Lucene search
K

20 matches found

CVE
CVE
added 2026/06/11 8:7 p.m.17 views

CVE-2026-53810

OpenClaw is affected by a code execution vulnerability present before version 2026.5.18. The issue arises from marketplace runtime extension metadata that can redirect loading to unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin co...

8.8CVSS6AI score0.00419EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-28996

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.00783EPSS
Exploits0References1
HackRead
HackRead
added 2025/09/11 10:24 a.m.5 views

ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy

A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden,…...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/08/07 12:0 a.m.10 views

The vulnerability of the Extensions component of the Google Chrome browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Google Chrome browser’s Extensions component is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows an attacker who operates remotely to gain unauthorized access to protected information...

5CVSS5.5AI score0.00257EPSS
Exploits0References10Affected Software4
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.6 views

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

7.5CVSS6.8AI score0.01404EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/26 2:51 p.m.18 views

CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

5.3CVSS0.01592EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2023/08/23 12:0 a.m.16 views

The vulnerability of Google Chrome’s Autofill function for Android allows attackers to circumvent existing security restrictions.

The vulnerability of Google Chrome’s Autofill function for Android relates to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created HTML page...

6.5CVSS5.9AI score0.00762EPSS
Exploits0References6Affected Software5
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.6 views

Google Nest 授权问题漏洞

Google Nest is a smart home product by Google, an American company. Google Nest has a security vulnerability. The vulnerability allows unauthenticated nodes to forge radio frames using "Key ID Mode 2", a special mode that uses a static encryption key to bypass security checks, allowing arbitrary ...

8.8CVSS8AI score0.00106EPSS
Exploits0References2
OSV
OSV
added 2023/01/18 12:0 a.m.2 views

UBUNTU-CVE-2023-23604

A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...

6.5CVSS7.2AI score0.00463EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.4 views

Dell BIOS 安全漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. The Dell BIOS has a security vulnerability that stems from the inclusion of a competitive condition vulnerability that can be exploited by a local attacker by sending malicious input via SMI to bypass...

7CVSS7AI score0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/04 12:0 a.m.2 views

CVE-2022-26859

Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM...

7CVSS5.9AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2021/11/10 10:46 p.m.56 views

CVE-2021-40872

The CVE-2021-40872 issue affects Softing Industrial Automation uaToolkit Embedded prior to version 1.40. Affected component: the OPC/UA server implemented by uaToolkit Embedded. Root cause: invalid type cast leading to server process crash on crafted messages. Impact: remote attacker can cause a ...

7.5CVSS7.5AI score0.01463EPSS
Exploits0References2Affected Software2
Hacker One
Hacker One
added 2018/06/29 8:39 p.m.70 views

Hanno's projects: blind sql injection

Summary: There exists a possibility that your Serendipity installation is vulnerable to a blind sql injection. Description: By sending specially crafted SQL commands to /plugin/tag/ and timing how long it takes for the server to respond, it is quite possible that the blog backend is interepreting...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/02/14 12:0 a.m.37 views

TrendNet AUTHORIZED_GROUP Information Disclosure Vulnerability

Exploit for hardware platform in category web applications TrendNet AUTHORIZEDGROUP Information Disclosure Full report: https://blogs.securiteam.com/index.php/archives/3627 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes an information disclosur...

Exploits0
OSV
OSV
added 2017/10/24 6:33 p.m.19 views

GHSA-JXHW-MG8M-2PJ8 Devise does not properly perform type conversion when performing database queries

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

6.8CVSS6.7AI score0.14126EPSS
Exploits3References8
CNVD
CNVD
added 2015/09/10 12:0 a.m.4 views

Microsoft Windows Task Manager Elevation of Privilege Vulnerability (CNVD-2015-05975)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows, which can be exploited by a local attacker to bypass analog level security checks and elevate privileges...

7.2CVSS6.8AI score0.03587EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.8 views

The vulnerability of the Windows operating system, which allows a remote attacker to escalate their privileges

The Microsoft Windows operating system contains a vulnerability related to improper verification and application of impersonation levels. This allows attackers to bypass security checks and elevate their privileges, including gaining administrator account information. If exploited successfully,...

7.2CVSS5.5AI score0.02724EPSS
Exploits0References3
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.50 views

Local Java applets may read contents of local file system — Mozilla

Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on...

5.4CVSS1.6AI score0.02424EPSS
Exploits0References3Affected Software5
OpenVAS
OpenVAS
added 2012/02/03 12:0 a.m.29 views

Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01)

The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnwin01feb12.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 Windows 01 Authors:...

10CVSS0.7AI score0.04428EPSS
Exploits0References4
CVE
CVE
added 2008/04/17 4:0 p.m.56 views

CVE-2008-1862

ExBB Italia 0.22 and earlier are affected by PHP remote file inclusion vulnerabilities. The CVE-2008-1862 family describes checks on GET requests via QUERY_STRING that can be bypassed using POST or COOKIE variables, enabling RFI through URLs in the exbb[home_path] or new_exbb[home_path] parameter...

6.8CVSS6.7AI score0.03082EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder