Lucene search
K

943 matches found

CVE
CVE
added 2026/04/23 9:58 p.m.15 views

CVE-2026-41354

OpenClaw

6.3CVSS5.8AI score0.00278EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34785

OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and disrupt bot workflows...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/22 1:6 a.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 1:6 a.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

5CVSS5.4AI score0.00145EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/21 6:27 a.m.6 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References28
OSV
OSV
added 2026/04/21 6:27 a.m.4 views

SUSE-SU-2026:1509-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

7.5CVSS5.7AI score0.26356EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:1478-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1478-1 advisory. Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

7.5CVSS7.3AI score0.26356EPSS
Exploits0References22
SUSE Linux
SUSE Linux
added 2026/04/20 10:9 a.m.5 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References28
OSV
OSV
added 2026/04/20 10:9 a.m.4 views

SUSE-SU-2026:1478-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

7.5CVSS6.8AI score0.26356EPSS
Exploits0References15
Veracode
Veracode
added 2026/04/18 5:8 a.m.9 views

Cross-Site Request Forgery (CSRF)

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to weak CSRF token validation relying on hash collisions in String.hashCode, which allows an attacker to forge requests with colliding tokens and perform unauthorized actions without the victim’s consent...

7CVSS5.2AI score0.00165EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/17 3:31 p.m.6 views

PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS5.6AI score0.00165EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:18 p.m.5 views

CVE-2026-40458

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS5.6AI score0.00165EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 10:52 p.m.16 views

Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths

Vulnerability Currently, when hashing, if the number of elements to hash is not a multiple of the rate, hashiter pads by elements of the current state. This means that it is possible to create iterators of different lengths which lead to an identical hashed state. Given a simple example using a...

5.8AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/16 6:31 p.m.3 views

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy due to insufficient randomness in the hash seed generation process. An attacker can cause excessive CPU consumption by submitting specially crafted XML documents that trigger hash collisions. Remediation Upgrade exp...

8.7CVSS5.8AI score0.00379EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/15 2:46 p.m.5 views

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS5.8AI score0.26356EPSS
Exploits0References28
OSV
OSV
added 2026/04/15 2:46 p.m.6 views

SUSE-SU-2026:1371-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

7.5CVSS6.4AI score0.26356EPSS
Exploits0References15
SUSE Linux
SUSE Linux
added 2026/04/15 2:16 p.m.13 views

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS5.8AI score0.26356EPSS
Exploits0References28
Rows per page
Query Builder