Lucene search
K

676 matches found

vulnersOsv
vulnersOsv
added 2026/03/09 7:54 p.m.13 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443481...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/09 7:53 p.m.13 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443478...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.6 views

CVE-2026-27776

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

8.8CVSS6AI score0.00367EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 9:30 a.m.6 views

EUVD-2026-9007

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

8.6CVSS7.1AI score0.00367EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 7:50 a.m.23 views

CVE-2026-27776

CVE-2026-27776 affects the IM-LogicDesigner module of the intra-mart Accel Platform. The issue is an insecure deserialization flaw that can be exploited when IM-LogicDesigner is deployed on the system. Arbitrary code execution is possible if a crafted file is imported by a user with administrativ...

8.8CVSS7.1AI score0.00367EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 7:50 a.m.4 views

CVE-2026-27776

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

8.6CVSS5.8AI score0.00367EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 7:50 a.m.4 views

CVE-2026-27776

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

8.8CVSS7.1AI score0.00367EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/02/18 12:0 a.m.6 views

CVE-2025-65791

ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...

9.8CVSS5.3AI score0.01649EPSS
Exploits2
Patchstack
Patchstack
added 2026/02/03 8:4 a.m.8 views

WordPress Arena.IM - Live Blogging for real-time events plugin <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Arena.IM - Live Blogging for real-time events plugin = 0.3.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.3.0...

6.4CVSS5.3AI score0.0025EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/02 9:33 p.m.2 views

CVE-2025-66480 Wildfire has Arbitrary File Upload via Directory Traversal in UploadFileAction

Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an endpoint /fs that handles...

9.8CVSS5.8AI score0.01395EPSS
Exploits0References3
CVE
CVE
added 2026/02/02 9:33 p.m.13 views

CVE-2025-66480

CVE-2025-66480 concerns Wildfire IM’s im-server, where the UploadFileAction (endpoint /fs) mishandles uploaded filenames. The writeFileUploadData logic directly concatenates the configured storage directory with the uploaded filename without stripping directory traversal sequences (e.g., ../../),...

9.8CVSS5.8AI score0.01395EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

im-server 代码问题漏洞

im-server is an open-source instant messaging system developed by Wildfire. Versions of im-server prior to 1.4.3 contained code vulnerabilities. These vulnerabilities stemmed from improper handling of file upload functions within the im-server components, which led to improper filename processing...

9.8CVSS6.1AI score0.01395EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.25 views

Cisco Unified Communications Manager (CUCM) Remote Code Execution (cisco-sa-voice-rce-mORhqY4b)

According to its self-reported version, the remote Cisco Unified Communications Manager is affected by a remot code execution vulnerability: - A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco...

9.8CVSS6.3AI score0.04307EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.8 views

CVE-2026-20045

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

9.8CVSS6.6AI score0.04307EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 4:26 p.m.6 views

CVE-2026-20045

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

9.8CVSS6.6AI score0.04307EPSS
In wildExploits1References2Affected Software3
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.10 views

Cisco’s various products have security vulnerabilities

Cisco Unity Connection, among others, are products of the American company Cisco. Cisco Unity Connection is a voice messaging platform. Cisco Unified Communications Manager is a call processing component within unified communication systems. Cisco Unified Communications Manager IM & Presence is a...

9.8CVSS6.4AI score0.04307EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004024)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004024 advisory. A memory leak in the bfadimgetstats function in drivers/scsi/bfa/bfadattr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory...

4.7CVSS6.4AI score0.00452EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Siemens多款产品 资源管理错误漏洞

Siemens SIMATIC ET 200AL and others are products of Siemens, Germany.Siemens SIMATIC ET 200AL is a distributed I/O system module.Siemens SIMATIC ET 200MP is a modular I/O system module for use in control cabinets for high-density channel applications. Siemens SIMATIC ET 200SP is a distributed I/O...

8.7CVSS5.8AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 12:12 a.m.11 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS6.8AI score0.0028EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.5 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.4AI score0.0028EPSS
Exploits1References3
Rows per page
Query Builder