Lucene search
K

61691 matches found

Circl
Circl
added 2026/03/05 10:23 p.m.4 views

CVE-2026-21622

creationtimestamp| type| source ---|---|--- 2026-03-05 22:23:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdtlp7eur2y...

9.8CVSS5.9AI score0.0039EPSS
Exploits0References1
Circl
Circl
added 2026/03/05 10:6 p.m.6 views

CVE-2026-0848

creationtimestamp| type| source ---|---|--- 2026-03-05 22:06:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdsn3da7y2o 2026-03-06 22:56:29+00:00| seen| https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mggfvehltd2x 2026-03-07 15:00:45+00:00| seen|...

10CVSS8.3AI score0.00777EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2026/03/05 10:0 p.m.3 views

CVE-2026-29609 OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-backed Media Fetch

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the fetchWithGuard function that allocates entire response payloads in memory before enforcing maxBytes limits. Remote attackers can trigger memory exhaustion by serving oversized responses without content-length...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

6.5CVSS5.9AI score0.00397EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28467

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

6.9CVSS6AI score0.00397EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.25 views

CVE-2026-28394 OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in web_fetch Tool

OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the webfetch tool that allows attackers to crash the Gateway process through memory exhaustion by parsing oversized or deeply nested HTML responses. Remote attackers can social-engineer users into fetching malicious...

6.9CVSS0.00388EPSS
Exploits0References3
Circl
Circl
added 2026/03/05 9:57 p.m.3 views

CVE-2025-70995

creationtimestamp| type| source ---|---|--- 2026-03-05 21:57:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgds4zs62d2d 2026-03-07 16:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgi74s5cun2k...

8.8CVSS5.8AI score0.00612EPSS
Exploits0References2
Circl
Circl
added 2026/03/05 9:31 p.m.10 views

CVE-2026-30820

creationtimestamp| type| source ---|---|--- 2026-03-05 21:31:03+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wvhq-wp8g-c7vq 2026-03-07 08:59:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mghhm2edzr2z...

8.8CVSS5.7AI score0.00477EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/05 9:30 p.m.3 views

EUVD-2025-208324

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...

5.9AI score0.00633EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 9:30 p.m.5 views

EUVD-2025-208317

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS...

6.1AI score0.00784EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/05 9:30 p.m.13 views

EUVD-2025-208318

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

6AI score0.00664EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/05 9:30 p.m.6 views

EUVD-2025-208316

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule...

6.1AI score0.00633EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/05 9:30 p.m.4 views

EUVD-2025-208319

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter...

6.1AI score0.00633EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/05 9:30 p.m.5 views

EUVD-2025-208320

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...

6.1AI score0.00633EPSS
Exploits1References4
NVD
NVD
added 2026/03/05 9:16 p.m.4 views

CVE-2026-28436

Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be triggered for other users via website page comments. This issue has been patched in versions 16.11.0 an...

7.2CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 9:16 p.m.21 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS0.00322EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/05 9:13 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...

8.7CVSS5.8AI score0.00306EPSS
Exploits1References2
CVE
CVE
added 2026/03/05 9:6 p.m.29 views

CVE-2026-28492

File Browser CVE-2026-28492 affects the File Browser file-management interface. Before v2.61.0, the withHashFile middleware uses filepath.Dir(link.Path) to determine BasePathFs, causing the filesystem root to be set to the parent directory of a public share rather than the share itself. This allo...

7.1CVSS5.8AI score0.00322EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:6 p.m.5 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/05 8:16 p.m.2 views

DEBIAN-CVE-2026-28350

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...

6.1CVSS8.3AI score0.00254EPSS
Exploits1References1
Rows per page
Query Builder