Lucene search
K

2035 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35019

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular locking dependency exists in the uinput component when using a force-feedback gamepad. This issue occurs through a cycle of four lock acquisition paths involving ff-mutex,...

7.8CVSS5.8AI score0.00378EPSS
Exploits0References143
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.12 views

ARES: Adaptive Red-Teaming and End-To-End Repair of Policy-Reward System

Reinforcement Learning from Human Feedback RLHF is central to aligning Large Language Models LLMs, yet it introduces a critical vulnerability: an imperfect Reward Model RM can become a single point of failure when it fails to penalize unsafe behaviors. While existing red-teaming approaches...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.12 views

SDLLMFuzz: Dynamic-Static LLM-Assisted Greybox Fuzzing for Structured Input Programs

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on mutation-based strategies and coarse-grained coverage feedbac...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/17 11:49 a.m.104 views

exploitra

🚀 EXPLOITRA v1.0 - Advanced Vulnerability Engine EXPLOITRA...

7.8CVSS5.8AI score0.00758EPSS
Exploits2
Fedora
Fedora
added 2026/04/16 11:42 p.m.7 views

[SECURITY] Fedora 44 Update: kf6-kuserfeedback-6.25.0-1.fc44

Framework for collecting user feedback for apps via telemetry and surveys...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/16 9:31 a.m.6 views

EUVD-2026-23209

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 7:16 a.m.7 views

CVE-2026-3875

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 6:44 a.m.7 views

CVE-2026-3875

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/16 6:44 a.m.3 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.11 views

PT-2026-33277

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs feedback form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possib...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.7 views

CVE-2026-39475

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

8.5CVSS5.9AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.5 views

CVE-2026-39476

Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through = 1.10.1...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.8 views

PT-2026-35845

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description Insufficient validation of untrusted input in the Feedback component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a...

9.6CVSS6.2AI score0.00433EPSS
Exploits0References40
NVD
NVD
added 2026/04/10 5:17 p.m.23 views

CVE-2026-35654

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS0.00227EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35654

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35654 OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 4:3 p.m.18 views

CVE-2026-35654

OpenClaw before 2026.3.25 has an authorization bypass in Microsoft Teams feedback invoke endpoints that lets an unauthorized sender trigger recording of session feedback or reflection. Attackers can bypass sender allowlists, enabling unauthorized access to feedback-related actions. The cited CVE ...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.23 views

CVE-2026-35654 OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 4:3 p.m.5 views

EUVD-2026-21454

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-31965

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References4
Rows per page
Query Builder