Lucene search
K

43 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-58448

yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation...

7.1CVSS0.00235EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40374

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
CVE
CVE
added 2026/06/19 7:21 p.m.16 views

CVE-2026-49344

Mercator (open source mapping app) prior to version 2025.05.19 is affected by CVE-2026-49344. The Query Engine endpoint /admin/queries/execute does not enforce an authorization gate, allowing any authenticated account (including read-only Auditor) to query models outside the intended scope (e.g.,...

7.1CVSS5.8AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:21 p.m.22 views

CVE-2026-49344 Mercator has a Personal Identifiable Information Leak from Query Executor feature

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

7.1CVSS0.00281EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 10:26 p.m.23 views

PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

8.4CVSS6.4AI score0.00246EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/05/29 10:26 p.m.9 views

GHSA-78R8-WWQV-R299 PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

8.1CVSS6.4AI score0.00102EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016769)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016769 advisory. An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically...

5.5CVSS6.7AI score0.01808EPSS
Exploits1References4
NVD
NVD
added 2026/05/08 2:16 p.m.14 views

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

8.4CVSS0.00246EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.6 views

CVE-2026-36355

The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK all known versions through v3.4.14B does not perform any access control checks on the writemem ioctl 0x89F5 and readmem ioctl 0x89F6 debug handlers, which are compiled into production builds via the unconditionally defined...

5.8AI score0.0068EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/20 11:8 p.m.29 views

CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

7.6CVSS0.00223EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.5 views

CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

7.6CVSS5.9AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 11:8 p.m.14 views

CVE-2026-41302

OpenClaw (npm) before 2026.3.31 is vulnerable to a server-side request forgery (SSRF) in the marketplace plugin download. The issue arises from unguarded fetch() calls, enabling an attacker to make arbitrary network requests from the affected system, potentially reaching internal resources or ext...

7.6CVSS5.9AI score0.00223EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/10 12:30 a.m.2 views

EUVD-2026-21116

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

7.4CVSS5.9AI score0.00244EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 12:30 a.m.1 views

GHSA-8J7F-G9GV-7JHC Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fa...

7.4CVSS5.7AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.22 views

CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

7.4CVSS0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.2 views

PT-2026-31765

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw versions prior to 2026.3.25 contain a server-side request forgery vulnerability in multiple channel extensions. The issue arises from a failure to properly guard configured base URLs...

7.4CVSS5.8AI score0.00244EPSS
Exploits0References8
OSV
OSV
added 2026/04/02 9:22 p.m.2 views

GHSA-9Q7V-8MR7-G23P OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery

Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...

6.3CVSS5.9AI score0.00223EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/02 9:22 p.m.11 views

OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery

Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...

7.6CVSS5.9AI score0.00223EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/01 12:1 a.m.2 views

GHSA-QXGF-HMCJ-3XW3 OpenClaw affected by SSRF via unguarded image download in fal provider

Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...

2.3CVSS5.9AI score0.00227EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/01 12:1 a.m.10 views

OpenClaw affected by SSRF via unguarded image download in fal provider

Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...

8.3CVSS5.9AI score0.00227EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder