Lucene search
K

11 matches found

OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1494 Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

8.6CVSS5.9AI score0.00702EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 4:14 p.m.17 views

CVE-2026-44957

The CVE-2026-44957 vulnerability affects Revive Adserver 6.0.6 and earlier, where a missing access control check in the XML-RPC API modify methods allowed entities to be reassigned to different parent entities, causing inconsistent ownership. The issue is exploitable only in combination with CVE-...

4.3CVSS5.9AI score0.00235EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in commons-io

In Apache Commons IO before version 2.7, when the FileNameUtils.normalize method was called with an improper input string, such as “//../foo” or “\..\foo”, the result would be the same value. This potentially allowed access to files in the parent directory, but not further up the path thus...

5.8CVSS6.6AI score0.10608EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.19 views

CVE-2026-35636 OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where sessionstatus resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked...

7.1CVSS0.00259EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 9:27 p.m.13 views

CVE-2026-35636

OpenClaw 2026.3.11–2026.3.24 contains a session isolation bypass where session_status resolves sessionId to canonical session keys before visibility checks, allowing sandboxed child sessions to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions. The descr...

7.1CVSS5.9AI score0.00259EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/03 3:15 p.m.2 views

CVE-2026-31394 mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211chanbwchange for APVLAN stations ieee80211chanbwchange iterates all stations and accesses link-reserved.oper via sta-sdata-linklinkid. For stations on APVLAN interfaces e.g. 4addr WDS clients,...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.8 views

PT-2026-30177

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mac80211 component, specifically within the ieee80211 chan bw change function. This function iterates through stations and accesses link-reserved.oper...

9.8CVSS5.3AI score0.00443EPSS
Exploits0References467
Amazon
Amazon
added 2025/06/02 12:0 a.m.9 views

Medium: golang

Issue Overview: A directory traversal vulnerability was discovered in the Go programming language's os package in versions prior to 1.24.3. The vulnerability allows improper access to the parent directory of an os.Root by opening a filename ending in "../". When exploited, this vulnerability...

3.8CVSS6.8AI score0.00238EPSS
Exploits0
OSV
OSV
added 2025/01/07 5:15 a.m.13 views

CVE-2024-12332

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

6.5CVSS5.9AI score
Exploits0References4
PyPA
PyPA
added 2010/03/29 8:30 p.m.8 views

PYSEC-2010-13

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603...

7.5CVSS7.1AI score0.03001EPSS
Exploits1References10Affected Software1
RedHat Linux
RedHat Linux
added 2005/07/22 10:41 a.m.8 views

security flaw

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords...

5CVSS5.9AI score0.01832EPSS
Exploits0References4
Rows per page
Query Builder