Lucene search
+L

174 matches found

OSV
OSV
added 2 days ago2 views

CVE-2026-62228 OpenClaw < 2026.6.5 Authorization Bypass via Node Exec Approvals

OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can exploit mismatched environment configurations to...

7.7CVSS5.6AI score0.00261EPSS
Exploits0References5
CVE
CVE
added 2 days ago13 views

CVE-2026-62228

CVE-2026-62228 affects OpenClaw prior to 2026.6.5, describing an authorization bypass in node exec approvals. The vulnerability arises from mismatched gateway and node environments, enabling lower-trust callers to persist or execute actions beyond their approved permissions due to environment con...

8.8CVSS6.2AI score0.00261EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/09 11:40 a.m.5 views

LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents

A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...

7.8CVSS7AI score0.00078EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-6329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. Th...

6.5CVSS6.1AI score0.0016EPSS
Exploits0References3
OSV
OSV
added 2026/06/28 6:1 a.m.7 views

MAL-2026-6557 Malicious code in pkg-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f4ccaa9f059318782cd3b811f5bd6ea926e267e4b05dc4971d6acc6687d5d4f setup.py performs an unconditional urllib.request.urlopen at install time to a hardcoded plaintext bare-IP endpoint...

6.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 12:18 p.m.3 views

curl: curl: Insecure connection establishment due to TLS configuration mismatch

A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...

8.1CVSS6AI score0.0052EPSS
Exploits1References7
OSV
OSV
added 2026/06/22 3:10 p.m.3 views

SUSE-SU-2026:22344-1 Security update for cosign

This update for cosign fixes the following issues Security issue: - CVE-2026-39395: Incorrect attestation verification due to malformed payloads or mismatched predicate types bsc1261859. Non security issue: - Update to version 3.0.5 jscSLE-23879...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2026/06/21 2:16 p.m.19 views

CVE-2026-56229

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.5 views

CVE-2026-56229

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/21 1:26 p.m.10 views

EUVD-2026-38164

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51218

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the '/build/status' and '/build/logs' endpoints. Attackers can access build jobs belonging to different applications by providing a mismatched app id and job id...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References7
CVE
CVE
added 2026/06/01 10:5 p.m.40 views

CVE-2025-59610

CVE-2025-59610 represents a memory corruption vulnerability that occurs when processing IOCTL requests with mismatched API versions, caused by concurrent modification of a user-space buffer. The CVSS 3.1 vector (L/H/C/I/A) indicates a Local, High complexity, High privileges required, no user inte...

6.4CVSS5.8AI score0.00056EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/01 1:3 p.m.47 views

USN-8352-1 libreoffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS6.1AI score0.00078EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 1:12 a.m.12 views

CVE-2026-45923

A flaw was found in the Linux kernel's net: usb: catc driver. A malformed Universal Serial Bus USB device can present endpoint descriptors with transfer types that differ from what the driver expects. This can lead to the driver attempting to use incorrect endpoint types, potentially causing...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the catcprobe function in the net/usb/catc driver. This function uses hardcoded endpoint pipelines to...

5.8AI score0.0016EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 8:43 a.m.15 views

MAL-2026-4794 Malicious code in indextts-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc206ef48bfccaec8e81aac2b666e2d54a4a027e8432cc1d08d3823cf333caca setup.py executes git clone --depth 1 --branch dev-3.12 https://github.com/gabry-lab/index-tts during the buildpy / egginfo / sdist / bdistwheel...

5.9AI score
Exploits0References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from the fact that the number of samples declared in the saiz frame exceeds the...

8.1CVSS6AI score0.00302EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 9:52 p.m.14 views

Malicious code in aurafarmer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 967bdc07ba43b92a320ad0ef81975a5547d24b987eda5b8cdf863fc7c18245e0 The package advertises an aurex CLI. Its login flow aurex/main.py around line 108 prompts the user for email and password and POSTs them as JSON to a...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/19 9:52 p.m.12 views

MAL-2026-4741 Malicious code in aurafarmer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 967bdc07ba43b92a320ad0ef81975a5547d24b987eda5b8cdf863fc7c18245e0 The package advertises an aurex CLI. Its login flow aurex/main.py around line 108 prompts the user for email and password and POSTs them as JSON to a...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 1:47 p.m.6 views

CVE-2026-45557

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

6.9CVSS5.8AI score0.00389EPSS
Exploits0References4
Rows per page
Query Builder