Lucene search
K

713 matches found

CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

FastGPT 安全漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.9.5 contained a security vulnerability. This vulnerability stemmed from the use of TypeScript type assertions in password-based login endpoints...

9.8CVSS5.9AI score0.00627EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.85 views

📄 Cockpit CMS 2.13.5 NoSQL Injection

Cockpit CMS version 2.13.5 is vulnerable to NoSQL operator injection on multiple API endpoints. User-supplied filter objects are forwarded to the Mongolite query engine without stripping MongoDB operators. Authenticated users can bypass intended query filters and perform boolean-based blind queri...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/10 5:17 p.m.13 views

CVE-2026-35663

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.24 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.1 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 4:3 p.m.20 views

CVE-2026-35663

CVE-2026-35663 affects OpenClaw prior to 2026.3.25. A privilege-escalation vulnerability allows non-admin operators to self-request broader scopes during backend reconnect, bypassing pairing requirements and reconnecting as operator.admin to gain unauthorized administrative privileges. Impact is ...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/10 4:3 p.m.8 views

EUVD-2026-21472

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35653 OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the...

8.1CVSS5.8AI score0.006EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.6 views

CVE-2026-35653

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the...

8.1CVSS5.8AI score0.006EPSS
Exploits1References5
CVE
CVE
added 2026/04/09 7:43 p.m.21 views

CVE-2026-40089

Sonicverse (Self-hosted Docker Compose stack) contains an SSRF in the dashboard API client (apps/dashboard/lib/api.ts). User-controlled URLs are passed from the dashboard to a server-side HTTP client without sufficient validation, allowing an authenticated operator to trigger arbitrary HTTP reque...

9.9CVSS6AI score0.00232EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Sonicverse 代码问题漏洞

Sonicverse is an open-source, hosted real-time radio audio streaming solution developed by Sonicverse. There are code-related vulnerabilities in Sonicverse; these vulnerabilities stem from the API client accepting user-controlled URLs with insufficient validation. This could allow authenticated...

9.9CVSS5.9AI score0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 7:56 p.m.1 views

CVE-2023-7343

Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision...

8.5CVSS6.4AI score0.00142EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/02 7:16 p.m.3 views

CVE-2023-7342

HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...

8.8CVSS0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 6:27 p.m.16 views

CVE-2023-7342 Belden HiSecOS Web Server Privilege Escalation

HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...

8.8CVSS0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.3 views

PT-2026-29891

HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can explo...

8.5CVSS5.9AI score0.00142EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29867

Name of the Vulnerable Software and Affected Versions HiSecOS web server versions 03.4.00 through 04.0.99 Description HiSecOS web server versions 03.4.00 through 04.0.99 contain a privilege escalation flaw. Authenticated users with operator or auditor roles can escalate their privileges to the...

8.8CVSS5.9AI score0.00265EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/01 12:7 a.m.3 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the LiveQuery subscription process when an authenticated use...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 12:7 a.m.8 views

GHSA-MMG8-87C5-JRC2 Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value

Impact An authenticated user with find class-level permission can bypass the protectedFields class-level permission setting on LiveQuery subscriptions. By sending a subscription with a $or, $and, or $nor operator value as a plain object with numeric keys and a length property an "array-like" obje...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/01 12:7 a.m.8 views

Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value

Impact An authenticated user with find class-level permission can bypass the protectedFields class-level permission setting on LiveQuery subscriptions. By sending a subscription with a $or, $and, or $nor operator value as a plain object with numeric keys and a length property an "array-like" obje...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/31 3:10 p.m.24 views

CVE-2026-34595 Parse Server: LiveQuery protected-field guard bypass via array-like logical operator value

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.70 and 9.7.0-alpha.18, an authenticated user with find class-level permission can bypass the protectedFields class-level permission setting on LiveQuery subscriptions. By...

5.3CVSS0.00251EPSS
Exploits0References5
Rows per page
Query Builder