Lucene search
K

85 matches found

CVE
CVE
added 2026/06/16 6:5 p.m.14 views

CVE-2026-53851

CVE-2026-53851 affects OpenClaw prior to version 2026.5.12. A notification bypass allows Slack reaction events to be processed by the agent pipeline even when reaction notifications are disabled. An attacker can trigger unintended agent processing by sending reaction events while the feature is e...

6.3CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49768

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A notification bypass allows Slack reaction events to enter the agent pipeline even when reaction notifications are disabled. This can trigger unintended agent processing for reaction events,...

6.3CVSS5.2AI score0.00191EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:27 p.m.9 views

CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/22 3:27 p.m.12 views

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from a validation notification bypass that circumvented direct message policy checks and resulted in...

6.9CVSS5.8AI score0.00285EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-102.7.0-1.el8.ML.1 (AXSA:2023-4857:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4857:04 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

8.8CVSS8.3AI score0.00892EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/01 2:46 a.m.5 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS7.5AI score0.0041EPSS
Exploits0References10
CVE
CVE
added 2025/11/21 5:55 p.m.11 views

CVE-2025-13132

CVE-2025-13132 affects the "dia" browser (Red Hat/Dia references) where a flaw allows entering fullscreen after a user click without showing the fullscreen notification toast. This could let a malicious site spoof the UI (e.g., fake address bar). Root cause: lack of fullscreen notification. Impac...

7.4CVSS6.3AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.17 views

EUVD-2020-27654

Malware in sbrugna...

4.3CVSS4.9AI score0.00544EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-1927

Malware in sbrugna...

5.5CVSS5.6AI score0.0014EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0299

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.00829EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-39908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before...

7.5CVSS7.4AI score0.0122EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/08 12:0 a.m.10 views

The vulnerability of the HarmonyOS operating system, related to deficiencies in authentication procedures, allows a perpetrator to gain access to the camera without notifying the user.

The vulnerability of the HarmonyOS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the camera without notifying the user...

7.6CVSS5.5AI score0.00127EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:53 a.m.5 views

CVE-2023-22488

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...

6.8CVSS6.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.5 views

CVE-2021-24527

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...

10CVSS7.1AI score0.07696EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2024/01/10 6:30 p.m.20 views

WWBN AVideo recovery notification bypass vulnerability

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to silently create a recovery pass code for any user...

5.3CVSS7.3AI score0.00829EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/01/10 4:15 p.m.3 views

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

5.3CVSS5.8AI score0.00829EPSS
Exploits1References2
NVD
NVD
added 2024/01/10 4:15 p.m.22 views

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

5.3CVSS5.3AI score0.00829EPSS
Exploits1References2
Prion
Prion
added 2024/01/10 4:15 p.m.18 views

Design/Logic Flaw

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

5CVSS7.3AI score0.00829EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/01/10 3:48 p.m.36 views

CVE-2023-50172

Summary: CVE-2023-50172 affects WWBN AVideo (dev master, commit 15fed957fb). The vulnerability lies in userRecoverPass.php captcha validation, where the recoverPass value is set even if the captcha check fails, enabling a malicious actor to silently create a recovery pass code for any user. An at...

5.3CVSS5.6AI score0.00829EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder