Lucene search
K

789 matches found

Nuclei
Nuclei
added yesterday80 views

Horde Groupware Unauthenticated Admin Access

Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...

10CVSS6AI score0.07986EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

When a network error occurred during page loading, the previous content could remain visible, accompanied by a blank URL bar. This could be used to disguise a spoofed website. This vulnerability affects Firefox versions earlier than 126...

7.5CVSS7.1AI score0.00541EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 6:16 p.m.13 views

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

7.3CVSS0.00114EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 4:21 p.m.8 views

CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.2AI score0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 4:21 p.m.49 views

CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 4:21 p.m.15 views

CVE-2026-6040

CVE-2026-6040 is a heap use‑after‑free vulnerability in LibreOffice related to parsing the blank‑width characters of an ODF number format. According to multiple connected disclosures, a memory access could occur when a position value read from the document is not checked against the length of the...

7.3CVSS5.3AI score0.00114EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/15 4:21 p.m.8 views

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

7.3CVSS5.3AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46299

Impact The DynamicClientRegistrationControllerregister action hard-codes confidential: false when creating applications dynamic client registration controller.rb:18-25, yet the response includes a client secret and advertises token endpoint auth methods supported: "client secret basic", "client...

6.3CVSS5.8AI score0.00058EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Python 3.7, Python 2.7

A issue in the urllib.parse component of Python prior to version 3.11.4 allows attackers to bypass blocklisting methods by providing a URL that starts with blank characters...

7.5CVSS7.5AI score0.20459EPSS
Exploits3References2
OSV
OSV
added 2026/05/08 4:32 p.m.3 views

GHSA-52CQ-7V8R-62C6 gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense

Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense The gmaps-mcp codebase was reviewed at commit e671db68c804c9e67d51582d3280839ffa65f127 and three issues worth flagging were discovered — one high-severity, one medium, one structural. There were no...

8.3CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 4:32 p.m.8 views

gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense

Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense The gmaps-mcp codebase was reviewed at commit e671db68c804c9e67d51582d3280839ffa65f127 and three issues worth flagging were discovered — one high-severity, one medium, one structural. There were no...

5.9AI score
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016519 advisory. In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, ifa password stored with passwordhash starts with a null byte \x00, testing a blank string ...

6.5CVSS6.4AI score0.0148EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.12 views

Duplicate Advisory: OpenClaw: Feishu webhook and card-action validation now fail closed

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xh72-v6v9-mwhc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validatio...

9.8CVSS6AI score0.00718EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/06 8:16 p.m.55 views

CVE-2026-44109

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...

9.8CVSS0.00718EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.5 views

CVE-2026-44109

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...

9.8CVSS6.1AI score0.00718EPSS
Exploits1References4
OSV
OSV
added 2026/04/17 10:32 p.m.1 views

GHSA-XH72-V6V9-MWHC OpenClaw: Feishu webhook and card-action validation now fail closed

Summary Feishu webhook mode accepted missing encryptKey configuration as valid and blank card-action callback tokens as usable lifecycle tokens. Together, those fail-open paths could allow unauthenticated webhook or card-action traffic to reach command dispatch in affected deployments. Impact A...

9.8CVSS5.7AI score0.00718EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These...

6.5CVSS5.8AI score0.00689EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.8 views

SUSE CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/24 11:7 a.m.12 views

CVE-2026-33168

A flaw was found in Action View, a component of the Rails framework. When a blank string is used as an HTML attribute name in Action View tag helpers, it bypasses attribute escaping, producing malformed HTML. A remote attacker could exploit this by crafting a malicious attribute value, which a we...

5.4CVSS5.8AI score0.00516EPSS
Exploits0References10
Snyk
Snyk
added 2026/03/24 12:32 a.m.4 views

Cross-site Scripting (XSS)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via custom HTML attributes passed in to tag helpers. An attacker can inject scripts that may be executed in the context of th...

4.7CVSS5.5AI score0.00516EPSS
Exploits0References2
Rows per page
Query Builder