Lucene search
K

2347 matches found

EUVD
EUVD
added 20 hours ago5 views

EUVD-2026-43569

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS6.2AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-62191

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-62191

OpenClaw has an authorization bypass in the message mutation handling affecting versions 2026.6.6 up to, but not including, 2026.6.9. The flaw allows lower-trust callers to execute privileged operations when the affected feature is enabled and reachable, by exploiting misconfigured input paths to...

7.1CVSS6.2AI score
Exploits0References2Affected Software1
NVD
NVD
added 5 days ago9 views

CVE-2026-59721

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS0.00518EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56897

Name of the Vulnerable Software and Affected Versions Hoppscotch versions prior to 2026.6.0 Description The updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER SMTP URL value. Additionally, the validateSMTPUrl function in utils.ts permits path,...

7.2CVSS6.3AI score0.00518EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59723

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS6.1AI score0.00145EPSS
Exploits0References5Affected Software1
CVE
CVE
added 6 days ago7 views

CVE-2026-59876

CVE-2026-59876 affects protobufjs (Text Format extension) where, from 8.2.0 through 8.6.5, string-keyed map entries were parsed via ordinary property assignment, allowing a map entry with key proto to mutate the prototype of the returned map instead of creating an own entry in protobufjs/ext/text...

4.8CVSS6AI score0.00221EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 6:26 a.m.5 views

OESA-2026-2818 gnome-tour security update

A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution. Security Fixes: slab is a pre-allocated storage for a uniform da...

5.1CVSS5.9AI score0.00167EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/02 6:45 p.m.13 views

Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Summary EntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model. The subsequent author mutation path accepts attacker-supplied authors / author parameters and allows the change when the current user is one of the o...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/01 11:31 p.m.37 views

CVE-2026-50279 Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:31 p.m.15 views

CVE-2026-50279

Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...

7.6CVSS5.7AI score0.00245EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 9:17 p.m.8 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 8:35 p.m.36 views

CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 8:35 p.m.20 views

CVE-2026-58263

CVE-2026-58263 affects Jodit Editor prior to 4.12.28. The built‑in clean-html sanitizer can be bypassed via a MathML/ carrier, allowing a no‑interaction event handler (e.g., onload) to survive in the editor value. When attacker‑supplied HTML is rendered (element.innerHTML = editor.value), the han...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 12:16 a.m.5 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54911

Name of the Vulnerable Software and Affected Versions Jodit Editor versions prior to 4.12.28 Description The built-in clean-html sanitizer can be bypassed using a MathML/ carrier. This technique hides dangerous elements from the sanitizer's element walk, allowing no-interaction event handlers to...

7.2CVSS5.9AI score0.00179EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 11:24 p.m.28 views

CVE-2026-54898

CVE-2026-54898 (Oj gem) affects the Ruby JSON parser Oj in versions before 3.17.2. The vulnerability occurs when a SAJ/SAJ2 callback mutates the input string during parsing, causing the C engine’s raw pointer into Ruby’s string buffer to become dangling and resulting in a heap use-after-free on t...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:24 p.m.36 views

CVE-2026-54898 Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 7:11 p.m.3 views

GHSA-JFC7-64V2-MR8C @sigstore/core has DSSE payloadType type-binding failure

Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5374 Kyverno Controller Denial of Service via forEach Mutation Panic in github.com/kyverno/kyverno

Kyverno Controller Denial of Service via forEach Mutation Panic in github.com/kyverno/kyverno...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References4
Rows per page
Query Builder