Lucene search
+L

57 matches found

OSV
OSV
added 2026/06/24 6:38 p.m.4 views

DRUPAL-CONTRIB-2026-056

This module provides the entity type and runtime for Drupal AI Agents, enabling agents to use tools. The module does not sufficiently check the required permissions when a tool loads content entities. This vulnerability is mitigated by the fact that an agent must be configured to use the affected...

4.2CVSS5.9AI score0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52169

Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description Missing authorization allows forceful browsing within the module that provides the entity typ...

6.1AI score0.00145EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 8:7 p.m.32 views

CVE-2026-53811

OpenClaw is affected up to version 2026.5.7. The vulnerability is a privilege escalation in the Matrix allowFrom feature caused by mutable display name metadata, allowing authenticated accounts to match policy entries and receive agent access intended for another Matrix identity. Depending on ope...

8.8CVSS5.5AI score0.00309EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.15 views

CVE-2026-44998

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

5.4CVSS5.8AI score0.00706EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 4:46 p.m.4 views

CVE-2026-44998 OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

2.3CVSS5.9AI score0.00706EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/02 11:22 p.m.5 views

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS6AI score0.003EPSS
Exploits0References3
NVD
NVD
added 2026/02/18 3:18 p.m.7 views

CVE-2026-27099

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

8CVSS0.00505EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 8:59 p.m.23 views

CVE-2026-24740

CVE-2026-24740 affects Dozzle before v9.0.3, where a flaw in agent-backed shell endpoints lets a label-filtered user obtain an interactive root shell in out-of-scope containers on the same agent. A patch exists in v9.0.3; upgrade to 9.0.3+ or apply the vendor fix to remediate. Exploitation detail...

9.9CVSS5.9AI score0.00385EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

Database inventory plugin 访问控制错误漏洞

Database inventory plugin is an open source database management plugin for GLPI Project Plugins. An access control error vulnerability exists in Database inventory plugin versions prior to 1.0.3, which originates from the fact that any authenticated user can send requests to the agent...

4.3CVSS6.4AI score0.00286EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-39887

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00483EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3513

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0232EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-2538

Malicious code in bioql PyPI...

9.1CVSS9AI score0.01469EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-18179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacke...

4.3CVSS5.6AI score0.01313EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.8 views

CVE-2020-14012

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...

5.4CVSS5.7AI score0.0051EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/04/02 12:0 a.m.11 views

Jenkins LTS < 2.492.3 / Jenkins weekly < 2.504 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.492.3 or Jenkins weekly prior to 2.504. It is, therefore, affected by multiple vulnerabilities: - A missing permission check in Jenkins 2.503 and earlier, LTS 2.492...

4.3CVSS6.3AI score0.0039EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 4:40 a.m.8 views

CVE-2024-9693

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations...

8.8CVSS6.3AI score0.00482EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.4 views

PT-2024-36793 · Stardust · Stardust

Name of the Vulnerable Software and Affected Versions: Stardust versions prior to 12/20/24 Description: The issue affects Stardust, a platform for streaming isolated desktop containers. It allows inter container communication ICC to remain enabled, potentially granting users within one container...

9.3CVSS6.8AI score0.00481EPSS
Exploits0References6
NCSC
NCSC
added 2024/11/15 12:29 p.m.7 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 16.0 to 17.5.2. The vulnerabilities are in multiple versions of GitLab CE/EE and allow malicious actors to gain unauthorized full API access via the Device OAuth flow. This can lead to serious implications for organization...

8.8CVSS6.7AI score0.00543EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.6 views

PT-2024-39060

Name of the Vulnerable Software and Affected Versions: VICIdial version 2.14-917a Description: An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. An...

10CVSS9.8AI score0.80023EPSS
Exploits12References42
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.6 views

DIRAC 安全漏洞

DIRAC is an open source software framework for distributed computing from the DIRAC Project. A security vulnerability exists in DIRAC versions prior to 8.0.41, which stems from the possibility that an unauthorized user could gain read access to the agent, allowing the user to perform any action...

8.1CVSS7.8AI score0.00317EPSS
Exploits0References3
Rows per page
Query Builder