Lucene search
K

7070 matches found

Nuclei
Nuclei
added yesterday133 views

Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution

Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...

8.8CVSS7.6AI score0.7699EPSS
Exploits6References5
Nuclei
Nuclei
added 3 days ago59 views

Micro Focus UCMDB - Remote Code Execution

Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge containerized 2020.05, 2019.08, 2019.0...

10CVSS7.2AI score0.74232EPSS
Exploits3References5
Veracode
Veracode
added 4 days ago5 views

Improper Certificate Validation

Coder is vulnerable to Improper Certificate Validation. The vulnerability is due to the AI Bridge Proxy aibridgeproxyd creating a default HTTPS transport with InsecureSkipVerify enabled when no upstream proxy is configured, which allows an on-path man-in-the-middle attacker to present a forged TL...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2535)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...

9.8CVSS6.9AI score0.0138EPSS
Exploits15References167
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...

9.8CVSS6.9AI score0.0138EPSS
Exploits15References167
Tenable Nessus
Tenable Nessus
added 4 days ago8 views

Coder 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 AI Bridge Proxy TLS Verification Bypass

The version of Coder installed on the remote host is 2.30.x prior to 2.32.7, 2.33.x prior to 2.33.8, or 2.34.x prior to 2.34.2. It is, therefore, affected by a vulnerability. The AI Bridge Proxy skips TLS certificate verification in the default configuration. The proxy created a goproxy server...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 5 days ago12 views

CVE-2026-59726

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS0.00442EPSS
Exploits0References4
NVD
NVD
added 5 days ago9 views

CVE-2026-58378

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS0.00242EPSS
Exploits0References2
CVE
CVE
added 5 days ago13 views

CVE-2026-58378

CVE-2026-58378 affects the Allwinner H616 TV Box TV98 where ADB is enabled and exposed on production to the network. The vulnerability can allow an attacker to request ADB authorization and obtain root privileges if the user authorizes access. Public metrics show a high severity (CVSS v3.1/4.0 ba...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42661

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 5 days ago38 views

CVE-2026-59726

Affected software: Ruflo, an agent meta-harness for Claude Code and Codex. Vulnerability: unauthenticated access to the MCP bridge endpoints POST /mcp and POST /mcp/:group in the default docker-compose deployment prior to version 3.16.3. Root cause / impact: unauthenticated network attacker could...

10CVSS6AI score0.00442EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59726 Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS0.00442EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59726

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS6AI score0.00442EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42656

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS6AI score0.00442EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42626

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS5.7AI score0.00683EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-15193

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS5.5AI score0.00683EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-15193 AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS0.00683EPSS
Exploits0References7
CVE
CVE
added 5 days ago12 views

CVE-2026-15193

CVE-2026-15193 affects AidanPark openclaw-android up to 0.4.0. The issue resides in Android WebView Bridge's JsBridge.kt (unknown function) and enables OS command injection via local access. Publicly disclosed exploit details exist, and a fix is awaiting acceptance in a pull request. Remediation ...

5.3CVSS5.7AI score0.00683EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56898

Name of the Vulnerable Software and Affected Versions Ruflo versions prior to 3.16.3 Description The default docker-compose deployment exposes the MCP bridge endpoints 'POST /mcp' and 'POST /mcp/:group' without authentication. This allows an unauthenticated network attacker to invoke the terminal...

10CVSS6.1AI score0.00442EPSS
Exploits0References12
NVD
NVD
added 6 days ago6 views

CVE-2026-59804

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...

7.6CVSS0.00213EPSS
Exploits0References4
Rows per page
Query Builder