Lucene search
K

9 matches found

EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-43569

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS6.2AI score
Exploits0References3
CVE
CVE
added 2026/06/30 7:44 p.m.17 views

CVE-2026-11714

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability in the apiDiscovery-1.0 feature. The issue is identified as CVE-2026-11714; IBM’s bulletin reports CVSS v3.1 base score 8.5 (PR:L, S:C, C:H/I:L/A:N). The ...

9.8CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/13 7:28 p.m.3 views

CVE-2026-33380 SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

6.3CVSS6.8AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 3:30 p.m.8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in select-organization.ftl - shown on the organization selection login page - since the organization.alias value is inserted into an inline JavaScript onclick handler. A user with manage-realm or...

6.9CVSS5.9AI score0.00226EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/31 10:59 a.m.3 views

CVE-2026-4415

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

9.2CVSS6.5AI score0.00652EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/10 2:43 p.m.4 views

Improper Validation of Unsafe Equivalence in Input

Overview alt-design/alt-redirect is an Alt Redirect addon, add Redirects to your site Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via handling of query string parameters when the "Query String Strip" feature is enabled. An attacker can...

7.2CVSS6.7AI score0.00213EPSS
Exploits0References2
NVD
NVD
added 2025/09/29 5:15 p.m.9 views

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

7.8CVSS0.0788EPSS
Exploits3References6
CVE
CVE
added 2025/09/16 10:22 p.m.15 views

CVE-2025-37129

CVE-2025-37129 describes a vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways . An authenticated attacker could exploit the built-in script execution capability to execute arbitrary commands on the underlying operating system if the feature is enabled ...

6.7CVSS7.3AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2021/04/01 3:15 a.m.5 views

CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...

3.5CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder