Lucene search
K

3638 matches found

EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43185

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

4.8CVSS6.1AI score0.00105EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 lacks a check for the allowed memory allocation limit in matrix-backed operations (e.g., -canny). A crafted image can cause ImageMagick to allocate more memory than policy permits, resulting in a denial of service. Affected components: ImageMagick's memor...

4.8CVSS6.1AI score0.00105EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42764

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References8
NVD
NVD
added 3 days ago4 views

CVE-2026-15311

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...

5.1CVSS0.00203EPSS
Exploits0References7
CVE
CVE
added 4 days ago10 views

CVE-2026-15311

The CVE-2026-15311 entry concerns NousResearch hermes-agent (Matrix Adapter). The vulnerability specifically affects MatrixAdapter._markdown_to_html in gateway/platforms/matrix.py, enabling cross-site scripting. It can be exploited remotely and publicly available exploit code exists. The related ...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-15311 NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...

5.1CVSS0.00203EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 5:13 p.m.5 views

GHSA-7HXM-F538-3XP6 OpenClaw: Matrix allowFrom could bind to mutable display names

Summary Matrix allowFrom could bind to mutable display names. In affected versions, a Matrix account able to change display name metadata could match a policy entry through mutable display metadata. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 5:13 p.m.11 views

EUVD-2026-36317

OpenClaw: Matrix allowFrom could bind to mutable display names...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS6AI score0.00444EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-57963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This...

6.5CVSS6.1AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 2:17 a.m.4 views

UBUNTU-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 2:17 a.m.3 views

DEBIAN-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 12:58 a.m.8 views

EUVD-2026-40862

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54448

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description An attacker can inject arbitrary styled content, phishing links, and CSS to manipulate the chat UI by sending HTML chat messages via Matrix or XMPP...

6.5CVSS6AI score0.00181EPSS
Exploits0References11
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/28 12:0 a.m.7 views

Security update for openbabel (moderate)

openSUSE Security Update: Security update for openbabel Announcement ID: openSUSE-SU-2026:0220-1 Rating: moderate References: 1258501 Cross-References: CVE-2026-2704 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...

8.1CVSS5.8AI score0.00759EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 9:16 p.m.13 views

CVE-2026-53811

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

8.8CVSS0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:7 p.m.32 views

CVE-2026-53811 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

8.8CVSS0.00309EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:7 p.m.27 views

CVE-2026-53811

OpenClaw is affected up to version 2026.5.7. The vulnerability is a privilege escalation in the Matrix allowFrom feature caused by mutable display name metadata, allowing authenticated accounts to match policy entries and receive agent access intended for another Matrix identity. Depending on ope...

8.8CVSS5.5AI score0.00309EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 8:7 p.m.9 views

CVE-2026-53811 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

8.8CVSS5.2AI score0.00309EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48741

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description A privilege escalation issue exists in the Matrix allowFrom feature. Authenticated accounts can match policy entries by manipulating mutable display name metadata. This allows attackers who can...

8.8CVSS5.3AI score0.00309EPSS
Exploits0References8
Rows per page
Query Builder