Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2493 matches found

NVD
NVDadded 2026/04/24 3:16 p.m.1 views

CVE-2026-31547

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

5.5CVSS0.00107EPSS
Exploits0References2
OSV
OSVadded 2026/04/24 3:16 p.m.1 views

DEBIAN-CVE-2026-31547

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

5.5CVSS5.3AI score0.00107EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/24 3:16 p.m.3 views

CVE-2026-31547

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

5.5CVSS5.4AI score0.00107EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/24 2:33 p.m.24 views

CVE-2026-31547 drm/xe: Fix missing runtime PM reference in ccs_mode_store

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

0.00107EPSS
Exploits0References2
CVE
CVEadded 2026/04/24 2:33 p.m.8 views

CVE-2026-31547

CVE-2026-31547 affects the Linux kernel DRM/xe driver. The flaw is a missing outer runtime PM reference in ccs_mode_store, where ccs_mode_store() calls xe_gt_reset() which invokes xe_pm_runtime_get_noresume() that requires an outer runtime PM reference. The result is a runtime PM protection warni...

5.5CVSS5.3AI score0.00107EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/24 2:33 p.m.0 views

CVE-2026-31547

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

5.3AI score0.00107EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/04/24 2:33 p.m.1 views

EUVD-2026-25440

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

5.3AI score0.00107EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/04/24 2:33 p.m.2 views

CVE-2026-31547

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

5.5CVSS5.3AI score0.00107EPSS
Exploits0
NVD
NVDadded 2026/04/24 1:16 p.m.2 views

CVE-2026-38743

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS0.00352EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/24 12:36 p.m.1 views

EUVD-2026-25418

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.3AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/24 12:36 p.m.0 views

CVE-2026-38743

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.3AI score0.00352EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/24 12:35 p.m.2 views

EUVD-2026-25419

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.2AI score0.00352EPSS
Exploits0References2
NVD
NVDadded 2026/04/24 9:16 a.m.0 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/24 8:28 a.m.0 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.2AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/24 8:28 a.m.24 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS0.00269EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/24 8:28 a.m.1 views

EUVD-2026-25409

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.3AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/24 8:28 a.m.4 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.3AI score0.00269EPSS
Exploits0References2Affected Software1
Snyk
Snykadded 2026/04/24 2:29 a.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the paired-device pairing management process. An attacker can gain unauthorized access to approve or operate on unrelated pending device requests by leveraging...

5.4CVSS5.4AI score0.00171EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/24 12:31 a.m.3 views

EUVD-2026-25338

OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and disrupt bot workflows...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References4
OSV
OSVadded 2026/04/24 12:31 a.m.0 views

GHSA-6477-WVJJ-47V6 Duplicate Advisory: OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxmx-g7hr-8mx4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows...

6.3CVSS5.7AI score0.00278EPSS
Exploits0References5
Rows per page
Query Builder