Lucene search
+L

181 matches found

CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.5 views

CVE-2025-39795 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-39795 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS7.3AI score0.00155EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.8 views

CVE-2025-39772 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-39772 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS7.3AI score0.00136EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.7 views

CVE-2025-39812 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-39812 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS7.3AI score0.0016EPSS
Exploits0
OSV
OSV
added 2026/03/06 6:45 p.m.5 views

GHSA-9R75-G2CR-3H76 Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens

createWebhook in Vercel Workflow DevKit accepts a user-specified token parameter that serves as the credential for the public webhook endpoint /.well-known/workflow/v1/webhook/token. Official documentation recommended predictable token patterns, making it possible for an unauthenticated remote...

5.3CVSS6AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/03 9:18 p.m.8 views

OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS

Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability...

8.7CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.12 views

PT-2026-20792

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A stored Cross-Site Scripting XSS issue exists in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without proper escaping. A crafted value containing cou...

5.8CVSS5.8AI score0.00228EPSS
Exploits1References13
Cvelist
Cvelist
added 2026/02/11 12:18 p.m.27 views

CVE-2025-54147 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

5.3CVSS0.00391EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.14 views

PT-2026-7560

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A flaw exists in Qsync Central that allows a remote attacker with administrator privileges to exhaust resources, potentially preventing other systems, applications, or processes from accessin...

6.9CVSS5.5AI score0.00469EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/02/09 11:37 p.m.4 views

CVE-2023-48795 affecting package rust for versions less than 1.90.0-1

CVE-2023-48795 affecting package rust for versions less than 1.90.0-1. An upgraded version of the package is available that resolves this issue...

5.9CVSS5.4AI score0.93305EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 a.m.6 views

CVE-2026-24887

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

8.8CVSS5.6AI score0.00562EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-68160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-bas...

4.7CVSS6.6AI score0.00152EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.448.AXS4.3 (AXSA:2015-140:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-140:02 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Security issues fixed with this release: CVE-2015-3456 Tenab...

7.7CVSS7.2AI score0.15275EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/01/15 4:16 p.m.6 views

CVE-2025-64516

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...

7.5CVSS5.8AI score0.00277EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/01/09 11:0 a.m.6 views

WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Better Business Reviews versions = 0.1.1...

5.4CVSS6.8AI score0.00155EPSS
Exploits0Affected Software1
CBLMariner
CBLMariner
added 2025/12/15 4:3 p.m.5 views

CVE-2025-40083 affecting package kernel for versions less than 6.6.117.1-1

CVE-2025-40083 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...

6.8AI score0.00188EPSS
Exploits0
EUVD
EUVD
added 2025/12/08 10:4 p.m.4 views

EUVD-2025-201830

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

5.9CVSS6.3AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/08 10:4 p.m.20 views

CVE-2025-62408 c-ares has a Use After Free vulnerability when connection is cleaned up after error

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

5.9CVSS0.00396EPSS
Exploits0References2
SonicWall
SonicWall
added 2025/11/19 11:42 a.m.9 views

SonicWall Email Security Affected By Multiple Vulnerabilities

1 CVE-2025-40604 - Download of Code Without Integrity Check VulnerabilityDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system...

7.2CVSS8.2AI score0.00299EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/11/12 3:2 a.m.6 views

CVE-2025-31133 affecting package moby-runc for versions less than 1.2.8-1

CVE-2025-31133 affecting package moby-runc for versions less than 1.2.8-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.4AI score0.0067EPSS
Exploits2
SonicWall
SonicWall
added 2025/10/30 10:40 a.m.7 views

SonicWall SMA100 Potential Exposure of Sensitive Information in Log File

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.SonicWall strongly recommends that users of the SMA 100 series products SMA 210, 410, an...

4.5CVSS6.3AI score0.00437EPSS
Exploits0
Rows per page
Query Builder