Lucene search
K
VulnrichmentRecent

163353 matches found

Vulnrichment
Vulnrichment
•added 2026/06/16 6:19 p.m.•8 views

CVE-2026-22312 Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...

8.6CVSS5.4AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 6:17 p.m.•8 views

CVE-2026-47750 stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

7.8CVSS5.8AI score0.0018EPSS
Exploits1References3
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•7 views

CVE-2026-53866 OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision,...

8.1CVSS5.8AI score0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•7 views

CVE-2026-53865 OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by...

7.2CVSS5.7AI score0.00119EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•9 views

CVE-2026-53864 OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...

8.1CVSS5.3AI score0.00246EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•8 views

CVE-2026-53863 OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended acces...

7.1CVSS5.3AI score0.00169EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•8 views

CVE-2026-53862 OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits...

4.2CVSS5.3AI score0.00088EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•6 views

CVE-2026-53861 OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command...

6.6CVSS5.6AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•9 views

CVE-2026-53859 OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block throu...

6.5CVSS5.3AI score0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•8 views

CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

7.1CVSS5.3AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•7 views

CVE-2026-53857 OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy

OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent responses intended for different Zalo identities when...

8.6CVSS5.3AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•7 views

CVE-2026-53856 OpenClaw < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw.json

OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can read sensitive configuration data by exploiting the recovery path to access the restored config file...

5.7CVSS5.3AI score0.00094EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•8 views

CVE-2026-53854 OpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Internal/Webchat Commands

OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or webchat paths to...

6.5CVSS5.6AI score0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•9 views

CVE-2026-53855 OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to place inline-eval content in shell carriers outside...

8.1CVSS5.5AI score0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•7 views

CVE-2026-53853 OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted...

8.3CVSS5.6AI score0.00347EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•7 views

CVE-2026-53852 OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing

OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope se...

5.4CVSS5.3AI score0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•6 views

CVE-2026-53850 OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority,...

6.8CVSS5.5AI score0.00093EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:5 p.m.•7 views

CVE-2026-53851 OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading ...

6.3CVSS5.3AI score0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•6 views

CVE-2026-53849 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change their display name to match a policy entry and gai...

8.6CVSS5.2AI score0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•8 views

CVE-2026-53847 OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope

OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficien...

5.4CVSS5.3AI score0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•6 views

CVE-2026-53848 OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers

OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•7 views

CVE-2026-53846 OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npmexecpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager...

7.1CVSS5.4AI score0.00118EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•6 views

CVE-2026-53845 OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•7 views

CVE-2026-53844 OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that shoul...

6.5CVSS5.3AI score0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•9 views

CVE-2026-53843 OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session

OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation...

8.8CVSS5.2AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•8 views

CVE-2026-53842 OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDKPYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDKPYTHON variable to execute...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•7 views

CVE-2026-53841 OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTML

OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link...

6.1CVSS5AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:4 p.m.•16 views

CVE-2026-53840 OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects

OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate sensitive headers lik...

7.1CVSS5.3AI score0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 6:1 p.m.•12 views

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

...

7.8CVSS5.2AI score0.03391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 5:54 p.m.•9 views

CVE-2024-39575

updatediskpsubaseline.sh requires password in plain text...

7.4CVSS5.2AI score0.00096EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 5:53 p.m.•7 views

CVE-2026-48775 LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify...

6.8CVSS6AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 5:42 p.m.•8 views

CVE-2026-10748 Nexus Repository 3 - Remote Code Execution via License Deserialization

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0...

8.6CVSS5.9AI score0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 5:11 p.m.•7 views

CVE-2026-47748 stable-diffusion.cpp: Out-of-bounds reads in PyTorch checkpoint pickle opcode parsing

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...

5.5CVSS5.6AI score0.00163EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/16 4:50 p.m.•7 views

CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord function by processing a specially crafted or very small XPM X PixMap image file. This improper validation of file boundaries can cause an internal pointer to read...

5.5CVSS4.7AI score0.00129EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 4:32 p.m.•7 views

CVE-2026-47963 DNG SDK | Out-of-bounds Read (CWE-125)

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

5.5CVSS5.1AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 4:32 p.m.•7 views

CVE-2026-47964 DNG SDK | Heap-based Buffer Overflow (CWE-122)

DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 4:32 p.m.•6 views

CVE-2026-47927 DNG SDK | Out-of-bounds Read (CWE-125)

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

5.5CVSS5.2AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 4:29 p.m.•7 views

CVE-2024-38487

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions...

7CVSS5.2AI score0.00081EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 4:15 p.m.•10 views

CVE-2026-42089 yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS5.9AI score0.00139EPSS
Exploits1References3
Vulnrichment
Vulnrichment
•added 2026/06/16 4:9 p.m.•7 views

CVE-2026-24228

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.5AI score0.00161EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 4:8 p.m.•7 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS5.3AI score0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 4:4 p.m.•8 views

CVE-2024-30476

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...

5.4CVSS5.5AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 3:57 p.m.•6 views

CVE-2026-10649 Pacemaker: pacemaker: denial of service via integer overflow in remote message decompression

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...

8.6CVSS5.3AI score0.00443EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 3:42 p.m.•13 views

CVE-2025-71261 Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control...

8.6CVSS5.2AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 3:26 p.m.•6 views

CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/16 3:24 p.m.•6 views

CVE-2024-24909

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code...

8.8CVSS5.8AI score0.00448EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 3:18 p.m.•9 views

CVE-2026-53776 Perry < 0.5.1166 JWT Expiration Bypass via verify_decode

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...

9.3CVSS5.4AI score0.00357EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 3:18 p.m.•9 views

CVE-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2026/06/16 3:16 p.m.•7 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS5.7AI score0.00099EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 2:52 p.m.•10 views

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS6.3AI score0.00889EPSS
Exploits0References2
Total number of security vulnerabilities163353