Lucene search
K

691 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: crypto: krb5enc – Fix for skipping hash verification during asynchronous decryption. The krb5encdispatchdecrypt function sets req-base.complete as the skcipher callback. This means that the caller’s own completion handler is...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed reference state management for synchronous callbacks Currently, the verifier verifies callback functions both synchronous and asynchronous as if they would be executed only once. The next instruction to be explored ...

6AI score0.00181EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Staging: rtl8712 – fixed bugs related to use after freeing memory. The Read/WriteMACREG callbacks are set to NULL, so the read/writemacreghdl functions do nothing other than freeing the “pcmd” pointer. This results in a...

7.8CVSS6.1AI score0.00209EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fixed a potential NULL dereference in ethtoolsetcoalesce. ethtoolsetcoalesce now uses both .getcoalesce and .setcoalesce callbacks. However, the check for their availability is buggy. Therefore, changing the...

5.5CVSS5.4AI score0.00183EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be called under the spin lock in the reported case, it happens from genpdadddevice - devpmdomainset, when the genpd uses spinlocks rather...

5.5CVSS5.6AI score0.00259EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed the potential issue of using “glock” after a file system unmount. When a DLM lockspace is released and there are still locks in that lockspace, the DLM will automatically unlock those locks. Commit fb6791d100d1b...

7.8CVSS6.2AI score0.00248EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: shaper: Protection is added for late read accesses to the hierarchy. We retrieve a netdev during the preparation of Netlink operations pre-callbacks, and then we acquire a reference to it. Later, within the body of the...

7.8CVSS4.5AI score0.00127EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fixed a kernel crash that occurred when the GPU was hard-reset. The GPU hard-reset sequence calls pmruntimeforcesuspend and pmruntimeforceresume. According to their documentation, these functions should only be...

7.1CVSS5.9AI score0.00138EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Null checks for adev-dm.dc in amdgpudmfini have been fixed. Since adev-dm.dc in amdgpudmfini might turn out to be NULL before the call to dcenabledmubnotifications, a check is performed beforehand to ensure that...

5.5CVSS5.9AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.9 views

CVE-2026-53807

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:5 p.m.30 views

CVE-2026-53807 OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:5 p.m.10 views

CVE-2026-53807 OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS5.2AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:5 p.m.12 views

EUVD-2026-36313

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:5 p.m.22 views

CVE-2026-53807

OpenClaw prior to 2026.5.6 is vulnerable to an authorization bypass in Telegram interactive callbacks via commands.allowFrom. An authenticated user can invoke affected callbacks to bypass allowlist validation and mark themselves as authorized senders, enabling command behavior outside Telegram se...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48737

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description An authorization bypass exists in Telegram interactive callbacks. Authenticated users can bypass the commands.allowFrom validation by invoking affected callbacks to mark themselves as authorized...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass in Telegram interaction callbacks, allowing authenticated users to bypass the...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48637

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS5.5AI score0.00207EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:30 p.m.3 views

Improper Validation of Specified Type of Input

Overview cordova-plugin-inappbrowser is a Cordova InAppBrowser Plugin. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the id field in messages sent from web content to the host application. An attacker can trigger arbitrary Cordova plugin...

9.5CVSS5.5AI score0.00723EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 10:22 a.m.10 views

EUVD-2026-35041

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 10:22 a.m.50 views

CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS0.00723EPSS
Exploits0References1
Rows per page
Query Builder