route does not enforce mandatory authentication, permitting unauthorized local callers to invoke privileged browser-context actions and a...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23559

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.5 through 2026.2.11 Description The software does not enforce mandatory authentication on the /agent/act browser-control HTTP route. This allows unauthorized local callers to invoke privileged operations. Remote...

8.4CVSS6AI score0.00196EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.12 contained a access control vulnerability. This vulnerability stemmed from the lack of forced authentication for HTTP routing control in the /agent/act browser. It could allow remote attackers on t...

8.4CVSS6.1AI score0.00196EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005574)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005574 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Added NULL check for lookupatid The lookupatid function can return NULL if the ATID i...

5.5CVSS6.7AI score0.00231EPSS
Exploits0References3
Circl
Circl
added 2026/02/23 2:4 p.m.2 views

CERTFR-2026-ACT-008

creationtimestamp| type| source ---|---|--- 2026-02-23 14:04:04+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116120318282447958 2026-02-23 14:04:06+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mfjsz6k6gz2k...

4.8AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/02/12 12:35 p.m.6 views

Child exploitation, grooming, and social media addiction claims put Meta on trial

Meta is facing two trials over child safety allegations in California and New Mexico. The lawsuits are landmark cases, marking the first time that any such accusations have reached a jury. Although over 40 state attorneys general have filed suits about child safety issues with social media, none...

5.6AI score
Exploits0
Circl
Circl
added 2026/02/09 2:11 p.m.5 views

CERTFR-2026-ACT-006

creationtimestamp| type| source ---|---|--- 2026-02-09 14:11:32+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3megmvo2ddj22 2026-02-09 14:11:36+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116041075350640073 2026-02-09 15:34:27+00:00| seen|...

5.1AI score
Exploits0References3
CVE
CVE
added 2026/02/04 10:28 p.m.14 views

CVE-2026-22038

CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...

8.1CVSS5.4AI score0.00433EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/04 5:16 p.m.5 views

UBUNTU-CVE-2026-23064

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: avoid possible NULL deref tcfifeencode must make sure ifeencode does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 SMP KASAN NOP...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References29
Malwarebytes
Malwarebytes
added 2026/01/27 11:9 a.m.8 views

TikTok narrowly avoids a US ban by spinning up a new American joint venture

TikTok may have found a way to stay online in the US. The company announced late last week that it has set up a joint venture backed largely by US investors. TikTok announced T ikTok USDS Joint Venture LLC on Friday in a deal valued at about $14 billion , allowing it to continue operating in the...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005091)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005091 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: fix possible infinite loop in tcfidrcheckalloc syzbot found hanging tasks...

5.5CVSS6.7AI score0.00286EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.7 views

CVE-2025-68073

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.4...

6.5CVSS5.4AI score0.00269EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/23 4:15 p.m.4 views

CVE-2026-22987

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-22987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an...

5.5CVSS6.2AI score0.00103EPSS
Exploits0References2
Circl
Circl
added 2026/01/19 1:47 p.m.5 views

CERTFR-2026-ACT-002

creationtimestamp| type| source ---|---|--- 2026-01-19 13:47:14+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mcrrqv3oq52n 2026-01-19 13:47:18+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/115922071296350254 2026-01-19 15:35:49+00:00| seen|...

5.3AI score
Exploits0References4
Rows per page
Query Builder