Lucene search
K

120948 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/10 4:38 a.m.7 views

EmoCheck loads Dynamic Link Libraries insecurely

Overview EmoCheck is a tool for detecting infections by "Emotet" malware, provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC. EmoCheck loads Dynamic Link Libraries insecurely. Uncontrolled search path element CWE-427 - CVE-2026-28704 ryo shimada of Powder Keg...

8.4CVSS7.1AI score0.0016EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-31881

Name of the Vulnerable Software and Affected Versions Emocheck affected versions not specified Description Emocheck insecurely loads Dynamic Link Libraries DLLs. If a crafted DLL file is placed in the same directory, arbitrary code may be executed with the privilege of the user invoking EmoCheck...

8.4CVSS7.4AI score0.0016EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a security vulnerability. This vulnerability stemmed from the automatic loading and execution of the tools.py file located in the working directory, which coul...

7.8CVSS6.2AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the Python sandbox based on AST, which could be exploited through type.getattribute, potentially...

8.6CVSS6.1AI score0.0024EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.11 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM dated before April 8, 2026, contain a security vulnerability. This vulnerability stems from the /guardrails/testcustomcode URI, which allows arbitrar...

8.8CVSS6AI score0.01059EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/04/10 12:0 a.m.26 views

CVE-2026-31262

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...

0.00229EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31995

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI's AST-based Python sandbox can be bypassed using the type. getattribute trampoline, leading to arbitrary code execution when running untrusted agent code. The execute code direct functi...

8.6CVSS6.4AI score0.0024EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from inconsistent handling of environment variable overrides, which could allow attackers to provide overrid...

8.8CVSS6.1AI score0.00489EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31917

Name of the Vulnerable Software and Affected Versions Netwide Assembler NASM affected versions not specified Description A heap buffer overflow occurs due to a lack of bounds checking in the obj directive function. This issue can be triggered when assembling a malicious .asm file, which may lead ...

7.5CVSS6AI score0.00357EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Altenar Sportsbook Software Platform SB2 安全漏洞

The Altenar Sportsbook Software Platform SB2 is a betting platform and odds management system developed by the Malta-based company Altenar, aimed at the sports betting industry. Version 2.0 of the Altenar Sportsbook Software Platform SB2 contains a security vulnerability. This vulnerability stems...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References3
CNVD
CNVD
added 2026/04/10 12:0 a.m.7 views

OpenClaw has an unspecified vulnerability (CNVD-2026-19641)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from automatically discovering and loading plugins from .OpenClaw/extensions/ without explicit trust validation, which can be exploited by an attacker to cause arbitrar...

8.8CVSS6.1AI score0.00331EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.3 views

Google Chrome ANGLE heap buffer overflow vulnerability (CNVD-2026-16862)

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the ANGLE heap to properly validate the length size of input data, which can be exploited by an...

8.8CVSS6.4AI score0.0035EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.4 views

Google Chrome Dawn Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the Dawn component responsible for freeing memory. An attacker can...

8.8CVSS6.2AI score0.00313EPSS
Exploits0
Exploit DB
Exploit DB
added 2026/04/10 12:0 a.m.90 views

NetBT e-Fatura - Privilege Escalation

Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type: CWE-428 Unquoted Search Path or Element CVE: CVE-2025-14018 Note: Thanks...

7.3CVSS5.8AI score0.00414EPSS
Exploits3
Redos
Redos
added 2026/04/10 12:0 a.m.4 views

ROS-20260410-73-0006

An XRDP server vulnerability is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS7.8AI score0.01318EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/09 10:37 p.m.3 views

CVE-2026-5858

A flaw was found in WebML in Google Chrome. A remote attacker could exploit a heap buffer overflow vulnerability by enticing a user to visit a specially crafted HTML page. Successful exploitation of this memory corruption flaw could allow the attacker to execute arbitrary code on the affected...

8.8CVSS6.5AI score0.00608EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/09 7:10 p.m.5 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.00432EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 7:10 p.m.3 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.00432EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 6:48 p.m.4 views

CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9CVSS5.8AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 5:16 p.m.11 views

CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

9.1CVSS0.00316EPSS
Exploits0References2
Rows per page
Query Builder