Lucene search
+L

19225 matches found

OSV
OSV
added 4 days ago2 views

CVE-2026-62196 OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...

8.7CVSS6.1AI score0.0023EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-62196 OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...

8.7CVSS0.0023EPSS
Exploits0References2
CVE
CVE
added 4 days ago12 views

CVE-2026-62196

OpenClaw has an authorization bypass in versions before 2026.6.6 (2026.3.22 affected). The vulnerability allows WhatsApp group IDs to satisfy elevated sender allowlists, enabling attackers with lower-trust access to perform actions that require stronger authorization by abusing group ID validatio...

8.7CVSS6.1AI score0.0023EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago12 views

CVE-2026-53364

The CVE-2026-53364 entry concerns the Linux kernel Bluetooth HCI subsystem. A memory leak in hci_le_big_terminate() occurs when iso_list_data allocated via kzalloc_obj is not freed on an early return path after evaluating PA/BIG sync state (neither pa_sync_term nor big_sync_term flags set). This ...

6AI score0.00155EPSS
Exploits0References3
OSV
OSV
added 4 days ago2 views

MAL-2026-10448 Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago10 views

Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43311

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-10085

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...

5.4CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-10085

Mattermost is affected in versions 11.7.x &lt;= 11.7.2, 11.6.x &lt;= 11.6.4, and 10.11.x

5.4CVSS6.1AI score0.0017EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-43192

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may...

5.3CVSS5.7AI score0.00207EPSS
Exploits0References6
CVE
CVE
added 6 days ago12 views

CVE-2026-15470

Technical details (affected product, versions, root cause, exploit specifics) are not publicly provided in the supplied documents. Monitor for updates.

5.3CVSS5.7AI score0.00207EPSS
Exploits0References5
NVD
NVD
added last week6 views

CVE-2026-15374

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00256EPSS
Exploits0References5
EUVD
EUVD
added last week8 views

EUVD-2026-42923

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
CVE
CVE
added last week6 views

CVE-2026-15374

Technical details beyond the initial description are not publicly available in the provided documents. Monitor for updates on CVE-2026-15374 affecting Eleveo Call Recording Software 9.7.0, specifically the /callrec/roleAddAction.do improper authorization vulnerability.

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added last week8 views

CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
Cvelist
Cvelist
added last week33 views

CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00256EPSS
Exploits0References5
OSV
OSV
added last week1 views

MINI-GRP8-2Q2P-VV64

Bulletin has no description...

6.9CVSS6.1AI score0.00175EPSS
Exploits0
CVE
CVE
added last week10 views

CVE-2026-22660

FlaskBB

8.6CVSS6AI score0.00328EPSS
Exploits0References3
The Hacker News
The Hacker News
added last week16 views

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan RAR called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware v...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/09 10:17 p.m.9 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS0.00267EPSS
Exploits0References9
Rows per page
Query Builder