CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

117 matches found

Packet Storm News•added 2026/04/07 12:0 a.m.•14 views

Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw

OpenClaw, the most widely deployed personal AI agent in early 2026, operates with full local system access and integrates with sensitive services such as Gmail, Stripe, and the filesystem. While these broad privileges enable high levels of automation and powerful personalization, they also expose...

5.9AI score

Exploits0

Veeam•added 2026/04/01 12:0 a.m.•64 views

How to Configure File Version Protection

Purpose This article describes how to configure Veeam Data Cloud for Microsoft 365 and Veeam Backup for Microsoft 365 to protect only the latest version of SharePoint, OneDrive, and Teams files, helping organizations mitigate Microsoft 365 throttling risks, reduce backup processing time, and...

5.5AI score

Exploits0Affected Software1

Vulnrichment•added 2026/03/06 5:3 p.m.•2 views

CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS5.7AI score0.00327EPSS

Exploits0References2

OSV•added 2026/03/04 5:56 p.m.•6 views

DRUPAL-CONTRIB-2026-021

This module moves files to and from private storage depending on the access of its owning entities. The module does not always validate the access logic correctly, resulting in files attached to an entity not being protected in certain circumstances. This vulnerability is mitigated by the fact th...

5.3CVSS6AI score0.00256EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:35 a.m.•5 views

CVE-2024-34524

In XLANG OpenAgents through fe73ac4, the allowedfile protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content...

9.1CVSS7AI score0.00505EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:8 a.m.•6 views

CVE-2020-7316

Unquoted service path vulnerability in McAfee File and Removable Media Protection FRP prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered...

7.8CVSS7.3AI score0.00369EPSS

Exploits0References1

OSV•added 2025/12/16 4:15 p.m.•4 views

CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

9.1CVSS5.8AI score0.00478EPSS

Exploits3References5

CNNVD•added 2025/12/16 12:0 a.m.•4 views

Canary Mail 安全漏洞

Canary Mail is an email client application from Canary Mail, Inc. in the United States. A security vulnerability exists in Canary Mail version 5.1.40 and earlier, which stems from a failure to add the Mark-of-the-Web tag when saving a document, which could lead to a bypass of the file protection...

9.1CVSS6.3AI score0.00478EPSS

Exploits3References5

CVE•added 2025/12/16 12:0 a.m.•19 views

CVE-2025-65318

CVE-2025-65318 : Red Hat and NVD/NVD-derived records describe a vulnerability in Canary Mail 5.1.40 and earlier where saving documents via the attachment interaction leads to files being written to the filesystem without a Mark-of-the-Web tag. This tag omission can bypass built-in file protection...

9.1CVSS6.5AI score0.00478EPSS

Exploits3References5Affected Software1