Lucene search
K

60479 matches found

SUSE CVE
SUSE CVE
added 2026/03/22 12:25 a.m.5 views

SUSE CVE-2026-4440

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00324EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2026/03/22 12:0 a.m.5 views

KLA90952 DoS vulnerability in Microsoft Browser

Out of bounds memory read and write vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2026-4440 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More...

8.8CVSS5.7AI score0.00324EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 3:33 p.m.4 views

EUVD-2026-14252

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS6.2AI score0.00246EPSS
Exploits0References5
NVD
NVD
added 2026/03/21 3:17 p.m.5 views

CVE-2026-4516

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS0.00246EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:2 p.m.4 views

CVE-2026-4516

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS5.4AI score0.00246EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/21 3:2 p.m.31 views

CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS0.00246EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:2 p.m.2 views

CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS5.4AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 3:2 p.m.14 views

CVE-2026-4516

Foundation Agents MetaGPT up to 0.8.1 is affected by a vulnerability in the DataInterpreter component, specifically the file metagpt/actions/di/write_analysis_code.py, enabling an injection due to manipulated data handling. The issue is exploitable remotely and the exploit has been made public, w...

6.5CVSS6.2AI score0.00246EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/03/21 5:27 a.m.7 views

Path Traversal

PyMuPDF is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the embedded get function in main.py, allowing attackers to manipulate paths and write files outside the intended directory, leading to arbitrary file write...

8.2CVSS5.9AI score0.00354EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/03/21 3:31 a.m.5 views

EUVD-2026-13949

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References3
CVE
CVE
added 2026/03/21 3:26 a.m.36 views

CVE-2026-3641

The Appmax WordPress plugin (up to version 1.0.3) exposes a public REST API webhook at /webhook-system that lacks webhook signature verification or authentication. The plugin directly processes untrusted input from the 'event' and 'data' parameters, enabling unauthenticated attackers to alter Woo...

5.3CVSS5.9AI score0.003EPSS
Exploits0References9
NVD
NVD
added 2026/03/21 1:17 a.m.7 views

CVE-2026-32055

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check...

8.2CVSS0.00322EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.2 views

CVE-2026-32055

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check...

7.6CVSS5.9AI score0.00322EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32051

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.26 views

CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS0.00412EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated caller with operator.write scope to invoke the owner-only tool interface...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26733

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.1 Description An authorization mismatch exists that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces, including gateway and cron, through agent runs in scoped-token...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26920

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write analysis code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.2AI score0.00246EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.6 views

MetaGPT 安全漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by unknown code in the DataInterpreter component file metagpt/actions/di/writeanalysiscode.py, which could allow remote executio...

6.5CVSS6.9AI score0.00246EPSS
Exploits0References4
Rows per page
Query Builder