Lucene search
+L

292604 matches found

NVD
NVD
added 1 hour ago11 views

CVE-2026-22104

Improper access control in Hashtopolis server web-interface chunk activity component for versions prior to 0.14.8 allows any created account to read all cracked hashes of a Hashtopolis server instance...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago7 views

CVE-2026-22104 Improper access control in Hashtopolis server chunk activity component

Improper access control in Hashtopolis server web-interface chunk activity component for versions prior to 0.14.8 allows any created account to read all cracked hashes of a Hashtopolis server instance...

7.1CVSS
Exploits0References3
CVE
CVE
added 1 hour ago6 views

CVE-2026-22104

Hashtopolis server web-interface chunk activity component has an improper access control vulnerability in versions prior to 0.14.8, allowing any created account to read all cracked hashes for a Hashtopolis server instance. Root cause: insufficient access restrictions on the chunk activity UI/back...

7.1CVSS5.3AI score
Exploits0References3
CVE
CVE
added 7 hours ago12 views

CVE-2026-60060

The vulnerability CVE-2026-60060 affects the TTSSH2 plugin of Tera Term. The issue is described as Improper Handling of Length Parameter Inconsistency (CWE-130) that can cause out-of-bounds read/write when Tera Term tries to establish an SSH connection to a server set up by an attacker. This may ...

6.3CVSS6.6AI score
Exploits0References3
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-45131

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.0.13 via the 'family' parameter. This makes it possible for authenticated attackers, with editor-level access and above, to delete...

4.9CVSS6.2AI score
Exploits0References10
NVD
NVD
added 9 hours ago4 views

CVE-2026-62201

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS
Exploits0References2
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-45086

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...

8.2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-45085

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago3 views

EUVD-2026-45115

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked...

7.7CVSS6.1AI score
Exploits0References2
CVE
CVE
added 11 hours ago4 views

CVE-2026-62216

OpenClaw 2026.4.20 before 2026.5.28 contains a policy bypass in the QQBot media upload feature that could allow a lower-trust caller or configured input path to reach network destinations blocked by policy (server-side request forgery). Practical impact depends on operator configuration and wheth...

5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago3 views

EUVD-2026-45104

OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy server-side request forgery. The practical impac...

5CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-62214 OpenClaw < 2026.5.28 Bot Framework SSRF via serviceUrl Parameter Validation

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...

6.5CVSS
Exploits0References2
Cvelist
Cvelist
added 11 hours ago5 views

CVE-2026-62208 OpenClaw < 2026.6.5 Authorization Header Forwarding via SSE

OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...

6.5CVSS
Exploits0References2
CVE
CVE
added 11 hours ago5 views

CVE-2026-62208

CVE-2026-62208 affects prior to 2026.6.5. When MCP SSE redirects are used with the affected feature enabled, Authorization headers could be forwarded, allowing a lower-trust caller or configured input path to execute or persist actions beyond the caller’s intended authorization. Impact depends o...

6.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago3 views

EUVD-2026-45090

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-62201 OpenClaw < 2026.6.6 Network Policy Bypass via exec-server

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS
Exploits0References2
CVE
CVE
added 11 hours ago5 views

CVE-2026-62201

OpenClaw prior to version 2026.6.6 contains a network policy bypass in the sandbox exec-server that lets lower-trust callers reach internal network destinations blocked by policy. Attackers can send HTTP requests through the exec-server to access restricted network resources. The CVE description ...

7.7CVSS6.1AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added yesterday17 views

Blitz Identity Provider (Authentication server)

...

5.8AI score
Exploits0
CVE
CVE
added yesterday7 views

CVE-2026-44433

CVE-2026-44433 affects the Quicly QUIC protocol implementation used with the H2O HTTP server. Prior to commit 8b178e6, an adversarial peer could send a STREAM frame carrying only a single byte at the largest permitted offset to obtain additional flow control credit, potentially causing memory exh...

5.3CVSS6AI score0.00051EPSS
Exploits0References2
CVE
CVE
added yesterday18 views

CVE-2026-62826

CVE-2026-62826 affects Microsoft SharePoint Server where improper neutralization of input during web page generation enables an authorized attacker to spoof over a network. The NVD entry (CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N, base score 4.6) confirms cross-site scripting vulnerability wi...

4.6CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder