Lucene search
K

1208 matches found

Circl
Circl
added 2026/04/09 9:1 p.m.3 views

CVE-2026-29146

creationtimestamp| type| source ---|---|--- 2026-04-09 21:01:14+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mj3pckzmjc2j 2026-04-09 22:48:44+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj3vcs73fa25 2026-04-09 23:23:44+00:00| seen|...

7.5CVSS7.3AI score0.03494EPSS
Exploits1References7
Hacker One
Hacker One
added 2026/04/02 9:46 p.m.22 views

curl: Negotiate connection reuse with wrong credentials when using CURLAUTH_ANY

Summary: CVE-2026-1965 fixed connection reuse for Negotiate authentication by adding urlmatchauthnego in urlmatchconn at line 1244 of lib/url.c. When a first handle authenticates via Negotiate Kerberos on a connection and that connection returns to the pool, a second handle with different...

6.5CVSS5.6AI score0.00259EPSS
Exploits0
NVD
NVD
added 2026/04/01 9:17 p.m.5 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS0.00337EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 9:17 p.m.2 views

DEBIAN-CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

5.3CVSS5.3AI score0.00337EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.3 views

PT-2026-29607

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description When following redirects to a different origin, aiohttp removes the Authorization header while keeping the Cookie and Proxy-Authorization headers. This could lead to the leakage of sensitive...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References302
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.5 views

SUSE CVE-2026-33729

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...

9.8CVSS5.9AI score0.00241EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 12:43 p.m.7 views

Malicious code in server-fpti (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90fb70466093bba29ed5b8f62a9734b95ff7011add06482beec9546984f11c3 The package server-fpti was found to contain malicious code. Source: ghsa-malware 59d0d75db844e966a9f5cc0e311ca6f2385abdf95ca0ee2387c23be8342f0fb2 An...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/23 1:47 p.m.7 views

Malicious code in shakti-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdac10e664bf4e0a73263401629caf12d2ed80e3cf76f36fa18a7c2d599e5229 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/23 1:45 p.m.7 views

CLSA-2026-1774273500 curl: Fix of CVE-2026-3784

CVE-2026-3784: fix proxy connection reuse with different credentials - update outdated timestamps in test 046...

6.5CVSS7.1AI score0.00302EPSS
Exploits1References1
OSV
OSV
added 2026/03/22 6:26 p.m.7 views

MAL-2026-2073 Malicious code in @airtm/uuid-base32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5843013e1c89122451c17ec535f73c4e36dc3596c32522dd9b03bbb68637c4f3 The package @airtm/uuid-base32 was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:21 p.m.7 views

Malicious code in @opengov/ppf-backend-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8323ddb6e5666c3c6e638547538eda9089f97e0e3605f39b2a561d9a436d8fd4 The package @opengov/ppf-backend-types was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:17 p.m.5 views

Malicious code in @emilgroup/account-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0f59f1f2e562d8ef982bd182aa7338ac92a6d5b4b86234568efb7ed5cb09bd7 The package @emilgroup/account-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:14 p.m.6 views

Malicious code in @emilgroup/api-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58c245a310d05383d1fdf2e98691e5ea42d0505bdab8e27120537609d6bb4acd The package @emilgroup/api-documentation was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.8 views

Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered...

6.5CVSS6AI score0.0029EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/21 1:17 a.m.4 views

CVE-2026-32065

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

4.8CVSS6.2AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32065

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.1AI score0.0029EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.27 views

CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:51 p.m.3 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/20 4:55 a.m.4 views

MAL-2026-1974 Malicious code in @fr3newera/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fba6d334ab723d77261982b048c8728dfdd60454bac47a0c23322ac7251e4c8 The package @fr3newera/baileys was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/20 4:54 a.m.4 views

MAL-2026-1982 Malicious code in xyztttxyz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ec60812ab8ac06f92ad0543c7a16f930da49afbc1ca5e10e6cabffe3ffe1ddb The package xyztttxyz was found to contain malicious code. Source: ghsa-malware c7299da569fb2428ffb4bcb1641a07a7879e89460f46405e2257197a6f4fe2a3 Any...

5.7AI score
Exploits0References1
Rows per page
Query Builder