Lucene search
K

103 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.13 views

PT-2026-47621

Name of the Vulnerable Software and Affected Versions Nebula-Mesh versions prior to 0.3.4 Description An authorization gap in the /api/v1/ route surface allows non-admin operators to obtain broad cross-tenant access. The API trusts the bearer token for authorization without enforcing ownership...

9.9CVSS5.5AI score0.00024EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.13 views

SUSE CVE-2026-45909

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

5.8AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 3:33 p.m.12 views

EUVD-2026-32375

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

5.8AI score0.00162EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 12:17 p.m.42 views

CVE-2026-45909 clk: mediatek: Drop __initconst from gates

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

7.8CVSS0.00162EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/27 12:17 p.m.10 views

CVE-2026-45909

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

7.8CVSS5.7AI score0.00162EPSS
Exploits0
CVE
CVE
added 2026/05/27 12:17 p.m.26 views

CVE-2026-45909

CVE-2026-45909 pertains to the Linux kernel Mediatek clock-gate driver. The fix removes __initconst from mtk_gate structures because, since commit 8ceff24a... the gate structs are used at runtime, not just for initialization. Documents indicate this resolves a runtime-access issue with potentiall...

7.8CVSS5.8AI score0.00162EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43776

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mediatek clock driver where mtk gate structs were marked with initconst annotations. Because these structs are utilized during runtime and not only for...

7.8CVSS5.8AI score0.00162EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.15 views

CVE-2026-45909

clk: mediatek: Drop initconst from gates...

7.8CVSS5.8AI score0.00162EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: visconti: preventing array overflow in visconticlkregistergates This code used -1 to indicate that there was no reset function. Unfortunately, -1 was stored as a u8 value, causing the condition if clksi.rsid = 0 to always be...

7.8CVSS6.3AI score0.00234EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/13 1:27 p.m.43 views

EUVD-2026-29954

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.51 views

CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS0.00219EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.18 views

Governing AI-Assisted Security Operations: A Design Science Framework for Operational Decision Support

Engineering managers increasingly must decide how to introduce generative artificial intelligence AI, retrieval-augmented generation, and coding agents into high-risk operational functions without weakening accountability, privacy, cost discipline, or auditability. The central message of this stu...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.20 views

SOCpilot: Verifying Policy Compliance for LLM-Assisted Incident Response

Security operations centers SOCs are beginning to use large language models LLMs as copilots to draft incident-response plans. These plans may include actions that are valid per the catalog but still violate mandatory steps, required ordering, or approval gates before analyst review. SOCpilot mak...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.5 views

CVE-2026-43571

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/27 11:24 p.m.6 views

EUVD-2026-25947

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

5.3CVSS5.1AI score0.00166EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:24 p.m.5 views

CVE-2026-41367

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

5.3CVSS5.2AI score0.00166EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35555

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

5.3CVSS5.1AI score0.00166EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/24 3:26 p.m.127 views

authorized-pentest

authorized-pentest A runbook-style Claude Code skill for runn...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.4 views

Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain

Large language model LLM agents increasingly rely on third-party API routers to dispatch tool-calling requests across multiple upstream providers. These routers operate as application-layer proxies with full plaintext access to every in-flight JSON payload, yet no provider enforces cryptographic...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/31 11:58 p.m.2 views

GHSA-JP4J-Q5FC-58GV OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement

Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...

5.3CVSS5.8AI score0.00166EPSS
Exploits0References4
Rows per page
Query Builder