Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2548 matches found

OSV
OSVadded 6 days ago6 views

USN-8253-2 postfix vulnerability

USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes....

7.5CVSS5.9AI score0.00074EPSS
Exploits0References2
Ubuntu
Ubuntuadded 6 days ago6 views

USN-8253-2: Postfix vulnerability

USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes....

7.5CVSS5.6AI score0.00074EPSS
Exploits0
NVD
NVDadded 2026/05/29 4:16 p.m.13 views

CVE-2026-32905

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS0.00047EPSS
Exploits0References2
CVE
CVEadded 2026/05/29 3:9 p.m.15 views

CVE-2026-32905

OpenClaw versions before 2026.5.4 contain an authorization bypass in the bundled device-pair plugin that lets non-owner users with chat command access issue device‑pairing bootstrap codes without proper scope validation. Attackers can enroll devices with operator/node capabilities by creating set...

8.7CVSS5.8AI score0.00047EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 3:9 p.m.11 views

CVE-2026-32905 OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS5.8AI score0.00047EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/29 3:9 p.m.6 views

CVE-2026-32905

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS5.8AI score0.00047EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/29 3:9 p.m.29 views

CVE-2026-32905 OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS0.00047EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/29 3:9 p.m.7 views

EUVD-2026-33332

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS5.8AI score0.00047EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/05/29 1:15 a.m.11 views

SUSE CVE-2026-46211

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

5.9AI score0.00023EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/29 12:38 a.m.8 views

EUVD-2026-33229

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00029EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/05/29 12:0 a.m.5 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.4 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass vulnerabilities in the bundled device-pair plugin, allowing unauthorized chatters t...

8.7CVSS5.8AI score0.00047EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.6 views

PT-2026-44891

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS5.8AI score0.00047EPSS
Exploits0References3
NVD
NVDadded 2026/05/28 11:16 p.m.9 views

CVE-2026-6816

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS0.00029EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/05/28 10:50 p.m.9 views

CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00029EPSS
Exploits1References2
CVE
CVEadded 2026/05/28 10:50 p.m.11 views

CVE-2026-6816

Concretely, CVE-2026-6816 affects Drupal TFA Basic Plugins (versions 7.x-1.0 through 7.x-1.2). The issue is an access bypass in which users with the administer users permission can view or generate recovery codes for other users, enabling information disclosure of recovery credentials. The root c...

5.1CVSS5.8AI score0.00029EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/05/28 10:50 p.m.31 views

CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS0.00029EPSS
Exploits1References2
OSV
OSVadded 2026/05/28 10:16 a.m.2 views

UBUNTU-CVE-2026-46205

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of th...

7.8CVSS5.7AI score0.00013EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/28 9:40 a.m.9 views

EUVD-2026-32832

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of th...

5.8AI score0.00013EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2026/05/28 9:40 a.m.5 views

CVE-2026-46205

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of th...

7.8CVSS5.7AI score0.00013EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.11 views

PT-2026-44707

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00029EPSS
Exploits1References3
Rows per page
Query Builder