Lucene search
K

212 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/12 7:14 p.m.3 views

CVE-2026-32248

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...

9.3CVSS5.8AI score0.00627EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/12 7:14 p.m.24 views

CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...

9.3CVSS0.00627EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 7:14 p.m.4 views

CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...

9.3CVSS5.8AI score0.00627EPSS
Exploits0References5
CVE
CVE
added 2026/03/12 7:14 p.m.13 views

CVE-2026-32248

Parse Server suffers an account takeover vulnerability (CVE-2026-32248) due to operator injection in the authentication data identifier. Before versions 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can crafted-login cause a pattern-matching query instead of an exact match, allowing them...

9.8CVSS5.8AI score0.00627EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/12 5:29 p.m.3 views

Improper Neutralization of Special Elements in Data Query Logic

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the findUsersWithAuthData function of authentication data...

9.8CVSS5.8AI score0.00627EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.8 views

PT-2026-25058

Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier e.g. anonymous authentication. By sending a crafted login request, the attacker can cause the server to perform a...

9.8CVSS5.8AI score0.00627EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

vaadin 安全漏洞

Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in versions of Vaadin prior to 14.14.0, 23.6.6,...

5.3CVSS5.8AI score0.00391EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/22 1:25 p.m.7 views

CVE-2026-27486

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...

5.3CVSS5.5AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/02/21 10:16 a.m.13 views

CVE-2026-27486

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...

5.3CVSS0.00292EPSS
Exploits0References4
CVE
CVE
added 2026/02/21 9:32 a.m.20 views

CVE-2026-27486

OpenClaw CVE-2026-27486 affects the OpenClaw CLI up to version 2026.2.13, where cleanup uses system-wide process enumeration and pattern-based termination without verifying process ownership. On shared hosts, unrelated processes matching the pattern could be terminated. The issue is addressed in ...

5.3CVSS5.5AI score0.00292EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/21 9:32 a.m.9 views

CVE-2026-27486 OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...

4.3CVSS5.5AI score0.00292EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-21337

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is a personal AI assistant. The CLI process cleanup mechanism used system-wide process enumeration and pattern matching to terminate processes without verifying ownership by the current...

5.3CVSS6AI score0.00292EPSS
Exploits0References18
GithubExploit
GithubExploit
added 2026/02/17 3:6 p.m.156 views

securiclaw

🦞 Securiclaw AI-Powered Code Security Scanner Securiclaw...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : redis:7 (AXSA:2024-9438:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9438:01 advisory. redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 redis: possible bypass of Unix socket permissions on startup CVE-2023-45145 redis:...

8.8CVSS8.6AI score0.04488EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : redis-6.2.17-1.el9_5 (AXSA:2025-9591:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9591:01 advisory. redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 redis: possible bypass of Unix socket permissions on startup...

9.8CVSS8.4AI score0.4292EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : redis:6 (AXSA:2025-9575:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9575:01 advisory. redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service CVE-2023-22458 redis: Integer overflow in the...

9.8CVSS8.4AI score0.69355EPSS
Exploits4References11
Packet Storm News
Packet Storm News
added 2026/01/12 12:0 a.m.1 views

YARA-X 1.11.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/03 12:0 a.m.2 views

EulerOS Virtualization 2.10.1 : libxml2 (EulerOS-SA-2026-1004)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.CVE-2025-27113 libxml2...

9.8CVSS7.2AI score0.01437EPSS
Exploits4References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-0549

Malware in sbrugna...

7.5CVSS7.6AI score0.02837EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2004-0709

Malware in sbrugna...

7.5CVSS6.4AI score0.01949EPSS
Exploits0References5
Rows per page
Query Builder