Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58577 matches found

CNNVD
CNNVDadded 2026/04/23 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from permission escalation vulnerabilities, allowing authenticated operators with write permissions to acces...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.2 views

PT-2026-34709

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.20 Description A scope enforcement bypass exists in the 'assistant-media' route. This allows trusted-proxy callers who lack the operator.read scope to bypass identity-bearing HTTP auth path scope validation...

4.3CVSS5.1AI score0.00222EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.1 views

PT-2026-34790

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/04/22 9:3 p.m.5 views

Important: Red Hat Security Advisory: DevWorkspace Operator 0.40.1 release.

DevWorkspace Operator 0.40.1 has been released. The DevWorkspace Operator extends OpenShift to provide DevWorkspace support...

9.1CVSS5.7AI score0.00522EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/04/22 6:4 p.m.0 views

CVE-2026-41469

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP...

5.2CVSS5.9AI score0.00204EPSS
Exploits0References5
NVD
NVDadded 2026/04/22 3:16 p.m.1 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS0.00213EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/04/22 2:16 p.m.2 views

CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

6.5CVSS5.8AI score0.00423EPSS
Exploits0References2
OSV
OSVadded 2026/04/22 2:16 p.m.2 views

UBUNTU-CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

6.5CVSS5.8AI score0.00423EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/22 9:31 a.m.2 views

EUVD-2026-24629

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References2
NVD
NVDadded 2026/04/22 7:16 a.m.5 views

CVE-2026-6840

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0...

5.5CVSS0.00105EPSS
Exploits0References1
CVE
CVEadded 2026/04/22 6:8 a.m.13 views

CVE-2026-6840

CVE-2026-6840 describes missing bounds validation for an operator during model loading, enabling a out-of-range operator-code lookup. Affected versions are those prior to commit 1.30.0. The CVSS 3.1 base score is 5.5 (Medium) with Local attack vector, Low attack complexity, No privileges required...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/22 6:8 a.m.1 views

CVE-2026-6840

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/22 6:8 a.m.31 views

CVE-2026-6840

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0...

5.5CVSS0.00105EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/22 6:8 a.m.4 views

CVE-2026-6840

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References1
OSV
OSVadded 2026/04/22 12:41 a.m.1 views

CLEANSTART-2026-BB70412 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the percona-xtradb-cluster-operator-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability...

9.8CVSS7AI score0.00789EPSS
Exploits2References38
OSV
OSVadded 2026/04/22 12:37 a.m.7 views

CLEANSTART-2026-AL68245 filippo

Multiple security vulnerabilities affect the percona-xtradb-cluster-operator-fips package. filippo. See references for individual vulnerability details...

9.8CVSS7.4AI score0.00765EPSS
Exploits1References11
CVE
CVEadded 2026/04/22 12:0 a.m.2 views

CVE-2026-35548

GuardSix/Logpoint guardsix ODBC Enrichment Plugins before 5.2.1 contain a logic flaw: stored database credentials can be reused after changing target Host/IP/Port. When editing an existing Enrichment Source, previously stored credentials remain and can be redirected to unintended internal systems...

8.5CVSS5.7AI score0.00213EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.5 views

PT-2026-34541

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP...

5.2CVSS5.9AI score0.00362EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.6 views

PT-2026-34263

CVE-2026-6840 Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0. https://t.co/DGJUzFs4hC...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/22 12:0 a.m.27 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

0.00213EPSS
Exploits0References2
Rows per page
Query Builder