Lucene search
+L

25 matches found

CVE
CVE
added 4 days ago34 views

CVE-2026-62422

CVE-2026-62422 affects JetBrains YouTrack, with authentication bypass via direct database access that enables administrative access. Affects: YouTrack builds listed in the entry (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The entry does not pr...

10CVSS6.1AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-43540

OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS6.2AI score0.00295EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 10:6 a.m.38 views

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49300

Name of the Vulnerable Software and Affected Versions Observe versions prior to 2026-01-28 Description A flaw in the CSV Log export component allows a remote attacker to obtain sensitive information. Recommendations Update to a version released after 2026-01-28. As a temporary workaround, restric...

7.5CVSS5.3AI score0.00375EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 5:7 p.m.13 views

EUVD-2026-31469

Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats X509VERRUNABLETOGETISSUERCERTLOCALLY,...

9.8CVSS5.7AI score0.00291EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

DENX Software Engineering Das U-Boot 访问控制错误漏洞

DENX Software Engineering's Das U-Boot is a general-purpose bootloader developed by the German company DENX Software Engineering. Versions of DENX Software Engineering's Das U-Boot prior to version 2026.04 contained an access control vulnerability. This vulnerability stemmed from the omission of...

8.2CVSS5.8AI score0.00127EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
Patchstack
Patchstack
added 2026/04/25 11:48 p.m.10 views

NPM: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

NPM: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a check-time-based flaw in sandbox file operations, allowing attackers to bypass defenses based on file...

5CVSS5.8AI score0.00088EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

OpenClaw 跨站请求伪造漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from a lack of browser source verification at the HTTP operator endpoint when running in a...

7.1CVSS5.7AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.12 views

mailcow: dockerized 跨站脚本漏洞

mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before 2026-03b contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the isolated details modal boxes did not escape the attachment file names, allowing...

8.9CVSS5.9AI score0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/06 5:48 p.m.2 views

CVE-2026-35173 Chyrp Lite has an IDOR via Mass Assignment in Post Model

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 12:31 p.m.4 views

EUVD-2026-17371

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...

9.8CVSS6.4AI score0.01973EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

EVerest 竞争条件问题漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained a race condition vulnerability. This vulnerability stemmed from undefined C++ behavior due to data races, which could lead to memory corruption...

8.2CVSS5.8AI score0.00248EPSS
Exploits1References1
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-X742-88JJ-7HV9 Duplicate Advisory: allowlist exec-guard bypass via env -S

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48wf-g7cp-gr3m. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows...

7.1CVSS5.8AI score0.00339EPSS
Exploits0References5
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-XRGV-34CC-Q765 Duplicate Advisory: OpenClaw's system.run allowlist bypass via shell line-continuation command substitution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9868-vxmx-w862. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to...

6CVSS5.9AI score0.00439EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.1 contained security vulnerabilities. These vulnerabilities stemmed from an unlimited memory growth issue in the Zalo webhook endpoint. This could allow unverified attackers to...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/18 1:34 a.m.7 views

EUVD-2026-12710

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

7.1CVSS6AI score0.00197EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28477

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

5.9CVSS6AI score0.00133EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.14 had code-related vulnerabilities. These vulnerabilities stemmed from insufficient constraints on the hook module paths configured by the gateway, allowing attackers with access to modify the gatew...

8.6CVSS5.9AI score0.00405EPSS
Exploits0References4
Rows per page
Query Builder