Lucene search
K

7923 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006650 advisory. In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpiinstallfixedeventhandler...

5.5CVSS6.2AI score0.00245EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006773)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006773 advisory. In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has bee...

5.5CVSS6.8AI score0.00232EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.2 views

CVE-2026-35043

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS6.5AI score0.00315EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35411

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 6:16 p.m.8 views

CVE-2026-39337

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS0.00715EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 6:16 p.m.3 views

GHSA-83F3-HH45-VFW9 OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws://

Summary Before OpenClaw 2026.4.2, Android accepted non-loopback cleartext ws:// gateway endpoints and would send stored gateway credentials over that connection. Discovery beacons or setup codes could therefore steer the client onto a cleartext remote endpoint. Impact A user who followed a forged...

6.3CVSS5.8AI score0.00118EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/07 6:16 p.m.3 views

OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws://

Summary Before OpenClaw 2026.4.2, Android accepted non-loopback cleartext ws:// gateway endpoints and would send stored gateway credentials over that connection. Discovery beacons or setup codes could therefore steer the client onto a cleartext remote endpoint. Impact A user who followed a forged...

5.9CVSS6AI score0.00118EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/07 6:15 p.m.6 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution through the channel setup process. An attacker can execute arbitrary code by introducing a malicious workspace plugin that claims a bundled channel id, allowi...

8.5CVSS6.5AI score0.00133EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/07 6:15 p.m.8 views

OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup

Summary Before OpenClaw 2026.4.2, built-in channel setup and login could resolve an untrusted workspace channel shadow before the plugin was explicitly trusted. A malicious workspace plugin that claimed a bundled channel id could execute during channel setup even while still disabled. Impact A...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:8 p.m.5 views

CVE-2026-39337

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS6.6AI score0.04151EPSS
Exploits3References2Affected Software1
EUVD
EUVD
added 2026/04/07 6:8 p.m.7 views

EUVD-2026-19835

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS6.6AI score0.04151EPSS
Exploits3References1
CVE
CVE
added 2026/04/07 6:8 p.m.19 views

CVE-2026-39337

ChurchCRM CVE-2026-39337 describes a pre-authentication remote code execution in the setup wizard (before/around initial installation) that allows unauthenticated code injection due to unsanitized $dbPassword. This is a remediation of an incomplete fix for CVE-2025-62521 and is fixed in version 7...

10CVSS6.6AI score0.00715EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.4 views

CVE-2026-5661

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...

6.9CVSS5.6AI score0.00419EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2026/04/07 1:0 p.m.4 views

Scale Smarter: A Practical Guide to Building with Akamai Object Storage

Akamai Object Storage provides high-performance, cost-effective Amazon S3–compatible object storage. Here's what it's used for and how to set it up...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/07 5:12 a.m.7 views

CVE-2026-5608

A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. Th...

9CVSS7.7AI score0.00725EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/07 4:39 a.m.6 views

Malicious code in databasenaps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4e63193532e90f42a370f4171248ffa344728b4699ba6615fbf61c0e7c9e1366 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSV
OSV
added 2026/04/07 4:39 a.m.11 views

MAL-2026-2502 Malicious code in databasenaps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4e63193532e90f42a370f4171248ffa344728b4699ba6615fbf61c0e7c9e1366 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/07 4:0 a.m.6 views

Malicious code in databaselooks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dd73d73ace43286d9d97ccebb1f758b52cfd114774b862c5b568a7d1151d0112 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30960

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, has a critical pre-authentication remote code execution issue in its setup wizard. Unauthenticated attackers can inject arbitrary PHP code during...

10CVSS6.6AI score0.00715EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-31036

Name of the Vulnerable Software and Affected Versions versions not specified Description An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side....

8.1CVSS6.1AI score0.00885EPSS
Exploits0References122
Rows per page
Query Builder