Lucene search
K

52 matches found

NVD
NVD
added 2026/06/26 6:16 p.m.10 views

CVE-2026-33646

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS0.00685EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:51 p.m.38 views

CVE-2026-33646

CVE-2026-33646 affects Mise: prior to 2026.3.10, Processed .tool-versions with Tera where exec() is registered, allowing arbitrary code execution when a malicious .tool-versions file is parsed during shell CD hooks. Unlike .mise.toml, .tool-versions is not trusted in non-paranoid mode, so an atta...

9.6CVSS6AI score0.00685EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 8:17 p.m.5 views

DEBIAN-CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

7.5CVSS5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:31 p.m.5 views

CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 5:19 p.m.6 views

Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)

Summary Mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode. This means an attacker ca...

9.6CVSS6.4AI score0.00685EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/04 7:8 p.m.6 views

GHSA-C839-4QXR-J4X3 Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

2.3CVSS5.8AI score0.00173EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.5 views

CVE-2026-41396 OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

8.5CVSS5.2AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.18 views

PT-2026-35780

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description Workspace .env files can override the OPENCLAW BUNDLED PLUGINS DIR environment variable, which compromises the verification of plugin trust. This allows attackers who have control over the...

8.5CVSS5.8AI score0.00126EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/31 12:31 p.m.11 views

Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-99qw-6mr3-36qr. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust...

8.8CVSS6.2AI score0.00331EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/31 12:16 p.m.4 views

CVE-2026-32920

OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run...

8.8CVSS0.00331EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29228

OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run...

9.8CVSS6.1AI score0.00331EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.9 views

Apache Airflow 信任管理问题漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Versions of Apache Airflow from 1.10.0 to 1.12.0 containe...

4.8CVSS5.8AI score0.00355EPSS
Exploits1References3
PyPA
PyPA
added 2026/03/18 2:16 a.m.14 views

PYSEC-2026-103

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS5.7AI score0.00318EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/18 2:16 a.m.5 views

DEBIAN-CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS5.3AI score0.00318EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 2:16 a.m.16 views

UBUNTU-CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS5.7AI score0.00318EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 1:15 a.m.29 views

CVE-2026-28500

CVE-2026-28500 affects ONNX up to v1.20.1 where onnx.hub.load() bypasses security checks due to flawed repository trust logic. The silent=True flag silences warnings and prompts, enabling a vector for zero-interaction supply-chain attacks. When combined with filesystem vulnerabilities, an attacke...

9.1CVSS5.7AI score0.00318EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:15 a.m.4 views

CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

8.6CVSS5.7AI score0.00318EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

ONNX 安全漏洞

ONNX Open Neural Network Exchange is an open standard for machine learning interoperability, developed under the ONNX open source framework. Versions of ONNX prior to 1.20.1 contain security vulnerabilities. These vulnerabilities stem from improper logic in the repository trust verification...

9.1CVSS5.8AI score0.00318EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.6 views

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

6AI score
Exploits0
CNVD
CNVD
added 2025/12/25 12:0 a.m.4 views

RiteCMS Cross-Site Request Forgery Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a cross-site request forgery vulnerability, the vulnerability stems from the page creation and editing functions do not adequately verify whether the request comes from a trusted user, an attacker can use thi...

6.8CVSS5.9AI score0.00159EPSS
Exploits1References1
Rows per page
Query Builder