Lucene search
K

252660 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS6.1AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31949

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-4191

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

7.5CVSS6.5AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-4190

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.2 views

CVE-2026-22177

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODEOPTIONS or LD through configuration to execute arbitrary code in the OpenClaw gateway service...

8.8CVSS6.2AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.5 views

CVE-2026-25769

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

9.1CVSS6.2AI score0.09246EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

9.8CVSS6.1AI score0.02213EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

8.2CVSS5.9AI score0.00152EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32247

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...

8.1CVSS5.8AI score0.00344EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32014

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

8.6CVSS5.8AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

8.8CVSS7.1AI score0.023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.3 views

CVE-2026-22179

OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...

7.5CVSS6.2AI score0.0063EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.10 views

CVE-2026-26832

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...

9.8CVSS5.9AI score0.01706EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.9 views

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

9.8CVSS5.8AI score0.02493EPSS
Exploits4References1
OSV
OSV
added 2026/03/26 2:15 p.m.4 views

MAL-2026-2236 Malicious code in onboarding-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44d4a1844921cebc245e39614ba7b999c3890d048ad81429d89d9daf45038ecd The package onboarding-server was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/26 12:5 p.m.5 views

MAL-2026-2235 Malicious code in srcsrctest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a44b46855732b5a5522c0a1ea3ef88d5977daad1bfa5c39b42e0324e52fcf6f8 The package srcsrctest was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 11:24 a.m.5 views

Malicious code in security-install-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae1479aa9ec70d315ba69eec145d02655fe633a7f253ba7b0b3d082895b1ca35 The package security-install-analytics was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/26 11:24 a.m.4 views

MAL-2026-2234 Malicious code in security-install-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae1479aa9ec70d315ba69eec145d02655fe633a7f253ba7b0b3d082895b1ca35 The package security-install-analytics was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/03/26 8:11 a.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the fs.realpathSync.native function. An attacker running malicious code within a restricted Node.js environment where --allow-fs-read is intentionally limited can exploit this missing check to verify file...

4.8CVSS6.3AI score0.00158EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 1:16 a.m.3 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS0.00398EPSS
Exploits1References2
Rows per page
Query Builder