Lucene search
+L

138 matches found

Malwarebytes
Malwarebytes
added 2 days ago7 views

Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords

Shark’s cloud-connected robot vacuums are currently exposed by an unpatched AWS Amazon Web Services IoT Internet of Things policy flaw that could turn one compromised device into a remote-control skeleton key for many others in the same region, with access to cameras, maps, and Wi‑Fi passwords. A...

6AI score
Exploits0
CVE
CVE
added 3 days ago10 views

CVE-2026-54568

CVE-2026-54568 affects Microsoft UFO (open‑source framework). From 3.0.0 through 3.0.6, a client connected as a DEVICE to the UFO WebSocket server could call DEVICE_INFO_REQUEST with another device’s target_id and receive that device’s server‑side system_info due to missing constellat ion/ object...

4.3CVSS6.1AI score0.00536EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-54568 Microsoft UFO: Missing Authorization in DEVICE_INFO_REQUEST Allows a DEVICE Client to Read Another Device's system_info

Microsoft UFO open-source framework for intelligent automation across devices and platforms. From 3.0.0 until 3.0.6, a client connected to the UFO WebSocket server as a DEVICE could call DEVICEINFOREQUEST with another device's targetid and receive that device's server-side systeminfo through...

4.3CVSS6.1AI score0.00536EPSS
Exploits0References5
Fedora
Fedora
added 2026/07/05 1:10 a.m.15 views

[SECURITY] Fedora 44 Update: nextcloud-33.0.6-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.7CVSS7.1AI score0.01041EPSS
Exploits8
Fedora
Fedora
added 2026/06/17 8:26 a.m.10 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.5-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.1CVSS5.3AI score0.00392EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.5AI score0.00225EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/04 12:0 a.m.16 views

(Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability

This vulnerability allows remote attackers to access restricted functionality on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS5.3AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 p.m.23 views

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:56 p.m.12 views

EUVD-2026-32677

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:56 p.m.12 views

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 9:56 p.m.48 views

CVE-2026-46538 Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:56 p.m.13 views

CVE-2026-46538 Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability stems from variable instance fields being overwritten in the shared WebSocket processor instances, whi...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

UFO³ 数据伪造问题漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a data manipulation vulnerability. This vulnerability arises from the fact that task responses are tracked using only the sessionid without verifyi...

5.9CVSS5.7AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44121

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description The constellation client in this open-source framework for intelligent automation tracks pending task responses using only the session id and fails to verify if a TASK END message originated...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References3
Fedora
Fedora
added 2026/05/10 3:23 a.m.39 views

[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.5AI score0.02474EPSS
Exploits15
The Hacker News
The Hacker News
added 2026/05/06 8:34 a.m.13 views

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool RAT and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. "According to the functionalities of the CloudZ RAT and Pheno plugin, this was...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/29 10:8 a.m.6 views

CVE-2026-35364

A flaw was found in the mv utility of uutils coreutils. A local attacker with write access to a destination directory can exploit a Time-of-Check to Time-of-Use TOCTOU race condition during cross-device file operations. This allows the attacker to replace the intended destination with a symbolic...

6.3CVSS5.5AI score0.00091EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/29 10:8 a.m.6 views

CVE-2026-35354

A flaw was found in the mv utility of uutils coreutils. A local attacker with write access to a directory can exploit a Time-of-Check to Time-of-Use TOCTOU vulnerability during cross-device moves. This race condition allows the attacker to swap files between system calls, leading to the destinati...

4.7CVSS5.3AI score0.00091EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/25 11:49 p.m.13 views

OpenClaw: Paired-device pairing actions were not limited to the caller device

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact A paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope...

5.4AI score
Exploits0References3Affected Software1
Rows per page
Query Builder