Lucene search
K

40 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-48828 Apache Airflow: Bulk JSON Variables bypass should_hide_value_for_key - redact() called without the key

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

0.00438EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 9:4 a.m.3 views

SUSE-SU-2026:2693-1 Security update for podman

This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. - CVE-2026-39829,CVE-2026-39830,CVE-2026-42508,CVE-2026-46598:...

9.1CVSS6.7AI score0.00651EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/28 3:55 a.m.12 views

SUSE CVE-2026-45974

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfsquotaenable if ref key not found If btrfssearchslotforread returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References11
NVD
NVD
added 2026/05/27 2:17 p.m.10 views

CVE-2026-45974

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfsquotaenable if ref key not found If btrfssearchslotforread returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the...

5.5CVSS0.00128EPSS
Exploits0References8
OSV
OSV
added 2026/05/27 2:17 p.m.9 views

UBUNTU-CVE-2026-45974

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfsquotaenable if ref key not found If btrfssearchslotforread returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References9
CVE
CVE
added 2026/05/27 12:18 p.m.25 views

CVE-2026-45974

Summary: CVE-2026-45974 affects the Linux kernel btrfs quota handling. A logic error in btrfs_quota_enable() can cause invalid leaf access if the search key is not found, potentially allowing instability or DoS. The root cause is improper handling when btrfs_search_slot_for_read() returns 1 (no k...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/05/27 12:18 p.m.40 views

CVE-2026-45974 btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfsquotaenable if ref key not found If btrfssearchslotforread returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the...

0.00128EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/27 12:18 p.m.8 views

CVE-2026-45974

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfsquotaenable if ref key not found If btrfssearchslotforread returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

dalfox 访问控制错误漏洞

Dalfox is an automated cross-site scripting scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained a access control vulnerability. This vulnerability stemmed from the default binding of the REST API server to 0.0.0.0:6664, without the need for an API key. Additionally, th...

10CVSS5.9AI score0.01051EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/14 2:57 p.m.8 views

Arbitrary Code Injection

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Arbitrary Code Injection via the node-custom-function endpoint when user-supplied JavaScript is executed in a NodeVM sandbox without sufficient route-level authorization. A user can execute commands on the...

9.9CVSS6AI score0.0082EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/09 5:34 p.m.16 views

Malicious code in ggfmttygl-new (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2098233a75602dd1779f720f566420f4a88ec77694b206e7858323b5aeea38d5 Package is disguised as a utility, but in fact loads encrypted code as modules. However, loading it requires knowing the decryption key which is not included i...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/09 5:29 p.m.11 views

Malicious code in ggfmttygl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e741cc1df48cc526ad3a27ac702f5dea403723557b4a485f84847340310d66e5 Package is disguised as a utility, but in fact loads encrypted code as modules. However, loading it requires knowing the decryption key which is not included i...

5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.5 views

CVE-2026-44109

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...

9.8CVSS6.1AI score0.00718EPSS
Exploits1References4
OSV
OSV
added 2026/04/21 9:24 a.m.9 views

SUSE-SU-2026:1520-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References18
OSV
OSV
added 2026/04/17 10:32 p.m.1 views

GHSA-XH72-V6V9-MWHC OpenClaw: Feishu webhook and card-action validation now fail closed

Summary Feishu webhook mode accepted missing encryptKey configuration as valid and blank card-action callback tokens as usable lifecycle tokens. Together, those fail-open paths could allow unauthenticated webhook or card-action traffic to reach command dispatch in affected deployments. Impact A...

9.8CVSS5.7AI score0.00718EPSS
Exploits1References6
CNVD
CNVD
added 2026/03/02 12:0 a.m.2 views

OpenClaw Access Control Error Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from an Access Control Error vulnerability that stems from the @openclaw/voice-call plugin Telnyx webhook handler accepting unsigned inbound webhook requests when telnyx.publicKey is not configured, which can b...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.4 views

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

9.8CVSS6AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.4 views

CVE-2026-26319

OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...

7.5CVSS5.7AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 11:16 p.m.9 views

CVE-2026-26319

OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...

7.5CVSS0.00284EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/19 10:5 p.m.23 views

CVE-2026-26319 OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests

OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...

7.5CVSS0.00284EPSS
Exploits0References4
Rows per page
Query Builder