Lucene search
K

9 matches found

CVE
CVE
added 5 days ago16 views

CVE-2026-48492

CVE-2026-48492 affects Snipe-IT (IT asset/license management). Prior to version 8.6.1, the GET /api/v1/{object}/selectlist endpoint lacked an authorization check, allowing any logged-in user (with a web session cookie and no API token) to enumerate all user accounts and retrieve usernames, displa...

7.1CVSS6AI score0.00385EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 9:4 p.m.11 views

EUVD-2026-38058

mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call...

8.1CVSS5.8AI score0.00264EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 12:35 p.m.7 views

EUVD-2026-25419

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.2AI score0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/06 3:12 p.m.2 views

CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

6.9CVSS6AI score0.00292EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.25 views

CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...

9.3CVSS0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/29 12:44 p.m.1 views

CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...

9.3CVSS6.1AI score0.00142EPSS
Exploits0References2
Veracode
Veracode
added 2025/04/25 8:47 a.m.7 views

Unintended Scope Exposure

SES is vulnerable to unintended scope exposure. The vulnerability is due to improper isolation due to top-level let, const, or class bindings in...

8.7CVSS6.6AI score0.005EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.6 views

Juniper Networks Junos OS Evolved Security Vulnerability

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS system. A security vulnerability exists in Juniper Networks Junos OS Evolved that stems from the presence of a Resource Exposure to Wrong Scope vulnerability that could allow an unauthenticated, web-based...

6.9CVSS6.8AI score0.00398EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.5 views

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It can help you automate more business and IT processes at scale with the ease and speed of traditional RPA.IBM Robotic Process Automation for Cloud Pak suffers from a resource...

3.3CVSS6.6AI score0.00179EPSS
Exploits0References3
Rows per page
Query Builder