Lucene search
K

419446 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-43598

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43573

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43581

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

7.5CVSS6.4AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43580

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/toolexec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The...

7.5CVSS6.3AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago6 views

EUVD-2026-43577

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.8CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43574

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43534

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-43540

OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-43535

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43539

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43548

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43554

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS6.2AI score
Exploits0References5
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43537

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43538

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43547

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the...

9.3CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago6 views

EUVD-2026-43578

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...

3.1CVSS5.5AI score
Exploits0References8
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43579

A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the file src/query/compiler/select.ts of the component Alias Path Handler. The manipulation results in improperly controlled modification of object prototype attributes. The attack ma...

5.3CVSS5.7AI score
Exploits0References9
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43536

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...

8.7CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43556

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43575

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.8CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43571

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43565

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43563

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43569

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43568

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43567

OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the...

7.6CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-43566

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43544

Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...

8.6CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43570

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...

8.1CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43564

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43560

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43559

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...

9.8CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-43551

The SCORM lab launch endpoint in Skillable scorm.skillable.com through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consum...

6.3CVSS6.2AI score
Exploits0References5
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43562

Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...

7.5CVSS7AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-43545

AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...

4.7CVSS6.3AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43543

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

4.7CVSS6.3AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-43542

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...

7.5CVSS6.9AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-43561

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is...

5.3CVSS4.7AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43553

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS6.5AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43550

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/2.php. This affects an unknown function of the file /editexam2.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been release...

7.5CVSS6.8AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43546

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS7.3AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43541

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...

7.3CVSS7.2AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43597

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43596

SAP Change and Transport System Attach Tool ctsattach allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger insecure deserialization and lead to remote code execution RCE on the system. Successful exploitation...

7.6CVSS6.6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43595

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43594

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43593

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43592

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43591

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities419446