Lucene search
K

90 matches found

Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-60113

Name of the Vulnerable Software and Affected Versions nebula-mesh affected versions not specified Description Certificate revocation is not enforced within the mesh because the agent fails to process the blocklist provided by the server. While the server correctly computes and ships the per-CA...

8.1CVSS6AI score
Exploits0References6
NVD
NVD
added 6 days ago6 views

CVE-2026-57476

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation RAG corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.3CVSS0.00238EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42976

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation RAG corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.3CVSS6.1AI score0.00238EPSS
Exploits0References4
CVE
CVE
added 6 days ago7 views

CVE-2026-57475

Deloitte AI Assist for Customer had an unauthenticated POST vulnerability on public API endpoints that allowed a remote attacker to perform limited additions to the configuration. These changes were not used by the system. On 2026-03-25, access was restricted and authentication enforced for the e...

6.9CVSS6.2AI score0.0034EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42974

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/23 5:43 p.m.11 views

Budibase has nonymous NoSQL operator injection via published-app query templates

Summary enrichContext at packages/server/src/sdk/workspace/queries/queries.ts:121-138 substitutes parameter values into the raw JSON body of a query, then JSON.parses the result. The validator validateQueryInputs at packages/server/src/api/controllers/query/index.ts:61-71 rejects only Handlebars...

10CVSS5.9AI score0.00538EPSS
Exploits2References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/09 2:27 a.m.15 views

SUSE CVE-2026-10725

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 3:25 p.m.9 views

CVE-2026-46444 Flowise: Vector Store No Permission Checks

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.4AI score0.00327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2025-62310

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

5.4CVSS5.4AI score0.00049EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/02 11:22 a.m.13 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7.1AI score0.00606EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:55 p.m.8 views

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS6AI score0.00406EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:5 p.m.6 views

CVE-2025-62310

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

5.4CVSS5.8AI score0.00049EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 4:5 p.m.11 views

EUVD-2025-209851

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

5.4CVSS5.8AI score0.00049EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 4:5 p.m.13 views

CVE-2025-62310 HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

5.4CVSS5.8AI score0.00049EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 4:5 p.m.41 views

CVE-2025-62310 HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

5.4CVSS0.00049EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40953

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

5.4CVSS5.8AI score0.00049EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.15 views

Duplicate Advisory: OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c28g-vh7m-fm7v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner...

4.2CVSS5.8AI score0.00237EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/11 4:46 p.m.4 views

CVE-2026-44991 OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders

OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands...

2.3CVSS6.1AI score0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/11 4:46 p.m.36 views

CVE-2026-44991 OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders

OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands...

4.2CVSS0.00237EPSS
Exploits0References4
CVE
CVE
added 2026/05/09 3:35 a.m.21 views

CVE-2026-42069

CVE-2026-42069 (Kirby CMS) : Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information was not gated by permissions. The issue has been patched in Kirby 4.9.0 and 5.4.0; upgrade to those versions or later to fix the vulnerability. The problem enables unauthorized read acce...

7.1CVSS5.7AI score0.00231EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder