Lucene search
+L

1884 matches found

Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-62227 OpenClaw 2026.4.14 < 2026.5.26 SSRF via Browser Snapshot

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked...

7.7CVSS0.00241EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-45005

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc to save a copy of the sent message could deliver vacation auto-reply copies into any mailbox the script could name,...

5.4CVSS6.1AI score0.00176EPSS
Exploits0References3
OSV
OSV
added 3 days ago6 views

CVE-2026-45576 zrok copy writes attacker-controlled WebDAV paths outside the destination root

zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, zrok2 copy stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the source inventory and passes them to FilesystemTarget.WriteStream, allowing the sync pipeline to write...

8.3CVSS6.1AI score0.00359EPSS
Exploits0References5
CVE
CVE
added 3 days ago16 views

CVE-2026-45576

Summary: CVE-2026-45576 affects the zrok tool. From versions 0.4.23 through 2.0.3, the zrok2 copy command stores attacker-controlled WebDAV or zrok drive paths (e.g., /../outside.txt) in the source inventory and passes them to FilesystemTarget.WriteStream, enabling writing files outside the selec...

8.3CVSS6.1AI score0.00359EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-47082

CVE-2026-47082 affects Cyrus IMAP (cyrus-imapd) up to version 3.12.2. The vacation Sieve option :fcc ignores destination mailbox ACLs, allowing a user’s vacation auto-replies to be delivered to any mailbox named by the script, even if the user lacks insert permissions on that mailbox. The issue i...

5.4CVSS6.1AI score0.00176EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-54572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serialize...

8.8CVSS5.4AI score0.00404EPSS
Exploits1References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2025-210471

A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...

7.5CVSS6AI score0.00331EPSS
Exploits0References4
OSV
OSV
added 4 days ago6 views

CVE-2026-61371

Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-time via OTRUNC, and can happen before full input validation completes “truncation-before-validation...

7.5CVSS6.1AI score0.00361EPSS
Exploits0References5
NVD
NVD
added 5 days ago9 views

CVE-2025-56364

A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...

7.5CVSS0.00331EPSS
Exploits0References3
OSV
OSV
added 5 days ago4 views

DEBIAN-CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00161EPSS
Exploits1References1
NVD
NVD
added 5 days ago9 views

CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS0.00161EPSS
Exploits1References4
NVD
NVD
added 5 days ago10 views

CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

8.8CVSS0.00404EPSS
Exploits1References4
OSV
OSV
added 5 days ago5 views

UBUNTU-CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

8.8CVSS6.1AI score0.00404EPSS
Exploits1References6
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS0.00404EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 5 days ago7 views

CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

8.8CVSS6.1AI score0.00404EPSS
Exploits1References4
OSV
OSV
added 5 days ago7 views

CVE-2026-59732 rclone archive extract allows S3 destination prefix escape via crafted archive paths

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00161EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 5 days ago8 views

CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00161EPSS
Exploits1References4
NVD
NVD
added 5 days ago8 views

CVE-2026-58478

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
CVE
CVE
added 5 days ago7 views

CVE-2025-56364

The CVE-2025-56364 entry relates to the Matter SDK (connectedhomeip) before 1.4.0, where GetDestinationGroupId().Value() can be accessed without verifying existence, causing a crash (SIGABRT) and denial of service. Root cause: use of an uninitialized value; the affected component is the Matter SD...

7.5CVSS6AI score0.00331EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-58848

Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.0 Description A use of uninitialized value occurs when the GetDestinationGroupId.Value method is called without verifying if a value exists. This happens when an InvokeCommand is sent without...

7.5CVSS6.1AI score0.00331EPSS
Exploits0References6
Rows per page
Query Builder