Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

102 matches found

EUVD
EUVDadded 2026/06/09 3:15 a.m.9 views

EUVD-2026-35297

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS4.6AI score0.00124EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/05/27 8:13 p.m.41 views

CVE-2026-44713 pam_usb: Command injection via $TMUX environment variable leads to RCE as root

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

8.8CVSS0.00158EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 10:16 p.m.12 views

CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

7.5CVSS0.00279EPSS
Exploits0References2
CVE
CVEadded 2026/05/12 8:52 p.m.22 views

CVE-2026-44296

Deskflow TLS multiplexer DoS (CVE-2026-44296): prior to 1.26.0.167, remote unauthenticated connections that fail TLS ClientHello cause SecureSocket::secureAccept to sleep for 1s on the multiplexer thread, stalling input delivery to all connected screens. A sustained stream of malformed handshakes...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/06 10:59 p.m.6 views

CVE-2026-43244

A flaw was found in the Linux kernel's Kernel Connection Multiplexer KCM module. A local user could trigger an issue where, during partial sendmsg operations, an empty network buffer skb is incorrectly left in the fraglist. A subsequent zero-length write operation can then cause a kernel warning,...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2026/05/06 11:27 a.m.4 views

CVE-2026-43155

In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and ...

5.5CVSS5.7AI score0.00126EPSS
Exploits0
CNNVD
CNNVDadded 2026/05/04 12:0 a.m.7 views

tsMuxer 安全漏洞

tsMuxer is a transport stream multiplexer developed by Dan’s individual developer, used for re-mixing/reusing basic streams. Versions of tsMuxer 2.7.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the function HevcVpsUnit::setFPS in the...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:3 p.m.4 views

CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

8.7CVSS5.8AI score0.00451EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/26 2:57 p.m.2 views

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6AI score0.00333EPSS
Exploits0References1
NVD
NVDadded 2026/03/18 2:16 a.m.2 views

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS0.00333EPSS
Exploits0References3
OSV
OSVadded 2026/03/18 2:16 a.m.1 views

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6.2AI score
Exploits0References3
EUVD
EUVDadded 2026/03/18 1:34 a.m.2 views

EUVD-2026-12718

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6AI score0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/18 1:34 a.m.2 views

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6AI score0.00333EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/18 1:34 a.m.2 views

CVE-2026-22175 OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS6AI score0.00333EPSS
Exploits0References3
CVE
CVEadded 2026/03/18 1:34 a.m.9 views

CVE-2026-22175

OpenClaw prior to 2026.2.23 is affected by an exec approval bypass in allowlist mode. Unrecognized multiplexer wrappers (e.g., busybox/toybox sh -c) can bypass allow-always restrictions, enabling invocation of arbitrary payloads under the same wrapper and bypassing execution restrictions. Affecte...

7.1CVSS6AI score0.00333EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/03/18 1:34 a.m.30 views

CVE-2026-22175 OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

7.1CVSS0.00333EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/03/17 12:0 a.m.4 views

Softing smartLink SW-HT 安全漏洞

The Softing smartLink SW-HT is a HART multiplexer from Softing Corporation, allowing for easy and quick access to HART field devices without the need for additional hardware. Version 1.43 of the Softing smartLink SW-HT contains a security vulnerability caused by a null pointer dereferencing, whic...

6.8CVSS5.8AI score0.00315EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/03/16 2:19 p.m.2 views

CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

8.7CVSS5.9AI score0.00451EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/03/13 7:19 p.m.4 views

CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

8.7CVSS5.4AI score0.00462EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2026/03/13 12:0 a.m.2 views

PT-2026-25360

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

8.7CVSS5.8AI score0.00462EPSS
Exploits1References2
Rows per page
Query Builder