Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2661 matches found

EUVD
EUVDadded 2026/05/01 12:0 a.m.1 views

EUVD-2026-26698

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...

7.5CVSS6AI score0.00057EPSS
Exploits0References2
CVE
CVEadded 2026/05/01 12:0 a.m.4 views

CVE-2026-37536

The CVE-2026-37536 entry concerns miaofng/uds-c (commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a, 2016-10-05). A stack buffer overflow occurs in send_diagnostic_request: a 6-byte buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) is written via memcpy at offset 1+pid_length with payload_length bytes. The def...

8.8CVSS6AI score0.00021EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/01 12:0 a.m.6 views

Unified Diagnostic Services Support Library in C 安全漏洞

Unified Diagnostic Services Support Library in C is an automotive electronic diagnostic protocol support library by a personal developer, Laughing with the Wind. Unified Diagnostic Services Support Library in C has a security vulnerability that originates from a stack buffer overflow in the...

8.8CVSS6.3AI score0.00021EPSS
Exploits0References1
NVD
NVDadded 2026/04/28 7:37 p.m.0 views

CVE-2026-41379

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS0.00028EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/28 6:9 p.m.24 views

CVE-2026-41379 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS0.00028EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/28 6:9 p.m.1 views

EUVD-2026-26088

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS5.2AI score0.00028EPSS
Exploits0References3
CVE
CVEadded 2026/04/28 6:9 p.m.4 views

CVE-2026-41379

OpenClaw is affected as OpenClaw &lt; 2026.3.28. The flaw allows authenticated operators with write permissions to use the chat.send endpoint to reach and modify admin-class Talk Voice configuration settings intended for administrators only. Affected versions are = 2026.3.28 and apply any additio...

7.1CVSS5.3AI score0.00028EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/04/28 12:16 a.m.5 views

CVE-2026-41371

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...

8.5CVSS0.00048EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from permission escalation vulnerabilities, allowing authenticated operators with write permissions to acces...

7.1CVSS5.8AI score0.00028EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.5 views

PT-2026-35764

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Authenticated operators with write permissions can escalate privileges to access admin-class Talk Voice configuration persistence. This is possible by exploiting the 'chat.send' endpoint to reac...

7.1CVSS5.8AI score0.00028EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/27 11:24 p.m.3 views

EUVD-2026-25951

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...

8.5CVSS5.2AI score0.00048EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/27 11:24 p.m.4 views

CVE-2026-41371

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...

8.5CVSS5.3AI score0.00048EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/27 11:24 p.m.27 views

CVE-2026-41371 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...

8.5CVSS0.00048EPSS
Exploits0References2
CVE
CVEadded 2026/04/27 11:24 p.m.9 views

CVE-2026-41371

OpenClaw before 2026.3.28 is affected by a privilege escalation vulnerability in the chat.send path. The issue allows write-scoped gateway callers to trigger admin-only session reset operations by exploiting improper authorization checks. Attackers can rotate target sessions, archive prior transc...

8.5CVSS5.3AI score0.00048EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/27 1:22 p.m.2 views

CVE-2026-7013

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

4.8CVSS2.9AI score0.00039EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/27 5:15 a.m.1 views

CVE-2026-7090 code-projects Chat System send_message.php cross site scripting

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.1AI score0.00012EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/27 5:15 a.m.4 views

EUVD-2026-25774

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.9AI score0.00012EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/27 5:15 a.m.4 views

CVE-2026-7090

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.9AI score0.00012EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/04/27 5:15 a.m.11 views

CVE-2026-7090

CVE-2026-7090 affects code-projects Chat System 1.0 via /admin/send_message.php: the msg parameter is vulnerable to cross-site scripting. The issue arises from improper handling of the argument, enabling remote exploitation with a public exploit. No remediation details are provided in the availab...

4.8CVSS3.3AI score0.00012EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/27 5:15 a.m.30 views

CVE-2026-7090 code-projects Chat System send_message.php cross site scripting

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS0.00012EPSS
Exploits0References5
Rows per page
Query Builder