Lucene search
K

364732 matches found

NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53814

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes ...

8.7CVSS0.00281EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.14 views

CVE-2026-53815

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53812

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered...

7.7CVSS0.00247EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53813

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing...

7.8CVSS0.00114EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.18 views

CVE-2026-53817

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

8.8CVSS0.00309EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53811

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

8.8CVSS0.00309EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53810

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...

8.8CVSS0.00419EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.14 views

CVE-2026-53816

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway,...

8.6CVSS0.00342EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.14 views

CVE-2026-53809

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS0.00093EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.11 views

CVE-2026-53808

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

6.5CVSS0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.13 views

CVE-2026-50245

Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed...

8.3CVSS0.00156EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 9:16 p.m.13 views

CVE-2026-53806

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...

8.8CVSS0.00419EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.14 views

CVE-2026-50005

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

8.3CVSS0.00197EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 9:16 p.m.10 views

CVE-2026-53807

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS0.00312EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-41005

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

9CVSS0.00131EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 8:16 p.m.18 views

CVE-2026-53782

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS0.00265EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 8:16 p.m.12 views

CVE-2026-53781

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS0.00329EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 8:16 p.m.18 views

CVE-2026-49973

Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the setpassword parameter to the settings API endpoint without any network origin restriction. Attackers on any reachable netwo...

9.4CVSS0.00543EPSS
Exploits0References5
NVD
NVD
added 2026/06/11 8:16 p.m.16 views

CVE-2026-49949

CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests...

6CVSS0.00253EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 8:16 p.m.16 views

CVE-2026-46489

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into eve...

8.1CVSS0.0031EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 8:16 p.m.17 views

CVE-2026-46622

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the apitokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a...

8.1CVSS0.00197EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 8:16 p.m.17 views

CVE-2026-45802

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script...

6CVSS0.00259EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 8:16 p.m.11 views

CVE-2026-45175

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker ...

8.5CVSS0.00128EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 8:16 p.m.10 views

CVE-2026-12038

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

Exploits0
NVD
NVD
added 2026/06/11 7:16 p.m.9 views

CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.18 views

CVE-2026-53701

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gsth266parserparsepicturepartition gsth266parser.c, the loop iterates without checking that the slice index stays within bounds, writin...

6.5CVSS0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.19 views

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

8CVSS0.00224EPSS
Exploits0References7
NVD
NVD
added 2026/06/11 7:16 p.m.13 views

CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS0.00201EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.20 views

CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

8.2CVSS0.00303EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47189

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...

8.3CVSS0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.9 views

CVE-2026-48547

KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a childprocess.execSync cal...

8.5CVSS0.0091EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-47181

PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of an account, leading to full account takeover. An attacker only needs a registered account and a...

8.7CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.9 views

CVE-2026-47188

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban and /unwarn still echo user-controlled reason text in public bot messages without allowedMentions. A...

2.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47250

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00267EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47177

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it ...

5.7CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47174

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS0.00312EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-47172

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47171

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-47175

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...

2.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47173

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-47176

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-47167

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.3CVSS0.00135EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47169

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the select...

7.5CVSS0.00238EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.16 views

CVE-2026-47163

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runti...

7.2CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47170

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.40 views

CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS0.00219EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-46519

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which...

8.8CVSS0.00376EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-45178

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

8.4CVSS0.00361EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-45176

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this coul...

8.9CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-45177

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

9.1CVSS0.00503EPSS
Exploits0References1
Total number of security vulnerabilities364732