Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2494 matches found

Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.3 views

PT-2026-31335

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Kibana’s Fleet plugin debug route handlers exhibit execution with unnecessary privileges, potentially allowing authenticated users with Fleet sub-feature privileges to read index data beyond...

7.7CVSS5.9AI score0.003EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/04/07 9:18 p.m.2 views

CVE-2026-34765 Electron named window.open targets not scoped to the opener's browsing context

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing...

6CVSS6.2AI score0.003EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/07 6:16 p.m.4 views

EUVD-2026-19651

Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope feature...

8.7CVSS5.9AI score0.00497EPSS
Exploits1References3
OSV
OSVadded 2026/04/07 6:15 p.m.6 views

GHSA-5HFF-46VH-RXMW OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill

Summary Before OpenClaw 2026.4.2, POST /sessions/:sessionKey/kill did not enforce write scopes in identity-bearing HTTP modes. A caller limited to read-only operator scopes could still terminate a running subagent session. Impact A read-scoped caller could perform a write-class control-plane...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/04/07 6:15 p.m.6 views

OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill

Summary Before OpenClaw 2026.4.2, POST /sessions/:sessionKey/kill did not enforce write scopes in identity-bearing HTTP modes. A caller limited to read-only operator scopes could still terminate a running subagent session. Impact A read-scoped caller could perform a write-class control-plane...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/04/07 6:10 p.m.2 views

GHSA-H2V7-XC88-XX8C OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels

Summary /phone arm//phone disarm Bypasses operator.admin Scope Check for External Channels Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Maintainers accepted this issue, fixed it in aa66ae1fc797d3298cc409ed2c5da69a89950a45 on 2026-03-27, and that fix shipped...

6.9CVSS5.8AI score0.00331EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/07 6:10 p.m.5 views

OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels

Summary /phone arm//phone disarm Bypasses operator.admin Scope Check for External Channels Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Maintainers accepted this issue, fixed it in aa66ae1fc797d3298cc409ed2c5da69a89950a45 on 2026-03-27, and that fix shipped...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/07 5:6 p.m.1 views

CVE-2026-34217

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

7.2CVSS6AI score0.00292EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/07 3:30 p.m.1 views

EUVD-2026-19694

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/07 3:30 p.m.2 views

EUVD-2026-19698

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2.2 Low. This issue was fixed in version 4.0.260205....

2.2CVSS5.8AI score0.00174EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/07 3:30 p.m.3 views

EUVD-2026-19703

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/07 3:30 p.m.4 views

EUVD-2026-19635

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/07 3:30 p.m.1 views

EUVD-2026-19696

An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...

3CVSS5.8AI score0.00118EPSS
Exploits0References3
NVD
NVDadded 2026/04/07 3:17 p.m.3 views

CVE-2026-5381

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2.2 Low. This issue was fixed in version 4.0.260205....

2.2CVSS0.00174EPSS
Exploits0References2
NVD
NVDadded 2026/04/07 3:17 p.m.1 views

CVE-2026-5384

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS0.00208EPSS
Exploits0References2
NVD
NVDadded 2026/04/07 3:17 p.m.1 views

CVE-2026-5374

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS0.00208EPSS
Exploits0References2
NVD
NVDadded 2026/04/07 3:17 p.m.4 views

CVE-2026-5378

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

6.8CVSS0.00191EPSS
Exploits0References2
NVD
NVDadded 2026/04/07 3:17 p.m.3 views

CVE-2026-5379

An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...

3CVSS0.00118EPSS
Exploits0References2
NVD
NVDadded 2026/04/07 3:17 p.m.4 views

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

9.8CVSS0.00497EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:24 p.m.3 views

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

8.7CVSS5.9AI score0.00497EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder