Lucene search
K

192497 matches found

CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.12 contained a access control vulnerability. This vulnerability stemmed from the lack of forced authentication for HTTP routing control in the /agent/act browser. It could allow remote attackers on t...

8.4CVSS6.1AI score0.00196EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

5.4CVSS6AI score0.07016EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23608

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.10 Description The node-tar package contains a flaw where it can be tricked into creating a hardlink that points outside the extraction directory. This is achieved by using a drive-relative link target, such as...

8.2CVSS5.9AI score0.00408EPSS
Exploits2References211
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.11 views

PT-2026-23406

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects MediCenter - Health Medical Clinic: from n/a through = 14.9...

5.9AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:0 a.m.4 views

CVE-2025-70995

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

8.8CVSS6.5AI score0.00612EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.3 views

AlmaLinux 9 : nginx:1.24 (ALSA-2026:3638)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:3638 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2026/03/05 12:0 a.m.28 views

Ubuntu: Security Advisory (USN-8073-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6AI score0.00783EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 10:53 p.m.3 views

GHSA-6RX5-M2RC-HMF7 ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover

Summary A vulnerability in Zitadel's login V2 interface was discovered, allowing for possible account takeover. Impact Zitadel allows organization administrators to change the default redirect URI for their organization. This setting enables them to redirect users to an arbitrary location after...

7.7CVSS6.2AI score0.00318EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/04 9:58 p.m.7 views

EUVD-2026-9499

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS6AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 8:16 p.m.2 views

CVE-2026-3540

Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/04 8:16 p.m.2 views

CVE-2026-3537

Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/03/04 7:24 p.m.23 views

CVE-2026-3544

CVE-2026-3544 is a heap buffer overflow in WebCodecs of Google Chrome/Chromium, allowing a remote, unauthenticated attacker to induce an out-of-bounds write via a crafted HTML page. Affected product: Chrome/Chromium’s WebCodecs component; root cause: heap memory overflow. Impact stated as high se...

8.8CVSS6.1AI score0.00313EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/04 7:24 p.m.4 views

CVE-2026-3539

Rejected reason: Determined a bug and not a vulnerability...

7.8AI score0.00271EPSS
Exploits0
Snyk
Snyk
added 2026/03/04 7:21 p.m.5 views

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack in the tools.fs.workspaceOnly process when hardlink aliases inside the workspace reference files outside the workspace boundary. An attacker can access or modify files...

7.6CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/03/04 7:16 p.m.6 views

CVE-2026-20022

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the...

6.5CVSS0.00194EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/04 7:2 p.m.4 views

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the resolveIdentityAvatarUrl function. An attacker can access arbitrary files outside the intended workspace by supplying a crafted local avatar path that follows a...

6.9CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/03/04 6:35 p.m.34 views

CVE-2026-20022

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the...

6.1CVSS0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.5 views

EUVD-2026-9464

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the binder...

5.8CVSS6AI score0.00382EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 6:31 p.m.8 views

EUVD-2019-19731

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthlydeposit endpoint with malicious symbol values using boolean-based blind,...

7.1CVSS6.1AI score0.00287EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/04 6:31 p.m.5 views

EUVD-2026-9417

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

4.3CVSS5.9AI score0.00155EPSS
Exploits0References2
Rows per page
Query Builder