Lucene search
K

274 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby4.0: ruby4.0-4.0.0-33.4.hum1 aarch64, x8664 ruby4.0-bundled-gems-4.0.0-33.4.hum1 aarch64, x8664 ruby4.0-default-gems-4.0.0-33.4.hum1 noarch ruby4.0-devel-4.0.0-33.4.hum1 aarch64, x8664...

7.6CVSS5.8AI score0.00491EPSS
Exploits0References7
CVE
CVE
added 2026/06/24 6:0 a.m.14 views

CVE-2026-9710

The CVE covers the premium Cornerstone WordPress component bundled with X Theme, affected versions before 7.8.8. Root cause: a CSS-preview request handler did not enforce capability checks and exposed the nonce to every logged-in user on wp-admin pages. Impact: any authenticated user can evaluate...

7.7CVSS6AI score0.00219EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in PostgresSQL 11

In the extension script, a SQL injection vulnerability was detected in PostgreSQL when the symbols @extowner@, @extschema@, or @extschema:...@ were used within quotation marks either dollar quotes, '', or other forms of quotation marks. If an administrator has installed files from a vulnerable,...

8.8CVSS8AI score0.01572EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:15 p.m.13 views

Malicious code in @solana-labs/spl-toke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 490ce5d7e43d8a79aa85bbd24e7140ed074eee472f375092ab9b4cd650ce41f8 Package name @solana-labs/spl-toke is a one-character omission of the legitimate @solana-labs/spl-token package, abusing the official Solana Labs...

5.3AI score
Exploits0References8
NVD
NVD
added 2026/06/11 9:16 p.m.11 views

CVE-2026-53809

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS0.00093EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:6 p.m.9 views

CVE-2026-53809 OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS5.3AI score0.00093EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:6 p.m.28 views

CVE-2026-53809 OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS0.00093EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.25 contained security vulnerabilities. These vulnerabilities stemmed from a policy bypass in the embedded runner strategy, allowing requests using provider aliases to be compare...

4.8CVSS5.3AI score0.00093EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/06/09 12:0 a.m.6 views

nodejs24 security update

1:24.14.1-2.0.2 - Rebuild to correct NVR 1:24.14.1-2.0.1 - Update upstream references...

9.8CVSS6.9AI score0.26356EPSS
Exploits1
Mageia
Mageia
added 2026/06/05 5:37 p.m.12 views

Updated xmlrpc-c packages fix security vulnerabilities

This update fixes the vulnerabilities by no longer building with the vulnerable bundled libexpat version...

9.8CVSS6.6AI score0.34174EPSS
Exploits2References1
OSV
OSV
added 2026/06/05 5:37 p.m.17 views

MGASA-2026-0173 Updated xmlrpc-c packages fix security vulnerabilities

This update fixes the vulnerabilities by no longer building with the vulnerable bundled libexpat version...

9.8CVSS6.6AI score0.34174EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.9 views

PT-2026-49600

This update fixes the vulnerabilities by no longer building with the vulnerable bundled libexpat version...

5.3AI score
Exploits0References3
Ubuntu
Ubuntu
added 2026/05/28 7:46 p.m.20 views

USN-8344-1: pip vulnerabilities

It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker...

8.9CVSS6.8AI score0.00622EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.19 views

SUSE CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

7.3CVSS5.8AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 12:3 a.m.18 views

MAL-2026-4777 Malicious code in xct-x-ayoub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33575d7ebb1fa670ce8a2f633471492b04319daffe0f1e10dd35841cf2709af On import XcTxAyOuB, the package's top-level init.py unconditionally starts a Flask HTTP server bound to 0.0.0.0:5000 configurable via PORT exposing...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:3 a.m.13 views

Malicious code in xct-x-ayoub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33575d7ebb1fa670ce8a2f633471492b04319daffe0f1e10dd35841cf2709af On import XcTxAyOuB, the package's top-level init.py unconditionally starts a Flask HTTP server bound to 0.0.0.0:5000 configurable via PORT exposing...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.8 views

Fedora 44 : pypy (2026-130f7539d3)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-130f7539d3 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.21 views

EUVD-2026-29143

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

5.4CVSS5.8AI score0.00706EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 4:46 p.m.37 views

CVE-2026-44998 OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

5.4CVSS0.00706EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 4:46 p.m.19 views

CVE-2026-44998

OpenClaw prior to version 2026.4.20 contains a tool policy bypass vulnerability in which bundled MCP and LSP tools can be appended to the effective tool set after policy filtering. This allows attackers with local agent access to bypass profile policies, allow/deny lists, owner-only restrictions,...

5.4CVSS5.8AI score0.00706EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder