Lucene search
K

5799 matches found

Nuclei
Nuclei
added 6 hours ago8 views

Campaign Monitor for WordPress - Information Disclosure

Campaign Monitor for WordPress plugin for WordPress versions up to 2.8.15 contains a full path disclosure caused by improper access restriction and enabled displayerrors in /forms/views/admin/create.php, letting unauthenticated attackers retrieve server paths, exploit requires displayerrors to be...

5.3CVSS6AI score0.00849EPSS
Exploits0References3
EUVD
EUVD
added 13 hours ago4 views

EUVD-2026-43534

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 13 hours ago5 views

EUVD-2026-43538

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 13 hours ago5 views

EUVD-2026-43568

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 13 hours ago6 views

EUVD-2026-43583

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS6.4AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-62198

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-62198 OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-62194

OpenClaw CVE-2026-62194 affects OpenClaw versions 2026.5.20 before 2026.6.9. Vulnerable: plugin install commands in the OpenClaw stack. Root cause: privilege escalation via misconfigured input paths or enabled features that let lower-trust callers execute/persist actions beyond their authorizatio...

8.8CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-62192

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester authorizat...

8.1CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-62186

OpenClaw is affected in versions before 2026.6.8 by an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. The issue allows lower-trust callers to bypass admin authorization policies and execute restricted operations via misconfigured input paths. Exploitation details ar...

7.6CVSS6.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-61858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can...

5.3CVSS6.1AI score0.00133EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-61858

A flaw was found in ImageMagick. This vulnerability allows attackers to bypass configured policy restrictions through the APNG Animated Portable Network Graphics encoding process. By exploiting missing validation checks in the APNG encoder and external delegates, an attacker can write files to...

5.3CVSS6AI score0.00133EPSS
Exploits0References5
OSV
OSV
added 3 days ago5 views

DEBIAN-CVE-2026-61858

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

5.3CVSS6.1AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-60088

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS0.00147EPSS
Exploits0References3
CVE
CVE
added 3 days ago11 views

CVE-2026-61858

CVE-2026-61858 concerns ImageMagick prior to 7.1.2-26, where a policy bypass vulnerability exists in the APNG encoder and external delegates due to missing validation checks. Attackers can bypass policy restrictions during APNG encoding and write files to disallowed paths. The provided documents ...

5.3CVSS6.1AI score0.00133EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43187

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS6.1AI score0.00133EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-60088 PraisonAI before 4.6.78 Path Traversal via Custom Commands

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS0.00147EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-11426

The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the templatethumbnail parameter and copying their contents into a publicly accessible uploads file...

6.5CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-57211

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

10CVSS0.00278EPSS
Exploits1References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57211 RabbitMQ: UNC SSRF affecting the management UI on Windows

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

6.5CVSS0.00278EPSS
Exploits1References5
Rows per page
Query Builder