Lucene search
K

408 matches found

OSV
OSV
added 2026/06/25 10:21 p.m.4 views

GHSA-89GR-R52H-F8RX golang.org/x/crypto: FIDO/U2F security key physical presence check can be bypassed

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS6AI score0.00373EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:21 p.m.8 views

golang.org/x/crypto: FIDO/U2F security key physical presence check can be bypassed

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS6AI score0.00373EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-39831

A flaw was found in golang.org/x/crypto/ssh. The Verify method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-39831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Verify method for FIDO/U2F security key types [email protected], sk-ssh- [email protected] did not check the User Presence flag. Signatur...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References3
NVD
NVD
added 2026/05/22 4:16 a.m.21 views

CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS0.00373EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.33 views

Maestro 0.15.4

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.3 views

Maestro 0.15.3

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.7 views

CVE-2026-26320

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS5.9AI score0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 11:16 p.m.15 views

CVE-2026-26320

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS0.00426EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 10:24 p.m.14 views

CVE-2026-26320

Summary: CVE-2026-26320 affects OpenClaw macOS desktop client versions 2026.2.6–2026.2.13. The app registers the openclaw:// URL scheme and, for openclaw://agent deep links without an unattended key, shows a truncated confirmation dialog (first 240 characters) but executes the full message after ...

7.1CVSS6AI score0.00426EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/19 10:24 p.m.21 views

CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS0.00426EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/17 9:41 p.m.8 views

OpenClaw macOS deep link confirmation truncation can conceal executed agent message

Summary OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full message after the user clicked...

7.1CVSS6AI score0.00426EPSS
Exploits0References5Affected Software1
HackRead
HackRead
added 2026/01/28 1:34 p.m.8 views

GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics

New research from Point Wild’s Lat61 team reveals how the HEURRemoteAdmin.GoToResolve.gen tool allows silent, unattended access to PCs. Learn why this legitimate remote administration software is being flagged as a security risk and its surprising connection to ransomware tactics...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:27 a.m.6 views

CVE-2008-7320

GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision...

6.8CVSS6.6AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.23 views

CVE-2025-64725

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

9.8CVSS6.6AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2025/12/15 8:21 p.m.4 views

CVE-2025-64725 Weblate has improper validation upon invitation acceptance

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

1CVSS6.7AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/15 8:21 p.m.16 views

CVE-2025-64725 Weblate has improper validation upon invitation acceptance

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

1CVSS0.00319EPSS
Exploits0References4
OSV
OSV
added 2025/12/15 7:58 p.m.2 views

GHSA-M6HQ-F4W9-QRJJ Weblate has improper validation upon invitation acceptance

Impact It was possible to accept an invitation opened by a different Weblate user. Patches https://github.com/WeblateOrg/weblate/pull/16913 Workarounds Users should avoid leaving Weblate sessions with an unattended opened invitation. References Thanks to Nahid0x for responsibly disclosing this...

1CVSS6.8AI score0.00319EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/12/15 7:58 p.m.7 views

Weblate has improper validation upon invitation acceptance

Impact It was possible to accept an invitation opened by a different Weblate user. Patches https://github.com/WeblateOrg/weblate/pull/16913 Workarounds Users should avoid leaving Weblate sessions with an unattended opened invitation. References Thanks to Nahid0x for responsibly disclosing this...

9.8CVSS6.9AI score0.00319EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 1:53 a.m.5 views

CVE-2025-67719

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

8.5CVSS6.8AI score0.0013EPSS
Exploits0References1
Rows per page
Query Builder