Lucene search
K

789 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23461

Name of the Vulnerable Software and Affected Versions RustDesk Server Pro versions through 1.7.5 Description A security issue exists in RustDesk Server Pro related to the transmission of sensitive information in cleartext. The vulnerability is present in the address book sync API modules and allo...

7.5CVSS5.8AI score0.00261EPSS
Exploits2References8
Snyk
Snyk
added 2026/03/04 6:55 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the processing of Slack interactive callbacks, specifically blockaction, viewsubmission, and viewclosed. An attacker can inject unauthorized system-event text...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 11:18 p.m.7 views

GHSA-534W-2VM4-89XR OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch

A missing group-sender authorization check in the Zalo plugin allowed unauthorized GROUP messages to enter agent dispatch paths in configurations intended to restrict group traffic. Impact When Zalo group handling was configured with allowlist-style controls, a sender not present in the intended...

5.3CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 11:17 p.m.9 views

OpenClaw has Canvas route hardening for mixed-trust deployments

Summary This advisory tracks a defense-in-depth hardening for canvas routes. In mixed-trust or network-visible deployments, prior canvas auth/fallback behavior could broaden access beyond intended boundaries. Deployment Context OpenClaw’s default model is trusted host + loopback-first access. Som...

5.9AI score
Exploits0References4Affected Software1
Android Security Bulletins
Android Security Bulletins
added 2026/03/03 12:0 a.m.18 views

Pixel Watch Security Bulletin—March 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2026-03-05 or later address all issues in this bulletin and all issues in the March 2026 Android Security Bulletin and all issu...

7.2CVSS6.4AI score0.0013EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/02 9:55 p.m.10 views

CpenClaw's ACPX Windows wrapper shell fallback allowed cwd injection in specific paths

Summary On Windows ACPX paths, wrapper resolution for .cmd/.bat could fall back to shell execution in ways that allowed cwd influence to alter execution behavior. Impact In affected Windows ACPX configurations, this could enable command execution integrity loss through cwd-influenced wrapper...

7.8CVSS6.1AI score0.00241EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/02/21 8:5 a.m.6 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.0048EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.7 views

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS5.6AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/12 6:25 p.m.24 views

CVE-2026-21438 webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS0.00366EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 6:25 p.m.5 views

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS5.6AI score0.00366EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 3:29 p.m.12 views

webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map

Summary An attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. Details webtransport-go maintains an internal map tracking...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/12 3:29 p.m.10 views

GHSA-2F2X-8MWP-P2GC webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map

Summary An attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. Details webtransport-go maintains an internal map tracking...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

webtransport-go 安全漏洞

webtransport-go is an open-source Go language library developed by quic-go. Versions of webtransport-go prior to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the failure to remove closed streams from the internal session mapping, which could lead to unlimited memo...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References3
Veracode
Veracode
added 2026/02/06 9:6 a.m.5 views

Denial Of Service (DoS)

org.hibernate.reactive, hibernate-reactive-core is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of prematurely closed HTTP connections during database operations, which allows an attacker to exhaust the database connection pool by forcing connection leaks...

4.3CVSS5.5AI score0.00376EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2026/01/27 12:0 a.m.187 views

📄 Lighttpd 1.4.66 FastCGI Resource Exhaustion

Proof of concept exploit for a resource exhaustion vulnerability that exists in lighttpd versions 1.4.56 through 1.4.66 affecting FastCGI and other gateway backends. When processing HTTP/1.1 requests using chunked transfer encoding with request-body streaming enabled, an anomalous client disconne...

7.5CVSS5.9AI score0.02714EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/01/23 12:0 a.m.229 views

📄 Lighttpd 1.4.66 Resource Leak Denial of Service

Lighttpd versions 1.4.56 through 1.4.66 has a resource exhaustion vulnerability affecting gateway backends such as FastCGI. When handling an HTTP/1.1 request with chunked transfer encoding and request-body streaming enabled, lighttpd mishandles an anomalous client disconnect RDHUP / half-closed T...

7.5CVSS5.6AI score0.02714EPSS
Exploits4
Zero Science Lab
Zero Science Lab
added 2026/01/23 12:0 a.m.224 views

Lighttpd 1.4.56 - 1.4.66 Resource Leak Denial of Service PoC

Summary lighttpd pronounced /lighty/ is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set FastCGI, CGI, Aut...

7.5CVSS7AI score0.02714EPSS
Exploits4
OSV
OSV
added 2026/01/09 2:6 p.m.12 views

OESA-2026-1047 xnio security update

XNIO is a simplified low-level I/O layer which can be used anywhere you are using NIO today. It frees you from the hassle of dealing with Selectors and the lack of NIO support for multicast sockets and non-socket I/O, while still maintaining all the capabilities present in NIO, and it opens the...

7.5CVSS6.6AI score0.01183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.14 views

CVE-2020-12113

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used...

6.1CVSS5.8AI score0.00947EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2026/01/07 7:27 a.m.6 views

Agent Grant: From Identity Signals to Measurable Risk Reduction

Executive Summary Identity is now the 1 attack surface. Agent Grant in Qualys ETM Identity uses agentic AI to measure and reduce identity risk across AD, Entra, Okta & other cloud IdPs/IDaaS. It operationalizes identity risk by turning messy Active Directory & identity-risk signals into validated...

7.1AI score
Exploits0
Rows per page
Query Builder