Lucene search
K

59 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xemigrate: Casting to output precision before multiplying operands This issue addresses potential overflows that can occur when multiplying two operands with lower precision u32, before widening them to a higher precision...

5.5CVSS5.5AI score0.0018EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/27 4:59 p.m.11 views

CVE-2026-46101

A flaw was found in the Linux kernel's Netfilter subsystem. Specifically, the nftbitwise expression incorrectly handles zero shift operands during initialization. This can lead to undefined behavior within the kernel, potentially causing system instability. An attacker could exploit this by...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:59 p.m.9 views

CVE-2026-46101

In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...

5.8AI score0.00123EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from nftbitwise not rejecting zero-shifted operand operations, potentially leading to undefined behavi...

5.8AI score0.00123EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/11 7:40 p.m.11 views

SandboxJS has a sandbox escape via Function.caller leakage of internal call op

Summary Sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function...

10CVSS6.1AI score0.00472EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/11 7:40 p.m.4 views

GHSA-G8F2-4F4F-5JQW SandboxJS has a sandbox escape via Function.caller leakage of internal call op

Summary Sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function...

10CVSS6.1AI score0.00472EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities; these vulnerabilities stem from unbounded recursion in jvobjectmergerecursive. This recursion allows malicious programs to cause program crashes with...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:34 p.m.10 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution (CVE-2026-33937, CVE-2026-33938, CVE-2026-33940, CVE-2026-33941) and denial of service (CVE-2026-33939)

Summary Node.js module handlebars is used by all IBM App Connect Enterprise Certified Container operands. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution CVE-2026-33937, CVE-2026-33938, CVE-2026-33940, CVE-2026-33941 and denial of service...

9.8CVSS6.5AI score0.01739EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 9:43 a.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2026-25679)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module url.Parse...

7.5CVSS5.8AI score0.00728EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:3 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of integrity, arbitrary code execution, denial of service and SSRF

Summary IBM App Connect Enterprise Certified Container Designer operands that use mapping assistance and Dashboard operands that use the App Connect Enterprise Agent are vulnerable to loss of integrity CVE-2026-28684, arbitrary code execution CVE-2026-28277, denial of service CVE-2026-40347 and...

7.2CVSS6.3AI score0.05219EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2026/04/10 12:0 a.m.5 views

OpenClaw Approval Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an approval bypass vulnerability that stems from variable script operands in system.run not being bound between the approval and execution phases, which can be exploited by an attacker to cause an...

6.3CVSS5.6AI score0.002EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:17 p.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service (CVE-2026-30922)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Python module pyasn1 CVE-2026-30922 Vulnerability Details...

7.5CVSS6.6AI score0.0058EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 12:31 p.m.4 views

Duplicate Advisory: OpenClaw's system.run approvals did not bind mutable script operands across approval and execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8g75-q649-6pv6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are no...

6.3CVSS6AI score0.002EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/31 12:31 p.m.4 views

GHSA-WWRJ-437C-PPQ4 Duplicate Advisory: OpenClaw's system.run approvals did not bind mutable script operands across approval and execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8g75-q649-6pv6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are no...

6.3CVSS6AI score0.002EPSS
Exploits0References5
NVD
NVD
added 2026/03/31 12:16 p.m.2 views

CVE-2026-32921

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content...

6.3CVSS0.002EPSS
Exploits0References4
CVE
CVE
added 2026/03/31 11:17 a.m.10 views

CVE-2026-32921

OpenClaw CVE-2026-32921 affects OpenClaw prior to version 2026.3.8. The vulnerability is an approval bypass in system.run where mutable script operands are not bound across the approval and execution phases. An attacker who gains approval for script execution can modify the approved script file b...

6.3CVSS6.2AI score0.002EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 11:17 a.m.20 views

CVE-2026-32921 OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content...

6.3CVSS0.002EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.0 views

CVE-2026-32921 OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content...

6.3CVSS6.2AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.2 views

PT-2026-29229

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content...

6.3CVSS6.2AI score0.002EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an approval bypass vulnerability that stems from variable script operands in system.run not being bound between the approval and execution phases, which can be exploited by an attacker to cause an...

6.3CVSS5.9AI score0.002EPSS
Exploits0References4
Rows per page
Query Builder