CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

EUVD•added 2026/04/24 12:31 a.m.•2 views

EUVD-2026-25344

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script...

6.7CVSS6AI score0.00013EPSS

Exploits0References4

NVD•added 2026/04/23 10:16 p.m.•2 views

CVE-2026-41360

6.7CVSS0.00013EPSS

Exploits0References3

CVE•added 2026/04/23 9:58 p.m.•9 views

CVE-2026-41360

OpenClaw

6.7CVSS6AI score0.00013EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34791

6.7CVSS6AI score0.00013EPSS

Exploits0References5

CNNVD•added 2026/04/23 12:0 a.m.•4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from a integrity approval vulnerability present in pnpm dlx. The vulnerability allowed local script operation...

6.7CVSS5.9AI score0.00013EPSS

Exploits0References1

OSV•added 2026/04/07 6:15 p.m.•1 views

GHSA-W6WX-JQ6J-6MCJ OpenClaw: pnpm dlx approvals did not bind local script operands

Summary Before OpenClaw 2026.4.2, pnpm dlx approval planning did not bind local script operands the same way as related pnpm exec flows. A local script approved through a pnpm dlx path could be replaced before execution without invalidating the approval. Impact An operator could approve a benign...

6.9CVSS6AI score

Exploits0References3

Snyk•added 2026/04/07 6:15 p.m.•1 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the approval process for local scripts in pnpm dlx. An attacker can execute unauthorized or modified scripts by replacing an approved local script after...

6.9CVSS5.8AI score0.00013EPSS

Exploits0References2

Github Security Blog•added 2026/04/07 6:15 p.m.•3 views

OpenClaw: pnpm dlx approvals did not bind local script operands

6AI score

Exploits0References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-4453

Malware in sbrugna...

8.8CVSS9.1AI score0.03913EPSS

Exploits13References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-4452

Malware in sbrugna...

10CVSS9.3AI score0.0227EPSS

Exploits12References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-3895

Malicious code in bioql PyPI...

4.4CVSS8.9AI score0.00051EPSS

Exploits0References1

NVD•added 2025/01/24 6:15 p.m.•7 views

CVE-2025-24703

Server-Side Request Forgery SSRF vulnerability in Ronald Huereca Comment Edit Core – Simple Comment Editing simple-comment-editing allows Server Side Request Forgery.This issue affects Comment Edit Core – Simple Comment Editing: from n/a through = 3.0.33...

4.4CVSS0.00051EPSS

Exploits0References1

Vulnrichment•added 2025/01/24 5:25 p.m.•9 views

CVE-2025-24703 WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in DLX Plugins Comment Edit Core – Simple Comment Editing allows Server Side Request Forgery. This issue affects Comment Edit Core – Simple Comment Editing: from n/a through 3.0.33...

4.4CVSS4.8AI score0.00051EPSS

Exploits0References1

Positive Technologies•added 2025/01/24 12:0 a.m.•1 views

PT-2025-5517 · Unknown · Dlx Plugins Comment Edit Core

Name of the Vulnerable Software and Affected Versions: DLX Plugins Comment Edit Core – Simple Comment Editing versions through 3.0.33 Description: A Server-Side Request Forgery SSRF issue affects the software, allowing for Server Side Request Forgery. Recommendations: For versions through 3.0.33,...

4.4CVSS7AI score0.00051EPSS

Exploits0References3

Tenable Nessus•added 2019/05/08 12:0 a.m.•13 views

Rockwell Automation PointIO 24Vdc 8pt Config DLX 1734-8CFGDLX/C General Purpose Discrete I/O

Binary data 752662.prm...

7.3AI score

Exploits0References1

Tenable Nessus•added 2019/05/08 12:0 a.m.•14 views

Rockwell Automation ArmorPoint 24V 8pt Confg DLX M12 1738-8CFGDLXM12/A General Purpose Discrete I/O

Binary data 752663.prm...

7.3AI score

Exploits0References1

Tenable Nessus•added 2019/05/08 12:0 a.m.•9 views

Rockwell Automation ArmorPoint 24V 8pt Confg DLX M23 1738-8CFGDLXM23/A General Purpose Discrete I/O

Binary data 752665.prm...

7.3AI score

Exploits0References1

CNVD•added 2017/09/22 12:0 a.m.•2 views

TecnoVISION DLX Spot Player4 Elevation of Privilege Vulnerability

TecnoVISION DLX Spot Player4 is a control management software for LED video walls from TecnoVISION Australia. A security vulnerability exists in TecnoVISION DLX Spot Player4, which originates from the use of the hardcoded password 'tecn0visi0n' for the dlxuser account. The vulnerability can be...

10CVSS7.1AI score0.0227EPSS

Exploits12References1

Prion•added 2017/09/21 4:29 p.m.•9 views

Design/Logic Flaw

Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version 1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution...

6.5CVSS9AI score0.03913EPSS

Exploits13References1

NVD•added 2017/09/21 4:29 p.m.•6 views

CVE-2017-12930

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version 1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password...

9.8CVSS9.7AI score0.0304EPSS

Exploits12References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by