Lucene search
K

2423 matches found

EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42776

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6
CVE
CVE
added 4 days ago13 views

CVE-2026-15320

CVE-2026-15320 affects Sipeed PicoClaw software up to version 0.2.9. The vulnerability targets the function rt.ReloadConfig in the file pkg/channels/pico/pico.go, where manipulation of the message.send argument can bypass authorization. This potentially allows a remote attacker to trigger the iss...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 DoS (cisco-sa-multiprod-ikev2-dos-gPctUqv2)

According to its self-reported version, Cisco IOS Software is affected by a vulnerability. - A vulnerability in the Internet Key Exchange version 2 IKEv2 protocol processing of Cisco Adaptive Security Appliance ASA Software, Cisco Firepower Threat Defense FTD Software, Cisco IOS Software, and Cis...

8.6CVSS6.9AI score0.0048EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 5:11 p.m.7 views

GHSA-275C-XPVC-JGFW OpenClaw: Slack and Zalo webhook secrets could remain active after secrets.reload

Summary Slack and Zalo webhook secrets could remain active after secrets.reload. In affected versions, a caller with an old webhook secret during the stale-secret window could keep accepting the previous secret after secrets.reload. This advisory is scoped to the named feature and configuration. ...

6.3CVSS6AI score0.00207EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:14 a.m.8 views

ipv6: sit: reload inner IPv6 header after GSO offloads

...

9.8CVSS5.8AI score0.00559EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 11:19 a.m.13 views

CVE-2026-53060

A flaw was found in the Linux kernel's device-mapper dm cache metadata. This memory leak vulnerability occurs when the dmcachemetadataabort function fails to acquire the root lock because the block manager is read-only, leading to the improper release of a temporary block manager. A local attacke...

5.5CVSS5.8AI score0.00184EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53228

In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6tunnelxmit caches the inner IPv6 header pointer at function entry and continues using it after iptunnelhandleoffloads. For GSO skbs, iptunnelhandleoffloads calls...

9.8CVSS0.00559EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:39 a.m.36 views

CVE-2026-53228

The CVE-2026-53228 entry documents a vulnerability in the Linux kernel SIT IPv6 tunnel driver. When GSO offloads are used, the code may keep a stale pointer to the inner IPv6 header after skb header unclone and potential headroom reallocation, leading to reads from freed memory. A fix reloads the...

9.8CVSS5.7AI score0.00559EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/06/18 4:16 p.m.10 views

CVE-2026-11791

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS0.00212EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/18 3:2 p.m.10 views

CVE-2026-34356

A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie directives. This could lead to a denial of service DoS condition, making the server unavailable to legitimate users. Mitigation To...

7.5CVSS5.5AI score0.00682EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 2:44 p.m.8 views

EUVD-2026-37902

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS5.2AI score0.00212EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 2:44 p.m.37 views

CVE-2026-11791 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 2:44 p.m.22 views

CVE-2026-11791

The CVE-2026-11791 entry concerns 389 Directory Server (389-ds-base), where during schema reload the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing refcount-based deferred deletion. This can lead to use-after-free or double-free when LDAP query ...

5CVSS5.2AI score0.00212EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichment
added 2026/06/18 2:44 p.m.11 views

CVE-2026-11791 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS5.2AI score0.00212EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 1:47 p.m.23 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via improper handling of URLs in the navigateTo function. An attacker can execute arbitrary scripts or redirect users to malicious sites by supplying crafted URLs that exploit path normalization and protocol-relative...

9.6CVSS6.1AI score0.00205EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 1:47 p.m.12 views

Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

Summary Three weaknesses in Nuxt's client-navigation URL handling, all reachable from documented public APIs navigateTo and reloadNuxtApp: 1. SSR open redirect in navigateTo via path-normalisation bypass. navigateTo decided whether a target was external by inspecting the raw input with...

6.1CVSS5.6AI score0.00205EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49244

Name of the Vulnerable Software and Affected Versions webpack-dev-server versions prior to 5.2.5 Description A permissive user-configured proxy with a broad context e.g., '/' and ws: true intercepts the development server's own Hot Module Replacement HMR WebSocket and forwards it to the proxy...

5.3CVSS5.4AI score0.00163EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/13 12:34 a.m.14 views

EUVD-2026-36618

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6.5CVSS5.2AI score0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.34 views

CVE-2026-53830 OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6.5CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.23 views

CVE-2026-53830

OpenClaw prior to 2026.4.22 is affected by a webhook secret revocation bypass. The vulnerability lets callers with old Slack/Zalo webhook secrets remain active after secrets.reload, enabling delivery of webhook events during the stale-secret window and potentially accepting previous credentials. ...

6.5CVSS5.3AI score0.00207EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder