Lucene search
K

40 matches found

Cvelist
Cvelist
added 2026/02/19 10:5 p.m.24 views

CVE-2026-26319 OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests

OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...

7.5CVSS0.00284EPSS
Exploits0References4
CVE
CVE
added 2026/02/19 10:5 p.m.17 views

CVE-2026-26319

OpenClaw contains a vulnerability in the optional @openclaw/voice-call Telnyx webhook handler: when telnyx.publicKey is not configured, verification can fail open, allowing unauthenticated HTTP POSTs to be treated as legitimate Telnyx events. Affected versions are 2026.2.13 and earlier; the issue...

7.5CVSS5.7AI score0.00284EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

OpenClaw 访问控制错误漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from an Access Control Error vulnerability that stems from the @openclaw/voice-call plugin Telnyx webhook handler accepting unsigned inbound webhook requests when telnyx.publicKey is not configured, which can b...

7.5CVSS6AI score0.00284EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003236)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003236 advisory. The asn1berdecoder function in lib/asn1decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service panic via an ASN.1 BER file that lacks ...

4.7CVSS6.3AI score0.00475EPSS
Exploits0References31
OSV
OSV
added 2026/01/14 6:16 p.m.3 views

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

6.8CVSS6.1AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/14 12:0 a.m.7 views

EUVD-2026-2445

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

8.4CVSS7AI score0.00269EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/30 5:9 p.m.7 views

CVE-2025-53627

Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...

5.3CVSS6.8AI score0.00191EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.10 views

CVE-2021-28845

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to applycgi via the lang action without a language key...

7.5CVSS7.2AI score0.00961EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.12 views

PT-2025-4737 · Unknown +1 · Go Crypto/X509 Library +1

Name of the Vulnerable Software and Affected Versions: Go crypto/x509 library affected versions not specified Description: The issue is related to the incorrect handling of syntactically incorrect structures by the ParsePKCS1PrivateKey function in the Go crypto/x509 library. This could allow a...

10CVSS6.5AI score0.02652EPSS
Exploits6References169
Positive Technologies
Positive Technologies
added 2023/11/21 12:0 a.m.5 views

PT-2023-7303 · Owncloud · Owncloud

Name of the Vulnerable Software and Affected Versions: ownCloud versions 10.6.0 through 10.13.0 Description: An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the...

10CVSS8.9AI score0.78428EPSS
Exploits5References47
ATTACKERKB
ATTACKERKB
added 2023/10/22 10:15 p.m.5 views

CVE-2023-46315

The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...

7.5CVSS5.8AI score0.00572EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.4 views

PT-2023-36109 · Drbd · Drbd

Name of the Vulnerable Software and Affected Versions: drbd affected versions not specified Description: The issue concerns a rebuild of the drbd package with a new secure boot key. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

7AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/06/15 10:10 p.m.5 views

cups: authorization bypass when using "local" authorization

An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution...

7.2CVSS7.6AI score0.00579EPSS
Exploits0References6
OSV
OSV
added 2022/05/21 12:15 a.m.3 views

UBUNTU-CVE-2022-29222

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection...

7.5CVSS7.1AI score0.00702EPSS
Exploits0References8
OSV
OSV
added 2021/08/10 8:15 p.m.4 views

CVE-2021-28845

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to applycgi via the lang action without a language key...

7.5CVSS5.9AI score0.00961EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/04/14 5:12 p.m.2 views

Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

6.8CVSS7.3AI score0.01035EPSS
Exploits1References4
OSV
OSV
added 2020/06/29 6:15 p.m.4 views

ALPINE-CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client...

5.9CVSS6.6AI score0.03146EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2020/04/10 12:0 a.m.4 views

Update adds BPA rules for DirectAccess in Windows Server 2012 R2 or Windows Server 2012

Update adds BPA rules for DirectAccess in Windows Server 2012 R2 or Windows Server 2012 Introduction This article describes an update that adds new Best Practices Analyzer BPA rules. The rules are for DirectAccess on the servers that are running Windows Server 2012 R2 or Windows Server 2012. The...

6.2AI score
Exploits0
OSV
OSV
added 2016/11/28 3:59 a.m.1 views

DEBIAN-CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

5.5CVSS6.1AI score0.00504EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2013/06/16 5:55 p.m.6 views

CVE-2013-0148

The Data Camouflage aka FairCom Standard Encryption algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certai...

7.1CVSS5.6AI score0.00691EPSS
Exploits0References2
Rows per page
Query Builder