Lucene search
K

16241 matches found

EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-43598

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 10 hours ago6 views

EUVD-2026-43535

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-43565

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 10 hours ago3 views

EUVD-2026-43566

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 10 hours ago6 views

EUVD-2026-43588

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS6.1AI score
Exploits0References2
Rockylinux
Rockylinux
added yesterday4 views

container-tools:rhel8 security update

An update is available for module.netavark, module.runc, slirp4netns, module.libslirp, criu, module.udica, module.oci-seccomp-bpf-hook, udica, toolbox, netavark, container-selinux, module.python-podman, module.crun, python-podman, module.containers-common, module.conmon, oci-seccomp-bpf-hook,...

7.5CVSS6.5AI score0.00813EPSS
Exploits0
RedHat Linux
RedHat Linux
added yesterday7 views

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.5AI score0.00813EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday84 views

Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect

Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 contain a reflected XSS and open redirect caused by insufficient sanitization of the redirect URI in the LTI authorization endpoint, letting attackers execute scripts or redirect users maliciously, exploit requires crafted URL with...

6.1CVSS6.8AI score0.01157EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday89 views

WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting

The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary...

6.1CVSS7.2AI score0.00594EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday104 views

Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection

Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-42071 info: name: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection author: gy741 severity: critical description: Visual...

10CVSS7.2AI score0.69882EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday253 views

Vite - Arbitrary File Read

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

7.5CVSS6.7AI score0.74998EPSS
Exploits28References2
Fedora
Fedora
added yesterday8 views

[SECURITY] Fedora 43 Update: attr-2.6.0-1.fc43

A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr1 and setfattr1. An attr1 command is also provided which is largely compatible with the SGI IRIX tool of the same name...

8.4CVSS6.1AI score0.00136EPSS
Exploits0
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43237

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2 days ago16 views

CVE-2026-15501

CVE-2026-15501 affects AstrBot (up to version 4.25.2). The vulnerability is in the function ToolsRoute.test_mcp_connection (astrbot/dashboard/routes/tools.py, MCP Test Endpoint), where manipulating mcp_server_config.url leads to server-side request forgery (SSRF). The attack is remotely exploitab...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2 days ago9 views

CVE-2026-15499

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-15499 AstrBotDevs AstrBot Scheduled Task cron_tools.py FutureTaskTool.call improper authorization

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS0.00201EPSS
Exploits0References5
NVD
NVD
added 2 days ago9 views

CVE-2026-15483

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation of the argument nslookuptarget leads to buffer overflow. It is possible to initiate the attack remotely. The vendo...

9CVSS0.00463EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43206

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...

9CVSS6.2AI score0.00463EPSS
Exploits0References5
CVE
CVE
added 2 days ago24 views

CVE-2026-15484

CVE-2026-15484 affects TRENDnet TEW-821DAP (firmware 1.12B01). The vulnerable element is the function sub_41EC14 in /goform/tools_nslookup of the ssi component, where input manipulation leads to a buffer overflow. Exploitation is described as possible to perform remotely via network. The vendor n...

9CVSS7.2AI score0.00463EPSS
Exploits0References5
CVE
CVE
added 2 days ago16 views

CVE-2026-15483

TRENDnet TEW-821DAP 1.12B01 contains a buffer overflow in the SSI component: the function sub_41EC14 in /goform/tools_nslookup is triggered by manipulating the nslookup_target argument, potentially allowing remote code execution. Several sources confirm the same issue for TEW-821DAP (v1.0R) as th...

9CVSS7.3AI score0.00463EPSS
Exploits0References5
Rows per page
Query Builder