CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 3 days ago•6 views

SUSE-SU-2026:2238-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...

9.8CVSS6.8AI score0.00254EPSS

Exploits10References448

Github Security Blog•added 5 days ago•13 views

praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/issues/issueid gate access on requireworkspacememberworkspaceid only, then resolve issueid through IssueService.getissueid which is a primary-key lookup with no workspace...

5.8AI score

Exploits0References2Affected Software1

Positive Technologies•added 5 days ago•8 views

PT-2026-45488

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspace id/issues/issue id/comments and GET .../comments gate access on require workspace memberworkspace id only, then call CommentService.createissue id=issue id, ... and CommentService.list for issueissue ...

8.1CVSS5.9AI score

Exploits0References3

NVD•added last week•15 views

CVE-2018-25424

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS0.002EPSS

ATTACKERKB•added last week•9 views

CVE-2018-25424

Exploits0References4Affected Software1

CVE•added last week•14 views

CVE-2018-25424

The provided documents confirm a SQL injection vulnerability in Gate Pass Management System 2.1 affecting the login-exec.php authentication flow. Attackers can bypass authentication by submitting crafted POST requests with SQL payloads in the login and password parameters, enabling unauthenticate...

Vulnrichment•added last week•4 views

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

Cvelist•added last week•24 views

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

8.8CVSS0.002EPSS

EUVD•added last week•7 views

EUVD-2018-21946

Positive Technologies•added 2026/05/30 12:0 a.m.•8 views

PT-2026-45124

CNNVD•added 2026/05/30 12:0 a.m.•5 views

Exploits0References5

Projectworlds Gate Pass Management System SQL注入漏洞

The Projectworlds Gate Pass Management System is an open-source boarding pass management system developed by Projectworlds. Version 2.1 of the Projectworlds Gate Pass Management System has a SQL injection vulnerability. This vulnerability stems from the login and password parameters, which are...

OSV•added 2026/05/29 10:34 p.m.•6 views

GHSA-27P4-PJQV-WHGJ praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership

Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspaceid/issues/issueid/activity endpoint is gated by requireworkspacememberworkspaceid and dispatches to ActivityService.listforissueissueid, which executes SELECT FROM activity WHERE issueid = :issueid with no workspace...

6.5CVSS5.8AI score

OSV•added 2026/05/29 10:26 p.m.•3 views

GHSA-78R8-WWQV-R299 PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

8.1CVSS6.4AI score

Github Security Blog•added 2026/05/29 10:26 p.m.•16 views

PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

8.4CVSS6.4AI score0.00008EPSS

Exploits2References2Affected Software1

Snyk•added 2026/05/29 5:22 p.m.•8 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the exec approver gate process. An attacker can gain unauthorized approval capabilities by leveraging limited exec approval permissions to bypass intended...

Vulnrichment•added 2026/05/29 3:9 p.m.•6 views

CVE-2026-32906 OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

CVE•added 2026/05/29 3:9 p.m.•11 views

CVE-2026-32906

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that lets exec-authorized users resolve plugin approvals via the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions out...

Exploits0References2Affected Software1

Cvelist•added 2026/05/29 3:9 p.m.•27 views

CVE-2026-32906 OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate

4.3CVSS0.00026EPSS

ATTACKERKB•added 2026/05/29 3:9 p.m.•5 views

CVE-2026-32906