Lucene search
K

1277 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-41460

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and...

7.3CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-41457

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service DoS condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using...

8.7CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2 days ago13 views

EUVD-2026-36318

OpenClaw's browser act interactions could bypass private-network navigation checks...

7.7CVSS5.8AI score0.00247EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-10129 SSRF via HTTP Redirect Following in Langflow API Request Component

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges flow author role can bypass SSRF protections by enabling the followredirects parameter and supplying a...

8.5CVSS0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:22 p.m.6 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:23 p.m.6 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.00172EPSS
Exploits0References3Affected Software1
ICS
ICS
added 2026/06/25 6:0 a.m.7 views

Delta Electronics DTM Soft

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...

8.4CVSS6.2AI score0.00388EPSS
Exploits0References13
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in libcommons-net-java

Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...

6.5CVSS6.5AI score0.01858EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in OpenVPN

OpenVPN 2.5.1 and earlier versions allow remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication. This can potentially lead to further information leaks...

7.5CVSS7.2AI score0.05107EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 9:31 p.m.11 views

Malicious code in ect-472839-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67248cb7373817da18e0edf4a019e2e6c9ded239e93a2e477ac168f7f45eeaa package.json declares a preinstall hook "preinstall": "node index.js" that auto-executes on npm install. index.js issues an HTTP GET to the hardcoded...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.10 views

CVE-2026-53812

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered...

7.7CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:7 p.m.33 views

CVE-2026-53812 OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered...

7.7CVSS0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:7 p.m.21 views

CVE-2026-53812

CVE-2026-53812 describes a server-side request forgery in OpenClaw’s browser control prior to version 2026.5.18. The vulnerability allows authenticated users to bypass private-network navigation checks by using Playwright act interactions, enabling navigation to private-network targets via action...

7.7CVSS5.5AI score0.00247EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 8:7 p.m.9 views

CVE-2026-53812 OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered...

7.7CVSS5.2AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 7:17 p.m.9 views

EUVD-2026-36308

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.5AI score0.00265EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2026-36144

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in browser control, allowing authenticated users to bypass private network...

7.7CVSS5.4AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48742

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An issue in browser control allows authenticated users to perform server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make request...

7.7CVSS5.2AI score0.00247EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/10 8:40 p.m.7 views

CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 5:10 p.m.8 views

CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References5
Rows per page
Query Builder