Lucene search
+L

253 matches found

EUVD
EUVD
β€’added 2026/05/26 2:45 a.m.β€’12 views

EUVD-2026-31783

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References4
vulnersOsv
vulnersOsv
β€’added 2026/05/18 9:0 p.m.β€’6 views

@antv/g6 (>=5.0.0-alpha.1 <=5.0.0-beta.28) potentially affected by unknown CVE via @antv/layout-gpu (=1.1.7)

@antv/layout-gpu NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/layout-gpu and may be impacted: - @antv/g6 =5.0.0-alpha.1, =5.0.0-beta.28 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLAYOUTGPU-16754486...

5.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
β€’added 2026/05/13 3:55 p.m.β€’8 views

CVE-2025-32425

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.1CVSS5.9AI score0.00182EPSS
Exploits1References5Affected Software1
EUVD
EUVD
β€’added 2026/05/13 3:55 p.m.β€’12 views

EUVD-2025-209827

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.1CVSS5.9AI score0.00182EPSS
Exploits1References4
Snyk
Snyk
β€’added 2026/05/05 1:35 p.m.β€’12 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the browser snapshot, screenshot, and tab routes due to insufficient validation of the final browser target after navigation. An attacker can access internal or...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/22 5:6 p.m.β€’5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...

9.8CVSS5.6AI score0.00478EPSS
Exploits1References2
CNNVD
CNNVD
β€’added 2026/04/21 12:0 a.m.β€’12 views

goshs θ·―εΎ„ιεŽ†ζΌζ΄ž

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained a path traversal vulnerability. This vulnerability stemmed from the SFTP subsystem’s sanitizePath function, which used prefix-based path validation. As a result,...

8.8CVSS5.8AI score0.00439EPSS
Exploits1References1
Snyk
Snyk
β€’added 2026/04/17 9:48 p.m.β€’8 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization due to the heartbeat owner downgrade not properly handling untrusted webhook wake events. An attacker can maintain elevated privileges by sending specially crafted...

9.8CVSS5.8AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/17 9:35 p.m.β€’6 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization when handling collect-mode queue batches, where messages from different senders could be processed together using the authorization context of the final sender. An...

8.1CVSS5.7AI score0.0022EPSS
Exploits0References2
OSV
OSV
β€’added 2026/04/14 10:28 p.m.β€’7 views

GHSA-C29W-QQ4M-2GCV goshs has an empty-username SFTP password authentication bypass

Summary goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP password handler. As a result, an unauthenticated network...

9.8CVSS5.8AI score0.00478EPSS
Exploits1References3
vulnersOsv
vulnersOsv
β€’added 2026/04/06 6:3 p.m.β€’7 views

org.webjars.npm:vitepress (=1.0.0-draft.8) potentially affected by CVE-2026-39365 via org.webjars.npm:vite (=3.0.0-beta.9)

org.webjars.npm:vite MAVEN version =3.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vite and may be impacted: - org.webjars.npm:vitepress =1.0.0-draft.8 Source cves: CVE-2026-39365 Source advisory:...

6.3CVSS5.8AI score0.00914EPSS
Exploits1
Tenable Nessus
Tenable Nessus
β€’added 2026/04/03 12:0 a.m.β€’5 views

Linux Distros Unpatched Vulnerability : CVE-2026-20915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject...

8.5CVSS5.9AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/02 8:58 p.m.β€’6 views

Information Exposure

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure in the config.get process. An attacker can obtain sensitive plaintext signing keys by accessing configuration views that expose the secret value. Remediation Upgrade...

6.9CVSS5.9AI score
Exploits0References2
EUVD
EUVD
β€’added 2026/04/01 8:0 p.m.β€’9 views

EUVD-2026-18009

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email...

9.1CVSS5.8AI score0.00455EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/03/31 3:31 p.m.β€’3 views

EUVD-2026-17429

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

8.6CVSS6AI score0.00144EPSS
Exploits0References2
Cvelist
Cvelist
β€’added 2026/03/31 1:51 p.m.β€’24 views

CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar

Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...

8.5CVSS0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
β€’added 2026/03/31 1:44 p.m.β€’1 views

CVE-2026-33276

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

8.6CVSS6AI score0.00144EPSS
Exploits0References2Affected Software1
OSV
OSV
β€’added 2026/03/31 1:44 p.m.β€’2 views

CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

8.6CVSS6AI score0.00144EPSS
Exploits0References3
Snyk
Snyk
β€’added 2026/03/27 5:43 p.m.β€’5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the request handling flow inside the Docker daemon. An attacker can bypass authorization checks by sending specially-crafted requests that cause the authorization plugin to receive the request without its body...

8.8CVSS5.9AI score0.08123EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/03/26 7:50 p.m.β€’2 views

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision in the trusted-proxy Control UI session handling process. An attacker can retain privileged scopes without device identity by accessing...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References2
Rows per page
Query Builder