Lucene search
K

7921 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013266 advisory. An issue was discovered in sunxidivsclksetup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derivedname, which...

5.5CVSS7.3AI score0.00421EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.16 views

PT-2026-36921

Name of the Vulnerable Software and Affected Versions Nginx UI versions 2.0.0 through 2.3.7 Description An unauthenticated network attacker can claim the initial administrator account on a fresh instance during the first-run setup window. The public endpoint "/api/install" is accessible without...

9.8CVSS5.8AI score0.00346EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013309 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed befor...

5.8AI score0.00177EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013098 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an...

5.6AI score0.00177EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 11:8 p.m.14 views

CVE-2026-41295

OpenClaw OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability where untrusted workspace channel shadows could execute during built-in channel setup and login. An attacker could clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-p...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.3 views

CVE-2026-41295 OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/20 11:8 p.m.8 views

EUVD-2026-23999

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:8 p.m.4 views

CVE-2026-41295

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:8 p.m.6 views

CVE-2026-40045

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

5.9CVSS5.8AI score0.00118EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.4 views

CVE-2026-40045 OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

5.9CVSS5.8AI score0.00118EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 8:47 p.m.7 views

Malicious code in cycode-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 af035661f0964977015279eeceb2e380bf8b525463d4a099d85eab7b4ea8a71b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/20 8:47 p.m.7 views

MAL-2026-2957 Malicious code in cycode-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 af035661f0964977015279eeceb2e380bf8b525463d4a099d85eab7b4ea8a71b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.5 views

PT-2026-33717

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for example in multisite setup...

5.7AI score0.00213EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.4 views

PT-2026-33859

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

5.9CVSS5.8AI score0.00118EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/19 6:45 p.m.11 views

Malicious code in rblx-studio-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0984290664d514183109c836bea6a2bda03e33f89563accc6c79a51e281688f8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSV
OSV
added 2026/04/19 6:45 p.m.5 views

MAL-2026-2863 Malicious code in rblx-studio-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0984290664d514183109c836bea6a2bda03e33f89563accc6c79a51e281688f8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/19 6:24 p.m.9 views

Malicious code in robase-setup (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3fcd831a04f3c23efde7a365717e715cec5c6fb5211d26e5d76ace539abb06bc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSV
OSV
added 2026/04/19 6:24 p.m.5 views

MAL-2026-2864 Malicious code in robase-setup (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3fcd831a04f3c23efde7a365717e715cec5c6fb5211d26e5d76ace539abb06bc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSV
OSV
added 2026/04/18 10:47 p.m.7 views

MAL-2026-2860 Malicious code in mylib-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8cc746751844570c4d9de0acc1fc4aba45c1316434c664fc70711749720f88f1 During import, a remote executable is automatically started. During analysis, the executable only showed a basic message. It's likely experimenting with...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/18 6:7 p.m.8 views

Malicious code in rblx-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be690c2f32ad941003f8733406643848380c3918af421fa56c8ec0802b9c261d During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
Rows per page
Query Builder