Lucene search
K

4 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-58579 RAGFlow < 0.26.3 - Stored Cross-Site Scripting via Agent Pipeline Node Name

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.4CVSS0.00182EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49768

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A notification bypass allows Slack reaction events to enter the agent pipeline even when reaction notifications are disabled. This can trigger unintended agent processing for reaction events,...

6.3CVSS5.2AI score0.00191EPSS
Exploits0References5
Wordfence Blog
Wordfence Blog
added 2026/04/10 4:18 p.m.8 views

The Increasing Role of AI in Vulnerability Research

At Wordfence, we run a bug bounty program that pays out mid-six figures per year to researchers in bug bounties for WordPress related vulnerabilities. Funding this research helps us improve security for the WordPress community overall, and helps us secure our customers by rolling out protection f...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-23527

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.29 through 2026.2.0 Description The OpenClaw software, with the Twitch plugin installed and enabled, has an issue where access control is bypassed. Specifically, the allowFrom allowlist is not properly enforced when...

7.3CVSS5.7AI score0.00444EPSS
Exploits1References8
Rows per page
Query Builder