Lucene search
K

7109 matches found

Cvelist
Cvelist
added 2026/06/15 8:17 p.m.25 views

CVE-2026-39489 WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

4.4CVSS0.00337EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.10 views

CVE-2026-39489

The CVE-2026-39489 entry details a vulnerability in WordPress Download Monitor plugin versions

4.4CVSS5.2AI score0.00337EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:9 p.m.7 views

Malicious code in vaults-monitor-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49383

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

4.4CVSS5.2AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36612

OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially...

6.5CVSS5.3AI score0.00181EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.16 views

CVE-2026-53824

OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially...

6.5CVSS0.00181EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.11 views

CVE-2026-48119

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.28 views

CVE-2026-53824 Mattermost plugin for OpenClaw < 2026.4.24 - Slash Token Revocation Lag via Monitor Refresh Delay

OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially...

6.5CVSS0.00181EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53824 Mattermost plugin for OpenClaw < 2026.4.24 - Slash Token Revocation Lag via Monitor Refresh Delay

OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially...

6.5CVSS5.3AI score0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.26 views

CVE-2026-53824

Mattermost/OpenClaw before 2026.4.24 contains a token revocation lag vulnerability where revoked slash tokens can still execute commands briefly during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior after revocation, potentially enabling una...

6.5CVSS5.3AI score0.00181EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.26 views

CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:3 p.m.47 views

CVE-2026-48119

CVE-2026-48119 (Nezha Monitoring) involves authenticated agents forging service-monitor results for other users’ services in versions 0.20.0 through pre-2.0.12. The vulnerability arises from the service-monitor worker not verifying that the reporter server and service ownership align with the rep...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:44 a.m.3 views

SUSE-SU-2026:22133-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Update to version 20260430.00: Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604 bsc1260264, CVE-2026-33186 Backport oslogin changes for sles16 to...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References18
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.7 views

CVE-2026-42981

Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0064EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.8 views

CVE-2026-42974

Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0064EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/10 5:24 p.m.16 views

OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth

Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...

5.6AI score0.00017EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-41031

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48539

Name of the Vulnerable Software and Affected Versions opentelemetry-operator affected versions not specified Description The TargetAllocator in the OpenTelemetry Operator processes ServiceMonitor resources and converts endpoints into Prometheus scrape configurations. A tenant with permissions to...

7.7CVSS6AI score0.00017EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-42981

Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...

8.1CVSS0.0064EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.8 views

CVE-2026-42974

Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...

8.1CVSS0.0064EPSS
Exploits0References1
Rows per page
Query Builder