Lucene search
K

2273 matches found

OSV
OSV
added 2026/06/16 9:31 p.m.5 views

GHSA-6JM4-83G2-35GV Duplicate Advisory: memory-wiki shared search could miss session visibility checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-72fw-cqh5-f324. This link is maintained to preserve external references. Original DescriptionOpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows...

6.5CVSS5.3AI score0.0021EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/16 9:5 p.m.8 views

Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Summary Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. Impact When a sandbox owner changed a preview from...

7CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 9:5 p.m.6 views

GHSA-WW63-PV5X-VFC8 Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Summary Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. Impact When a sandbox owner changed a preview from...

7CVSS5.8AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 7:17 p.m.14 views

CVE-2026-53844

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that shoul...

6.5CVSS0.0021EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:4 p.m.28 views

CVE-2026-53844

OpenClaw vulnerability CVE-2026-53844 affects OpenClaw prior to version 2026.4.29, involving a session visibility check bypass in the shared memory search path. The issue enables authenticated callers to skip session visibility guards and access memory entries that should not be visible to their ...

6.5CVSS5.3AI score0.0021EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 12:37 p.m.6 views

BIT-DISCOURSE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting user's visibility. With...

5.3CVSS5.3AI score0.00216EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/16 11:30 a.m.10 views

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive

Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49761

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.29 Description A session visibility check bypass exists in the shared memory search of the memory-wiki feature. This allows authenticated callers to skip session visibility guards on the search path, enabling...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 9:16 p.m.13 views

CVE-2026-47264

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:26 p.m.9 views

EUVD-2026-36561

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:26 p.m.25 views

CVE-2026-47264

CVE-2026-47264 affects Discourse releases 2026.1.0–2026.1.3, 2026.3.0–2026.3.0x (up to 2026.3.0-latest until 2026.3.1), and 2026.4.0–2026.4.0x (up to 2026.4.0-latest until 2026.4.1). The root cause is that DetailedTagSerializer#tag_group_names returned every tag group a tag belonged to without fi...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:26 p.m.34 views

CVE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:26 p.m.12 views

CVE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:8 p.m.29 views

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:8 p.m.8 views

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.3AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:8 p.m.10 views

EUVD-2026-36580

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.4AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48994

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.3AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48988

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description When the SiteSetting.tags listed by group setting is enabled, the DetailedTagSerializertag group names function returns all tag...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/11 6:30 p.m.32 views

CVE-2026-47177 Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it ...

5.7CVSS0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:30 p.m.10 views

CVE-2026-47177 Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it ...

5.7CVSS5.4AI score0.00251EPSS
Exploits0References2
Rows per page
Query Builder