Lucene search
K

9199 matches found

EUVD
EUVD
added 21 hours ago4 views

EUVD-2026-43536

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...

8.7CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-62196

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...

8.7CVSS
Exploits0References2
Veracode
Veracode
added 5 days ago7 views

Improper Authorization

github.com/coder/coder is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation in the UpsertWorkspaceApp and insertAgentApp functions, which fail to verify that a supplied application ID belongs to the workspace being built before performing a cross-workspace...

8.7CVSS6AI score0.00508EPSS
Exploits0References9Affected Software2
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-59269

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS5.9AI score0.0017EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56732

Name of the Vulnerable Software and Affected Versions Pinniped go.pinniped.dev versions 0.11.0 through 0.46.0 Description A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions. This occurs when the server is configured with an...

3.8CVSS6.1AI score0.0017EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42135

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS6AI score0.00508EPSS
Exploits0References6
OSV
OSV
added 6 days ago9 views

CVE-2026-55429 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS6AI score0.00508EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

BeyondTrust Remote Support (RS) < 25.3.3 Multiple Vulnerabilities (BT26-03)

The version of BeyondTrust Remote Support RS running on the remote host is prior to 25.3.3. It is, therefore, affected by multiple vulnerabilities, including: - A critical pre-authentication vulnerability in the authentication subsystem. Improper validation of authentication data may allow a...

9.9CVSS6.2AI score0.00653EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.3 views

CVE-2026-40139

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.8CVSS6AI score0.00653EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 4:13 p.m.40 views

CVE-2026-40139 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.2CVSS0.00653EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 4:13 p.m.7 views

CVE-2026-40139 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.2CVSS6AI score0.00653EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 4:12 p.m.7 views

CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.00417EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 4:12 p.m.76 views

CVE-2026-40138

CVE-2026-40138 is a critical pre-authentication vulnerability in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. The underlying issue is improper validation of authentication data, which could let a network-positioned attacker bypass access controls and ga...

9.2CVSS6AI score0.00417EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/07/06 5:48 a.m.4 views

BIT-ELASTICSEARCH-2026-56149 Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS5.9AI score0.00324EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 8:17 p.m.11 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization via the POST /api/tunnel/tailscale-install route handler, which accepts a JSON body containing a sudoPassword field and pipes it, along with the contents o...

9.8CVSS6.2AI score0.01372EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 4:21 p.m.8 views

EUVD-2026-41072

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54864

Name of the Vulnerable Software and Affected Versions Elasticsearch affected versions not specified Description An issue exists where the allocation of resources lacks limits or throttling. A user with elevated privileges can submit a specially crafted machine learning request that triggers...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.18 views

PT-2026-54840

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.8 Wagtail versions prior to 7.3.3 Wagtail versions prior to 7.4.2 Description A reflected cross-site scripting XSS issue exists in the dynamic image URL generator view within the admin interface. An attacker with...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 10:36 p.m.4 views

SUSE-SU-2026:2686-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.3AI score0.99957EPSS
Exploits47References95
EUVD
EUVD
added 2026/06/27 12:30 a.m.7 views

EUVD-2026-39926

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References4
Rows per page
Query Builder