Lucene search
K

9 matches found

EUVD
EUVD
added 16 hours ago5 views

EUVD-2026-42704

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...

6.9CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.5 views

CVE-2026-4982

A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 1:16 p.m.3 views

CVE-2026-4982

A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...

7.3CVSS0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 12:32 p.m.22 views

CVE-2026-4982 Unauthorized access to chat contents

A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...

7.3CVSS0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 12:32 p.m.4 views

EUVD-2026-16593

A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:32 p.m.1 views

CVE-2026-4982

A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/03/27 12:32 p.m.10 views

CVE-2026-4982

CVE-2026-4982 affects Venueless where a user with the privilege “update world” can exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The vulnerability arises from the reporting component allowing cross-world access ...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-28703

Name of the Vulnerable Software and Affected Versions Venueless affected versions not specified Description A user possessing the "update world" permission within any Venueless world can potentially extract chat messages from direct messages or channels in other worlds on the same server. This is...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 9:39 p.m.3 views

GHSA-MQPW-46FH-299H OpenClaw authorization bypass: operator.write can resolve exec approvals via chat.send -> /approve

Summary What this means plain language If you give a client “chat/write” access to the gateway operator.write but you do not intend to let that client approve exec requests operator.approvals, affected versions could still let that client approve/deny a pending exec approval by sending the /appro...

7.2CVSS5.7AI score0.00281EPSS
Exploits0References5
Rows per page
Query Builder