Lucene search
K

126717 matches found

Packet Storm
Packet Storm
added 2026/03/31 12:0 a.m.165 views

📄 Langflow 1.8.1 Remote Code Execution

This Python script is a multi-threaded tool targeting a suspected vulnerability in Langflow versions 1.8.1 and below that allows unauthenticated remote code execution through unsafe execution of CustomComponent code during flow compilation...

9.8CVSS6.5AI score0.98412EPSS
Exploits16
SUSE CVE
SUSE CVE
added 2026/03/30 11:27 p.m.4 views

SUSE CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References6
Anthropic
Anthropic
added 2026/03/30 11:19 p.m.44 views

ANT-2026-6DSMTXZ8 · mastodon · SSRF

ssrf high GHSA-crr4-7rm4-8gpw Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-6DSMTXZ8: SSRF Bypass via IPv6 Unspecified...

5.9AI score
Exploits0
Anthropic
Anthropic
added 2026/03/30 11:19 p.m.18 views

ANT-2026-P2DWB2SK · mastodon · Signature-bypass

signature-bypass high GHSA-chgx-jx3p-rf73 Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-P2DWB2SK: LD-Signature bypass via...

9.8CVSS7.3AI score0.01414EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 11:1 p.m.3 views

Security Bulletin: Incorrect administrative access control in IBM DataPower Gateway

Summary This issue allowed valid administrative users to see services within domains to which they should have had no access. Vulnerability Details CVEID:CVE-2025-36373 DESCRIPTION: IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user...

6.8CVSS5.8AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 8:4 p.m.14 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.2 Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable...

7.8CVSS6.7AI score0.87218EPSS
Exploits13Affected Software1
OSV
OSV
added 2026/03/30 7:15 p.m.4 views

GHSA-955R-262C-33JC Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2

Summary On March 27, 2026, a threat actor used compromised PyPI credentials to publish malicious versions 4.87.1 and 4.87.2 of the telnyx Python package directly to PyPI. These versions contain credential-stealing malware and were not published through the legitimate GitHub release pipeline...

9.4CVSS5.9AI score0.60368EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2026/03/30 7:15 p.m.10 views

Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2

Summary On March 27, 2026, a threat actor used compromised PyPI credentials to publish malicious versions 4.87.1 and 4.87.2 of the telnyx Python package directly to PyPI. These versions contain credential-stealing malware and were not published through the legitimate GitHub release pipeline...

5.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/30 6:32 p.m.4 views

GHSA-W6M8-CQVJ-PG5V OpenClaw has incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS (Slow-Body / Slowloris Variant)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS Slow-Body / Slowloris Variant Description: Summary The patch for CVE-2026-32011 tightened pre-auth body parsing limits from 1MB/30s to...

6.9CVSS6AI score0.00327EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/30 6:32 p.m.15 views

OpenClaw has incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS (Slow-Body / Slowloris Variant)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS Slow-Body / Slowloris Variant Description: Summary The patch for CVE-2026-32011 tightened pre-auth body parsing limits from 1MB/30s to...

8.7CVSS6AI score0.00418EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:31 p.m.10 views

OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Sandbox Media Root Bypass via Unnormalized mediaUrl / fileUrl Parameter Keys CWE-22 Description: Summary A path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary...

7.7CVSS5.9AI score0.00382EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/30 6:31 p.m.3 views

GHSA-HR5V-J9H9-XJHG OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Sandbox Media Root Bypass via Unnormalized mediaUrl / fileUrl Parameter Keys CWE-22 Description: Summary A path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary...

7.7CVSS6AI score0.00382EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/30 6:30 p.m.13 views

OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in !stop Chat Command via shell-utils.ts Description: Summary The !stop and /bash stop chat command kills background bash processes using SIGKILL directly,...

6.9CVSS5.9AI score0.00292EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/30 6:30 p.m.5 views

GHSA-3298-56P6-RPW2 OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in !stop Chat Command via shell-utils.ts Description: Summary The !stop and /bash stop chat command kills background bash processes using SIGKILL directly,...

6.1CVSS5.9AI score0.00146EPSS
Exploits1References3
OSV
OSV
added 2026/03/30 6:3 p.m.7 views

GHSA-Q6JJ-R49P-94FH AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

Summary The getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal web playback flow enforces password checks via the CustomizeUser::getModeYouTu...

5.3CVSS6AI score0.00376EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/30 6:3 p.m.15 views

AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

Summary The getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal web playback flow enforces password checks via the CustomizeUser::getModeYouTu...

5.3CVSS6AI score0.00376EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:21 p.m.6 views

Security Bulletin: IBM DataPower Gateway vulnerable to CSRF

Summary IBM DataPower Gateway is affected by a cross-site request forgery vulnerability Vulnerability Details CVEID:CVE-2025-36375 DESCRIPTION: IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted...

8.8CVSS5.9AI score0.00167EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:20 p.m.6 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to body-parser

Summary The affected package is used in the UI Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands o...

6.9CVSS5.9AI score0.00342EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:17 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873

Summary IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS...

7.5CVSS6.1AI score0.00492EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:8 p.m.6 views

Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively

Summary Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web...

8.2CVSS5.8AI score0.00556EPSS
Exploits1Affected Software1
Rows per page
Query Builder