Lucene search
K

794 matches found

RedHat Linux
RedHat Linux
added 2 days ago3 views

X.org: xorg-x11-server: GLX contextTags Use-After-Free in CommonMakeCurrent()

A flaw was found in the X.org X11 server, specifically within the GLX OpenGL Extension to the X Window System dispatch layer. A remote attacker can exploit this vulnerability by sending a series of crafted X11 requests. This can lead to a use-after-free condition, where the server attempts to wri...

9CVSS6AI score0.00192EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-56000

A flaw was found in the X.org X11 server, specifically within the GLX OpenGL Extension to the X Window System dispatch layer. A remote attacker can exploit this vulnerability by sending a series of crafted X11 requests. This can lead to a use-after-free condition, where the server attempts to wri...

9CVSS5.9AI score0.00192EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53139

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Skip CSD when it has zeroed workgroups A compute shader dispatch encodes its workgroup counts in the CFG0..CFG2 registers. Kicking off a dispatch with a zero count in any of the three dimensions is invalid. First, the...

6.8CVSS5.8AI score0.00122EPSS
Exploits0References6
OSV
OSV
added 2026/06/24 9:41 p.m.2 views

SUSE-SU-2026:22360-1 Security update for python-starlette

This update for python-starlette fixes the following issues - CVE-2026-48817: arbitrary HTTP method dispatched to HTTPEndpoint attributes via getattr bsc1268389. - CVE-2026-54282: request path that lacks a leading forward slash can lead to request.url.hostname manipulation bsc1268520. -...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 9:39 p.m.3 views

OPENSUSE-SU-2026:21053-1 Security update for python-starlette

This update for python-starlette fixes the following issues - CVE-2026-48817: arbitrary HTTP method dispatched to HTTPEndpoint attributes via getattr bsc1268389. - CVE-2026-54282: request path that lacks a leading forward slash can lead to request.url.hostname manipulation bsc1268520. -...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fixed NULL pointer dereferencing in acpievaddressspacedispatch. A new check was added to cover missed execution paths...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 9:42 p.m.11 views

GHSA-4VRG-R928-H5VV SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

3.7CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:42 p.m.11 views

SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

5.8AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51121

Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.54.0 Description Under concurrency, the CheckPermission and CheckBulkPermissions functions can incorrectly return PERMISSIONSHIP HAS PERMISSION instead of PERMISSIONSHIP CONDITIONAL PERMISSION for a specific resourc...

3.7CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51073

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service hosted on Unix Domain Sockets using PosixIdentity client credentials may accept connections that bypass the application/unixposix stream upgrade befo...

4.4CVSS6AI score0.00109EPSS
Exploits0References12
NVD
NVD
added 2026/06/16 7:17 p.m.11 views

CVE-2026-53845

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy...

4.3CVSS0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:4 p.m.37 views

CVE-2026-53845

OpenClaw prior to version 2026.5.6 has a hook bypass in the skill-command dispatch path, where commands routed through the affected path skip the before-tool-call hook coverage, potentially bypassing auditing and policy enforcement. This is described in the CVE entry as a dispatch hook bypass vul...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 6:4 p.m.5 views

CVE-2026-53845 OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy...

2.3CVSS5.9AI score0.00185EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.33 views

PT-2026-49762

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description A hook bypass issue exists where skill commands routed through a specific dispatch path skip the runBeforeToolCallHook coverage. This allows attackers to send skill commands through the affected...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 5:39 p.m.9 views

MAL-2026-5810 Malicious code in dispatch-internal-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5993e79eab55ecc24ada6a4bce88f580c958499d51d0d7472e74aad904648964 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
NVD
NVD
added 2026/06/12 10:16 p.m.15 views

CVE-2026-53834

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.8 views

CVE-2026-53834 OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS5.3AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.44 views

CVE-2026-53834

OpenClaw (OpenClaw before 2026.4.27) contains an authorization bypass in QQBot pre-dispatch slash commands that allows authenticated senders to bypass allowFrom policy checks. Attackers can invoke slash commands before access control policies are applied, potentially triggering command handling f...

8.2CVSS5.4AI score0.00192EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53834 OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS6AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-49038

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.27 Description An authorization bypass exists in QQBot pre-dispatch slash commands. This issue allows authenticated senders to skip allowFrom policy checks, enabling them to invoke slash commands before...

8.2CVSS5.3AI score0.00192EPSS
Exploits0References5
Rows per page
Query Builder