Lucene search
K

378 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.5 views

CVE-2026-45001

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References4
CVE
CVE
added 2026/05/11 4:46 p.m.23 views

CVE-2026-45001

OpenClaw prior to 2026.4.20 contains a guard bypass in the agent-facing gateway config.patch and config.apply endpoints that can persist unauthorized changes to operator-trusted settings (sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:30 p.m.7 views

CVE-2026-42313 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...

8.3CVSS5.8AI score0.00396EPSS
Exploits1References1
CBLMariner
CBLMariner
added 2026/05/03 8:52 p.m.13 views

CVE-2026-31431 affecting package kernel-hwe for versions less than 6.12.85.1-1

CVE-2026-31431 affecting package kernel-hwe for versions less than 6.12.85.1-1. A patched version of the package is available...

7.8CVSS6AI score0.96267EPSS
Exploits230
Oracle linux
Oracle linux
added 2026/05/01 12:0 a.m.12 views

Unbreakable Enterprise kernel security update: Copy Fail

5.15.0-319.201.4.4 - crypto: algifaead - Fix minimum RX size check for decryption Herbert Xu Orabug: 39291961 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl Herbert Xu Orabug: 39291961 - crypto: authencesn - Fix src offset when decrypting in-place Herbert Xu Orabug: 39291961 -...

7.8CVSS6.1AI score0.96267EPSS
Exploits230
Github Security Blog
Github Security Blog
added 2026/04/25 11:51 p.m.47 views

OpenClaw: Agent gateway config mutations could change protected operator settings

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The agent-facing gateway config.patch / config.apply guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook...

5.4AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/24 2:45 p.m.5 views

EUVD-2026-25548

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: Keep the NOCHDCP clock enabled Keep the NOCHDCP clock always enabled to fix the potential hang caused by the NoC ADB400 port power down handshake...

5.3AI score0.00114EPSS
Exploits0References5
NVD
NVD
added 2026/04/21 6:16 p.m.6 views

CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS0.00166EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

XiangShan 安全漏洞

XiangShan is an open-source high-performance RISC-V processor project developed by XiangShan in China. There is a security vulnerability in XiangShan, which stems from improper control of the distributed CSR write enablement path. This vulnerability could allow local attackers to modify memory...

5.3CVSS5.8AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 8:16 p.m.7 views

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 3:48 p.m.4 views

OPENSUSE-SU-2026:20525-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group bsc1259652. - CVE-2026-28387: potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL pointer dereference when processing...

9.8CVSS7.4AI score0.01059EPSS
Exploits0References14
OpenVAS
OpenVAS
added 2026/04/13 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-8145-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.8AI score0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 11:52 a.m.2 views

CVE-2026-4621

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...

6.3CVSS5.9AI score0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.6 views

CVE-2026-31847

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

8.5CVSS5.9AI score0.00424EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:2 p.m.3 views

CVE-2025-55265

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/25 10:10 a.m.3 views

SUSE-SU-2026:1010-1 Security update 5.0.7 for Multi-Linux Manager Server

This update fixes the following issues: branch-network-formula: - Update to version 1.1.0 Enable containers on SLE15SP7 Exclude podman interfaces from sysctl setting cobbler: - Compatibility fixes for tftpboot directory setup inter-server-sync: - Version 0.3.10-0 Write log to a rotated file witho...

7.5CVSS7.1AI score0.00244EPSS
Exploits1References43
Vulnrichment
Vulnrichment
added 2026/03/20 3:37 a.m.3 views

CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

9.8CVSS5.9AI score0.003EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:9 p.m.13 views

Malicious code in sky-enablement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9712856e1dd6e76d395507a76c21d01a945d4e5490e0d747384212a4a8b7c6df The package sky-enablement was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 1:9 p.m.4 views

MAL-2026-1848 Malicious code in sky-enablement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9712856e1dd6e76d395507a76c21d01a945d4e5490e0d747384212a4a8b7c6df The package sky-enablement was found to contain malicious code...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/04 11:22 a.m.2 views

CVE-2026-1674

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References3
Rows per page
Query Builder