Lucene search
K

777 matches found

OSV
OSV
added 2026/04/22 4:24 p.m.7 views

SUSE-SU-2026:1558-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks...

9.1CVSS8.5AI score0.15831EPSS
Exploits6References21
OSV
OSV
added 2026/04/22 11:9 a.m.4 views

SUSE-SU-2026:21379-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS7.4AI score0.15831EPSS
Exploits6References21
OSV
OSV
added 2026/04/22 11:7 a.m.6 views

SUSE-SU-2026:21378-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks sometimes soft-fail...

9.1CVSS7.4AI score0.15831EPSS
Exploits6References21
OSV
OSV
added 2026/04/22 10:52 a.m.7 views

OPENSUSE-SU-2026:20611-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks sometimes soft-fail...

9.1CVSS8.6AI score0.15831EPSS
Exploits6References20
OSV
OSV
added 2026/04/22 10:52 a.m.8 views

OPENSUSE-SU-2026:20612-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS5.3AI score0.15831EPSS
Exploits6References20
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013833)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013833 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode ha...

5.5CVSS5.7AI score0.00093EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-40611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write...

8.8CVSS5.7AI score0.0034EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/21 6:16 p.m.7 views

CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 6:16 p.m.5 views

UBUNTU-CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011087)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011087 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode ha...

5.5CVSS6.1AI score0.00093EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/20 5:12 a.m.7 views

Cleartext Storage in a File or on Disk

Overview Affected versions of this package are vulnerable to Cleartext Storage in a File or on Disk via the encryptauthsettings function. An attacker can access sensitive authentication information stored in cleartext by reading the affected file or disk location remotely. Remediation Upgrade...

5.3CVSS5.7AI score0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/20 2:45 a.m.5 views

CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00152EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 2:45 a.m.37 views

CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS0.00152EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 2:45 a.m.8 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00152EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the functions createproject and...

5.3CVSS5.7AI score0.00152EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/17 10:32 p.m.1 views

Insecure Default Initialization of Resource

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via improper validation of the encryptKey configuration and blank callback tokens. An attacker can ga...

9.8CVSS5.8AI score0.00718EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/17 10:32 p.m.11 views

OpenClaw: Feishu webhook and card-action validation now fail closed

Summary Feishu webhook mode accepted missing encryptKey configuration as valid and blank card-action callback tokens as usable lifecycle tokens. Together, those fail-open paths could allow unauthenticated webhook or card-action traffic to reach command dispatch in affected deployments. Impact A...

9.8CVSS5.7AI score0.00718EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/17 10:32 p.m.1 views

GHSA-XH72-V6V9-MWHC OpenClaw: Feishu webhook and card-action validation now fail closed

Summary Feishu webhook mode accepted missing encryptKey configuration as valid and blank card-action callback tokens as usable lifecycle tokens. Together, those fail-open paths could allow unauthenticated webhook or card-action traffic to reach command dispatch in affected deployments. Impact A...

9.8CVSS5.7AI score0.00718EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.11 views

PT-2026-38242

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An authentication bypass exists in the Feishu webhook and card-action validation. When the encryptKey configuration is missing or callback tokens are blank, the system fails open rather than...

9.8CVSS6AI score0.00718EPSS
Exploits1References14
GithubExploit
GithubExploit
added 2026/04/15 12:40 p.m.198 views

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 — Apache Tomcat EncryptInterceptor RCE Apa...

7.5CVSS6AI score0.15831EPSS
Exploits5
Rows per page
Query Builder