Lucene search
+L

537 matches found

Cvelist
Cvelist
added 18 hours ago10 views

CVE-2026-62201 OpenClaw < 2026.6.6 Network Policy Bypass via exec-server

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS
Exploits0References2
CVE
CVE
added 3 days ago38 views

CVE-2026-59835

Technical details about CVE-2026-59835 are not publicly available in the provided documents. Monitor for updates from Fortinet/NVD/CVE listings for affected products, vulnerable components, and fixes.

8.6CVSS6.1AI score0.00421EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:17 a.m.16 views

Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

...

4.3CVSS7.1AI score0.01109EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 7:30 a.m.16 views

Malicious code in npm-sandbox-research-c5d6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7dd3f64f94b15f73c62c5733a5910802ff22adc514e0eb08e153817fcd4158b The package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The shipped beacon scripts...

5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 11:14 p.m.13 views

CVE-2026-44490

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as prototype pollution, allows an upstream dependency to modify the fundamental behavior of JavaScript objects. When this occurs, Axios can unknowingly incorporate these altered values, leading to two potential...

8.2CVSS5.1AI score0.00287EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/09 5:5 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:5 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:5 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:5 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45231

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

6.1CVSS5.6AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 1:59 p.m.13 views

USN-8385-1 robocode vulnerabilities

It was discovered that Robocode could be tricked into making network requests to attacker-controlled systems. An attacker could possibly use this issue to cause external service interaction, resulting in information disclosure. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

10CVSS6AI score0.02226EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Medplum 代码问题漏洞

Medplum is an open-source platform for rapid development of medical applications. Versions of Medplum prior to 5.1.14 contained code-related vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability present in subscription workers, which could allow...

8.5CVSS5.7AI score0.00229EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/29 4:4 p.m.9 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the config.proxy property in the HTTP adapter, which accesses properties via the prototype chain. An attacker can intercept an...

8.9CVSS6.1AI score0.01041EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/28 7:40 p.m.16 views

EUVD-2026-33012

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

4.1CVSS5.8AI score0.00141EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : .NET vulnerability (USN-8298-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8298-1 advisory. Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exi...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/25 8:10 a.m.14 views

USN-8298-1: .NET vulnerability

Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service...

7.5CVSS5.8AI score0.0243EPSS
Exploits0
OSV
OSV
added 2026/05/25 8:10 a.m.15 views

USN-8298-1 dotnet8, dotnet9, dotnet10 vulnerability

Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in TeXeVe-Bin

LuaTeX prior to version 1.17.0 allows a document compiled with default settings to make arbitrary network requests. This occurs because full access to the socket library is allowed by default, as stated in the documentation. This also applies to TeX Live prior to version 2023 r66984 and MiKTeX...

5.5CVSS6.9AI score0.0037EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:32 a.m.16 views

Malicious code in vestibulect (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da0f0bb40f42e69defbea694db093f2ad880c8c094508f61e2d7fe58550e2e package.json declares a postinstall hook "postinstall": "node install.js" which executes install.js automatically on npm install. install.js imports ...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 2:7 a.m.9 views

MAL-2026-4517 Malicious code in chalk-tempalte (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e82f6fa2867575be5e57fd3b03dada6a93761c97b240f77f98f4b221bde7a7 Package name chalk-tempalte is a single-character transposition of the popular chalk-template package a top-tier npm utility, consistent with...

5.9AI score
Exploits0References7
Rows per page
Query Builder