Lucene search
K

181 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42623

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...

3.1CVSS5.9AI score0.00222EPSS
Exploits1References4
NVD
NVD
added 2026/07/06 11:16 p.m.9 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56036

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Low-privileged staff accounts can perform unauthorized actions through admin API endpoints. This issue stems from the can always access module flag, which grants all staff access to specific...

8.7CVSS6AI score0.00226EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.14 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References1
NVD
NVD
added 2026/05/09 11:16 p.m.33 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS0.00094EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 10:7 p.m.9 views

EUVD-2026-28944

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/09 10:7 p.m.52 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS0.00094EPSS
Exploits0References3
CVE
CVE
added 2026/05/09 10:7 p.m.21 views

CVE-2026-45182

Summary: CVE-2026-45182 affects GrapheneOS prior to 2026050400. A vulnerability arises from a registerQuicConnectionClosePayload optimization that lets a local attacker infer the real IP address of a VPN user when the device has both “Block connections without VPN” and “Always-on VPN” enabled, by...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/09 10:7 p.m.6 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/09 10:7 p.m.8 views

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:48 a.m.12 views

SUSE CVE-2025-71295

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.17 views

PT-2026-39421

Name of the Vulnerable Software and Affected Versions GrapheneOS versions prior to 2026050400 Description An optimization in the registerQuicConnectionClosePayload function allows attackers to discover the real IP address of a VPN user. This occurs because an application can cause the system serv...

2.2CVSS5.8AI score0.00094EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2025-209685

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

5.9AI score0.00123EPSS
Exploits0References7
NVD
NVD
added 2026/05/06 12:16 p.m.9 views

CVE-2025-71295

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

5.5CVSS0.00123EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:32 a.m.8 views

CVE-2025-71295

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

5.9AI score0.00123EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.32 views

CVE-2026-43004 spi: stm32-ospi: Fix resource leak in remove() callback

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix resource leak in remove callback The remove callback returned early if pmruntimeresumeandget failed, skipping the cleanup of spi controller and other resources. Remove the early return so cleanup completes...

0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41380 OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to...

7CVSS6.1AI score0.00124EPSS
Exploits0References4
HackRead
HackRead
added 2026/04/28 1:39 p.m.9 views

Stablecoins: Always-On Money Needs Always-On Controls

Stablecoins are becoming the money layer for the always-on economy...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.11 views

PT-2026-35765

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An execution approval issue exists in exec-approvals-allowlist.ts where allow-always persistence trusts wrapper carrier executables instead of the actual invoked targets. This allows attackers t...

7.3CVSS5.9AI score0.00124EPSS
Exploits0References5
CVE
CVE
added 2026/04/25 5:0 a.m.73 views

CVE-2026-6951

CVE-2026-6951 affects the Node.js package “simple-git.” The vulnerability lies in versions before 3.36.0, due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input reaches the options argument, an attacker could achieve remote c...

9.8CVSS6.5AI score0.00877EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder