Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

527 matches found

CVE
CVEadded 2026/06/16 6:5 p.m.11 views

CVE-2026-53857

OpenClaw before 2026.5.3 is vulnerable: the policy enforcement flaw allows Zalo display-name changes to influence allowFrom policy matching, causing attackers with mutable display names to receive responses intended for other Zalo identities when the feature is enabled. Affected product: OpenClaw...

8.6CVSS5.3AI score0.00213EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/16 12:0 a.m.14 views

PT-2026-49766

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description The allowFrom feature improperly validates Discord account identity by using mutable display names instead of immutable user IDs. This allows an attacker to change their display or global name...

8.6CVSS5.5AI score0.00213EPSS
Exploits0References5
NVD
NVDadded 2026/06/12 9:16 p.m.9 views

CVE-2026-45014

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available...

5.3CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/12 8:48 p.m.27 views

CVE-2026-45014 Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available...

5.3CVSS0.00286EPSS
Exploits0References1
CVE
CVEadded 2026/06/12 8:48 p.m.16 views

CVE-2026-45014

ApostropheCMS (Node.js) is vulnerable to stored cross-site scripting in draft version tooltips via an unsanitized user display name. Affected: versions up to and including 4.29.0. Root cause: unsanitized displayName in draft tooltip output. Impact: potential stored XSS in admin/editor UI when ren...

5.3CVSS4.9AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/12 8:48 p.m.6 views

CVE-2026-45014 Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available...

5.3CVSS4.9AI score0.00286EPSS
Exploits0References1
NVD
NVDadded 2026/06/11 9:16 p.m.7 views

CVE-2026-53811

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

8.8CVSS0.00309EPSS
Exploits0References2
CVE
CVEadded 2026/06/11 8:7 p.m.12 views

CVE-2026-53811

OpenClaw is affected up to version 2026.5.7. The vulnerability is a privilege escalation in the Matrix allowFrom feature caused by mutable display name metadata, allowing authenticated accounts to match policy entries and receive agent access intended for another Matrix identity. Depending on ope...

8.8CVSS5.5AI score0.00309EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/06/11 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.7 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation issue in the Matrix allowFrom function, which allowed authenticated accounts to...

8.8CVSS5.4AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/11 12:0 a.m.7 views

PT-2026-48741

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description A privilege escalation issue exists in the Matrix allowFrom feature. Authenticated accounts can match policy entries by manipulating mutable display name metadata. This allows attackers who can...

8.8CVSS5.3AI score0.00309EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/09 7:15 p.m.9 views

CVE-2026-47106 Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...

5.4CVSS5.6AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/08 2:59 p.m.8 views

CVE-2026-11411

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument displayname results in path traversal. The attack requires a local approach. The exploit has been...

4.8CVSS5AI score0.00171EPSS
Exploits0References1
NVD
NVDadded 2026/06/06 11:16 a.m.10 views

CVE-2026-11411

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument displayname results in path traversal. The attack requires a local approach. The exploit has been...

4.8CVSS0.00171EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/06 10:45 a.m.8 views

EUVD-2026-34966

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument displayname results in path traversal. The attack requires a local approach. The exploit has been...

4.8CVSS5AI score0.00171EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/06 10:45 a.m.33 views

CVE-2026-11411 iAI Lab PDF AI App chatpdf.pro getExternalCacheDir path traversal

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument displayname results in path traversal. The attack requires a local approach. The exploit has been...

4.8CVSS0.00171EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/06/06 12:0 a.m.4 views

iAI Lab PDF AI: Podcast, Notes, Slides 路径遍历漏洞

iAI Lab PDF AI: Podcast, Notes, Slides is an artificial intelligence-based PDF document analysis tool developed by iAI Lab. Version 4.21.0 of iAI Lab PDF AI: Podcast, Notes, Slides contains a path traversal vulnerability. This vulnerability arises from improper handling of the displayname paramet...

4.8CVSS4.9AI score0.00171EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/06/05 7:36 p.m.7 views

CVE-2026-41932

Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the displayname field before sanitization occurs. Attackers can submit HTML and script markup in the username field durin...

6.1CVSS5.5AI score0.00218EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 10:17 p.m.10 views

CVE-2026-45343

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:45 p.m.9 views

CVE-2026-45343

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

5.9AI score0.00306EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/28 8:45 p.m.10 views

EUVD-2026-33055

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS5.9AI score0.00306EPSS
Exploits0References1
Rows per page
Query Builder