Lucene search
K

678 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 9:28 p.m.11 views

CVE-2026-33773

An Incorrect Initialization of Resource vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or...

6.9CVSS5.9AI score0.00201EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/09 12:0 a.m.5 views

OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-16689)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a data forgery issue vulnerability that can be exploited by an attacker to inject forged Feishu events and trigger execution by downstream tools...

9.8CVSS5.9AI score0.00247EPSS
Exploits0
CNVD
CNVD
added 2026/04/08 12:0 a.m.5 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16696)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause non-whitelisted guild members to trigger reactive events and inject reactive text into downstream session environments...

5.4CVSS5.7AI score0.00151EPSS
Exploits0
CVE
CVE
added 2026/04/07 3:6 p.m.71 views

CVE-2026-35515

NestJS/core (@nestjs/core) contains a vulnerability in SseStream._transform() where un sanitized interpolation of upstream data into SSE output allows an attacker to inject arbitrary SSE events, spoof event types, and corrupt reconnection state. The issue arises from inserting message.type and me...

6.3CVSS6AI score0.00234EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.3 views

Stealthy and Adjustable Text-Guided Backdoor Attacks on Multimodal Pretrained Models

Multimodal pretrained models are vulnerable to backdoor attacks, yet most existing methods rely on visual or multimodal triggers, which are impractical since visually embedded triggers rarely occur in real-world data. To overcome this limitation, we propose a novel Text-Guided Backdoor TGB attack...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/01 12:19 a.m.10 views

xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

Summary @xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain...

7.5CVSS5.4AI score0.00472EPSS
Exploits0References6Affected Software2
vulnersOsv
vulnersOsv
added 2026/03/30 6:31 p.m.5 views

@agentholdings/agent-passport (=0.1.0), @flomesh/ztm-chat (>=2026.3.25 <=2026.3.26) +9 more potentially affected by CVE-2026-35668 via openclaw (>=2026.3.22 <=2026.3.23)

openclaw NPM version =2026.3.22, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 Source cves: CVE-2026-35668 Source advisory: SNYK:JS-OPENCLAW-15857062...

7.7CVSS5.4AI score0.00382EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.25 views

CVE-2026-32974 OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool...

8.8CVSS0.00247EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.18 views

OpenClaw 数据伪造问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a data forgery issue vulnerability that can be exploited by an attacker to inject forged Feishu events and trigger execution by downstream tools...

9.8CVSS5.9AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 7:17 p.m.4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the processing of deprecated workflow commands in untrusted input. An attacker can inject arbitrary environment variables or modify the...

9.8CVSS6AI score0.00619EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.5 views

CVE-2026-31998

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/24 10:30 p.m.4 views

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2025-33248 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2025-33248 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871032...

7.8CVSS5.4AI score0.00208EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-27243

OpenClaw versions 2026.2.22 prior to 2026.2.24 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks to dispatch unauthorized...

6.4CVSS5.8AI score
Exploits0References5
Snyk
Snyk
added 2026/03/21 4:37 p.m.2 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the DataInterpreter component. An attacker can execute arbitrary code by injecting malicious inp...

6.5CVSS6.9AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/21 10:35 a.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the exec function in the /src/vanna/legacy file. An attacker can execute arbitrar...

6.5CVSS7AI score0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/20 8:9 a.m.25 views

CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS0.00321EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.12 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from UDM’s improper handling of PATCH requests with empty supi path parameters. UDM incorrectly converted downstrea...

8.7CVSS6.4AI score0.00321EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gw85-xp4q-5gp9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel...

9.8CVSS5.7AI score0.00321EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/19 3:30 a.m.2 views

GHSA-JQPF-VJ28-9V7R Duplicate Advisory: Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gw85-xp4q-5gp9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel...

8.3CVSS5.7AI score0.00321EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/19 1:0 a.m.4 views

EUVD-2026-13035

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References4
Rows per page
Query Builder