Lucene search
K

131 matches found

Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41668

Name of the Vulnerable Software and Affected Versions SGLangs affected versions not specified Description The multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default. It contains a sink that calls the pickle.loads function on incoming messages, which can lead to remote...

9.8CVSS6.4AI score0.00399EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit ho...

8.8CVSS6AI score0.00223EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 6:30 p.m.15 views

EUVD-2026-27872

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...

8.8CVSS6AI score0.00223EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 5:16 p.m.12 views

CVE-2026-42503

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...

8.8CVSS0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 4:20 p.m.7 views

CVE-2026-42503 Accidental binding to INADDR_ANY might lead to RCE in golang.org/x/tools/gopls

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...

6AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37661

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...

8.8CVSS6AI score0.00223EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the...

7.5CVSS5.7AI score0.0041EPSS
Exploits1References1
Veracode
Veracode
added 2026/03/19 11:4 a.m.7 views

Authentication Bypass

github.com/hashicorp/terraform-provider-vault is vulnerable to Authentication Bypass. The vulnerability is due to the default denynullbind parameter being set to false in the LDAP auth method, which allows an attacker to authenticate using anonymous or unauthenticated binds when the LDAP server...

9.8CVSS6AI score0.00492EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/16 4:23 p.m.4 views

GHSA-WVXV-4J8Q-4WJQ Glances exposes the REST API without authentication

Summary Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys, tokens to any network client. Details Root Cause: Authentication is...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 4:23 p.m.5 views

Glances exposes the REST API without authentication

Summary Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys, tokens to any network client. Details Root Cause: Authentication is...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:7 p.m.1 views

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the...

7.1CVSS5.7AI score0.0041EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:57 a.m.5 views

CVE-2026-27901

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...

6.1CVSS5.4AI score0.00214EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.5 views

CVE-2026-27002

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...

9.8CVSS5.4AI score0.00479EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/18 10:42 p.m.5 views

Execution with Unnecessary Privileges

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the sandbox.docker configuration. An attacker can gain unauthorized access to host resources or execute arbitrary commands on the host by injecti...

9.8CVSS6AI score0.00479EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 10:42 p.m.3 views

GHSA-W235-X559-36MG OpenClaw: Docker container escape via unvalidated bind mount config injection

Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. Affected Packages / Versions - Package: openclaw npm - Affected versions: =...

7.7CVSS5.5AI score0.00479EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20964

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...

9.8CVSS5.1AI score0.00479EPSS
Exploits0References12
OSV
OSV
added 2026/02/17 5:9 p.m.6 views

GHSA-QW99-GRCX-4PVM OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback

Summary The Chrome extension relay ensureChromeExtensionRelayServer previously treated wildcard hosts 0.0.0.0 / :: as loopback, which could make it bind the relay HTTP/WS server to all interfaces when a wildcard cdpUrl was passed. Impact If configured with a wildcard cdpUrl, relay HTTP endpoints...

6.5CVSS5.6AI score0.00396EPSS
Exploits0References7
Veracode
Veracode
added 2026/02/11 7:19 a.m.6 views

Authentication Bypass

org.apache.druid.extensions:druid-basic-security is vulnerable to an Authentication Bypass. The vulnerability is due to improper validation of LDAP authentication responses when anonymous binds are permitted, which allows an attacker to bypass authentication by supplying an existing username with...

9.8CVSS5.5AI score0.01034EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/10 10:15 a.m.6 views

CVE-2026-23906

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

9.8CVSS0.01034EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 10:15 a.m.4 views

CVE-2026-23906

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

9.8CVSS5.6AI score
Exploits0References2
Rows per page
Query Builder