Lucene search
K

503 matches found

CVE
CVE
added 2026/04/22 9:40 a.m.22 views

CVE-2026-33262

CVE-2026-33262 describes insufficient validation of cookie replies, causing a null pointer dereference and denial of service. The issue arises from a missing consistency check when processing replies, with cookies disabled by default. CVSS 3.1 base score 5.9 (Network attack, high complexity, no p...

5.9CVSS5.8AI score0.00418EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/20 11:8 p.m.8 views

EUVD-2026-24010

OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 8:37 p.m.11 views

CVE-2026-5358

...

5.7AI score0.0004EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-007339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007339 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevent oob on malformed input Malicious SMB server can send invalid rep...

5.6AI score0.00183EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/15 3:24 p.m.4 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

7.5CVSS5.9AI score0.00591EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.1 views

CVE-2026-35670

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered...

6CVSS5.8AI score0.00236EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 4:3 p.m.3 views

EUVD-2026-21486

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered...

6CVSS5.8AI score0.00236EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20127

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/08 7:43 a.m.21 views

CVE-2026-4654 Awesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS0.00327EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 7:43 a.m.13 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin for WordPress is affected by an Insecure Direct Object Reference in versions up to and including 6.3.7. The vulnerability stems from wpas_get_ticket_replies_ajax() not verifying that the authenticated user has permission to view the reques...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/07 12:0 a.m.9 views

CVE-2025-71058

Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to inje...

6AI score0.00451EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/03 11:59 p.m.3 views

CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...

5.9CVSS5.8AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 2:44 a.m.9 views

EUVD-2026-18955

Electron: Service worker can spoof executeJavaScript IPC replies...

5.9CVSS5.9AI score0.00123EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/03 2:44 a.m.9 views

Electron: Service worker can spoof executeJavaScript IPC replies

Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 11:17 a.m.24 views

CVE-2026-34506 OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration

OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesiz...

4.3CVSS0.00267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29026

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET PLAYER APPLICATION SETTING ATTRIBUTE TEXT and GET PLAYER APPLICATION SETTING VALUE TEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establi...

3.5CVSS5.9AI score0.00157EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/03/27 2:21 p.m.2 views

Security update for redis

This update for redis fixes the following issue: a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/26 7:8 p.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the webhook-handler process. An attacker can redirect message replies to an unintended user by exploiting mutable...

8.1CVSS5.9AI score0.00236EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.4CVSS5.8AI score0.00156EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:0 a.m.4 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.8AI score0.00156EPSS
Exploits1References3
Rows per page
Query Builder