Lucene search
K

54 matches found

OSV
OSV
โ€ขadded 2026/06/11 8:8 p.m.โ€ข2 views

CVE-2026-53814 OpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes ...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References5
CNNVD
CNNVD
โ€ขadded 2026/06/09 12:0 a.m.โ€ข22 views

DesDev DedeCMS ๅฎ‰ๅ…จๆผๆดž

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.118 of DesDev DedeCMS contains a securit...

9.8CVSS5.5AI score0.00816EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2026/06/09 12:0 a.m.โ€ข25 views

CVE-2026-38615

CVE-2026-38615 affects DedeCMS v5.7.118 with a command execution vulnerability in file_manage_control.php. Public sources confirm the issue but do not provide detailed exploitation steps or concrete remediation in the supplied documents. The CVSSv3.1 metrics indicate a high-severity, network-expl...

9.8CVSS5.5AI score0.00816EPSS
Exploits0References1
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/05 12:0 a.m.โ€ข19 views

PT-2026-47086

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A low-privilege MCP token holder with knowledge of an attachment path can read any file in shared storage, including attachments from other bases and workspaces. This occurs because the MCP...

2.3CVSS5.9AI score0.00209EPSS
Exploits0References10
Snyk
Snyk
โ€ขadded 2026/05/29 5:22 p.m.โ€ข13 views

Incorrect Authorization

Overview openclaw is a ๐Ÿฆž OpenClaw โ€” Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send route. An attacker can perform unauthorized privileged actions by leveraging inherited external routes to bypass required scope checks, enabling...

8.8CVSS5.5AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
โ€ขadded 2026/05/29 12:0 a.m.โ€ข15 views

OpenClaw ๅฎ‰ๅ…จๆผๆดž

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2026/05/20 5:31 a.m.โ€ข16 views

MAL-2026-4649 Malicious code in promptbook-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90 dist/api.js contains a hardcoded URL https://promts.newtechcompany.ru referenced alongside process.env reads and a fetch call at line 44. The package...

5.8AI score
Exploits0References1
OSV
OSV
โ€ขadded 2026/05/19 7:22 p.m.โ€ข9 views

GHSA-FHH6-4QXV-RPQJ 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process โ€” with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

10CVSS6.1AI score0.00147EPSS
Exploits0References2
vulnersOsv
vulnersOsv
โ€ขadded 2026/05/11 9:0 p.m.โ€ข8 views

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/flight-math (=0.5.3)

@squawk/flight-math NPM version =0.5.3 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/flight-math and may be impacted: - @squawk/mcp =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKFLIGHTMATH-16640879...

5.8AI score
Exploits0
NVD
NVD
โ€ขadded 2026/04/07 3:17 p.m.โ€ข7 views

CVE-2026-5382

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS0.00174EPSS
Exploits0References2
Cvelist
Cvelist
โ€ขadded 2026/04/07 2:10 p.m.โ€ข25 views

CVE-2026-5374 runZero Platform MCP information leak

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS0.00208EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
โ€ขadded 2026/03/24 12:0 a.m.โ€ข9 views

(0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the azure-cli-mcp component. The issue results from the lack of proper validation of a...

9.8CVSS6.3AI score
Exploits0
EUVD
EUVD
โ€ขadded 2026/03/16 3:14 p.m.โ€ข4 views

EUVD-2025-208759

FastMCP OAuth Proxy token reuse across MCP servers...

7.4CVSS5.8AI score0.00358EPSS
Exploits1References1
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข11 views

EUVD-2005-4520

Malware in sbrugna...

4.6CVSS6.4AI score0.00437EPSS
Exploits1References5
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข5 views

EUVD-2018-4029

Malware in sbrugna...

7.5CVSS7.6AI score0.0098EPSS
Exploits1References2
Positive Technologies
Positive Technologies
โ€ขadded 2025/10/03 12:0 a.m.โ€ข6 views

PT-2025-40609

Name of the Vulnerable Software and Affected Versions win-cli-mcp-server affected versions not specified Description The software contains a command injection flaw within the resolveCommandPath function. This allows for remote code execution. The issue was discovered by Peter Girnus of Trend...

8.2AI score0.02878EPSS
Exploits0References3
Vulnrichment
Vulnrichment
โ€ขadded 2024/07/18 3:35 p.m.โ€ข31 views

CVE-2024-39911 1Panel SQL injection

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...

10CVSS7.2AI score0.04566EPSS
Exploits2References2
Positive Technologies
Positive Technologies
โ€ขadded 2024/05/28 12:0 a.m.โ€ข8 views

PT-2024-26521 ยท Dedecms ยท Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: The issue is related to an arbitrary file upload vulnerability in the /dede/file manage control.php file. This vulnerability allows attackers to execute arbitrary code by uploading a crafted file...

9.8CVSS7.7AI score0.00729EPSS
Exploits1References3
CNVD
CNVD
โ€ขadded 2023/10/07 12:0 a.m.โ€ข30 views

DedeBIZ Code Execution Vulnerability

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A code execution vulnerability exists in DedeBIZ version v6.2.11, which stems from the $activepath and $filename parameters in /admin/filemanagecontrol.php failing to correctly filter the special...

9.8CVSS7.8AI score0.00997EPSS
Exploits0References1
CNNVD
CNNVD
โ€ขadded 2022/11/23 12:0 a.m.โ€ข4 views

DedeCMS ๅฎ‰ๅ…จๆผๆดž

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...

9.8CVSS8.8AI score0.01609EPSS
Exploits0References2
Rows per page
Query Builder