Lucene search
K

1050 matches found

CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgery in the media download path of QQ robots, which could allow attackers to access interna...

8.5CVSS5.9AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 9:31 p.m.14 views

EUVD-2026-25292

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achie...

9.3CVSS6.4AI score0.15547EPSS
Exploits1References6
NVD
NVD
added 2026/04/23 8:16 p.m.9 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS0.15547EPSS
Exploits1References5
CVE
CVE
added 2026/04/23 7:45 p.m.32 views

CVE-2026-25874

LeRobot has an unsafe deserialization vulnerability in its async inference pipeline. pickle.loads() is used to deserialize data received over unauthenticated, TLS-less gRPC channels in both the policy server and robot client components. An unauthenticated, network-reachable attacker can achieve a...

9.8CVSS6.4AI score0.15547EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 7:45 p.m.5 views

CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS6.5AI score0.15547EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:45 p.m.4 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS6.4AI score0.15547EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/23 7:45 p.m.139 views

CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS0.15547EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.14 views

PT-2026-34741

Name of the Vulnerable Software and Affected Versions LeRobot versions prior to 0.6.0 Description An unsafe deserialization issue exists in the asynchronous inference pipeline of the policy server and robot client components. The software uses the pickle.loads function to deserialize data receive...

9.8CVSS8.1AI score0.15547EPSS
Exploits1References51
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from insufficient scope in the Zalo webhook replay de-duplication key, allowing legitimate events from...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 9:6 a.m.29 views

CVE-2026-6848 Quay: red hat quay: authentication bypass allows privileged actions without valid credentials

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

5.4CVSS0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/22 9:6 a.m.5 views

CVE-2026-6848

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

8.1CVSS5.7AI score0.00263EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 9:6 a.m.2 views

CVE-2026-6848 Quay: red hat quay: authentication bypass allows privileged actions without valid credentials

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34319

Name of the Vulnerable Software and Affected Versions Red Hat Quay affected versions not specified Description A flaw exists where the password re-verification prompt for sensitive operations, such as token generation or robot account creation, can be bypassed. This allows a user with a timed-out...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

Vexa 安全漏洞

Vexa is an open-source conference robot and real-time transcription API developed by Vexa.ai. Versions of Vexa prior to 0.10.0-260419-1910 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication and authorization checks for internal endpoints, which could...

7.5CVSS5.8AI score0.00402EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 6:31 p.m.8 views

EUVD-2026-19638

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur ...

7.2CVSS6AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/04/07 4:16 p.m.5 views

CVE-2026-1078

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur ...

7.2CVSS0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 3:4 p.m.2 views

CVE-2026-1078 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge.

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur ...

7.2CVSS6AI score0.00321EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:4 p.m.3 views

CVE-2026-1078

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur ...

7.2CVSS6AI score0.00321EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.11 views

PT-2026-30846

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur ...

7.2CVSS6AI score0.00321EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.3 views

CVE-2026-0898

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

9CVSS5.9AI score0.00321EPSS
Exploits0References1
Rows per page
Query Builder