Lucene search
K

8 matches found

CVE
CVE
added 2026/05/01 1:56 p.m.22 views

CVE-2026-31704

CVE-2026-31704 affects the Linux kernel’s ksmbd ACL handling. The vulnerability arises when accumulating ACL entry sizes uses 16-bit counters (u16) in set_posix_acl_entries_dacl() and set_ntacl_dacl(), allowing wraparound past 65535 and causing pointer arithmetic on pndace to land within already-...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from the lack of cross-channel permission list writing that is performed only by the owner at the /allowlist...

4.3CVSS5.8AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained a access control vulnerability. This vulnerability stemmed from the failure to filter Slack thread contexts based on the sender’s permission list, allowing messages...

5.4CVSS5.8AI score0.0014EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/03/09 12:37 a.m.10 views

K000160272: Apache Solr vulnerability CVE-2026-22444

Security Advisory Description The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.8AI score0.00654EPSS
Exploits1
Cvelist
Cvelist
added 2025/09/30 11:17 a.m.5 views

CVE-2025-41099 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permissions using unauthorised internal identifiers...

7.1CVSS0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.6 views

CVE-2024-24018

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list...

9.8CVSS9.7AI score0.00609EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.6 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server. An unauthenticated attacker could exploit the vulnerability to craft URL links that bypass the permission list control...

5.4CVSS6.6AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2021/07/31 5:15 p.m.13 views

CVE-2020-26565

ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data...

7.5CVSS0.01724EPSS
Exploits3References2
Rows per page
Query Builder