Aggregator

CVE-2026-34584 | knadh listmonk up to 6.0.x Newsletter authorization (GHSA-85j8-5c6w-gcpv)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability classified as critical has been found in knadh listmonk up to 6.0.x. This affects an unknown part of the component Newsletter Handler. The manipulation leads to authorization bypass. This vulnerability is listed as CVE-2026-34584. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-34828 | knadh listmonk up to 6.0.x Password Change session expiration (GHSA-h5j9-cvrw-v5qh)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability described as critical has been identified in knadh listmonk up to 6.0.x. Affected by this issue is some unknown functionality of the component Password Change Handler. Executing a manipulation can lead to session expiration. This vulnerability is tracked as CVE-2026-34828. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-34601 | xmldom up to 0.8.11/0.9.8 xml injection (GHSA-wh4c-j3r5-mjhp)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability marked as critical has been reported in xmldom up to 0.8.11/0.9.8. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in xml injection. This vulnerability is identified as CVE-2026-34601. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-34425 | OpenClaw validateScriptFileForShellBleed incomplete blacklist (GHSA-fvx6-pj3r-5q4q)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability labeled as critical has been found in OpenClaw. Affected is the function validateScriptFileForShellBleed. Such manipulation leads to incomplete blacklist. This vulnerability is referenced as CVE-2026-34425. It is possible to launch the attack remotely. No exploit is available. It is advisable to implement a patch to correct this issue.
vuldb.com

CVE-2026-34593 | ash-project ash up to 3.21.x Module cast_input resource consumption (GHSA-jjf9-w5vj-r6vp)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability identified as problematic has been detected in ash-project ash up to 3.21.x. This impacts the function cast_input of the component Module Handler. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2026-34593. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-34426 | OpenClaw Environment Variable incomplete blacklist (GHSA-98ch-45wp-ch47)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability categorized as critical has been discovered in OpenClaw. This affects an unknown function of the component Environment Variable Handler. The manipulation results in incomplete blacklist. This vulnerability was named CVE-2026-34426. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.
vuldb.com

CVE-2026-34598 | yeswiki up to 4.5.x form title cross site scripting (GHSA-37fq-47qj-6j5j)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in yeswiki up to 4.5.x. It has been rated as problematic. The impacted element is an unknown function. The manipulation of the argument form title leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-34598. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-34591 | python-poetry up to 2.3.2 on Python path traversal (GHSA-2599-h6xx-hpxp)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in python-poetry poetry up to 2.3.2 on Python. It has been declared as critical. The affected element is an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is handled as CVE-2026-34591. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-7343 | Belden Hirschmann Industrial HiVision up to 08.3.01/08.3.1 Packet privileges management

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in Belden Hirschmann Industrial HiVision up to 08.3.01/08.3.1. It has been classified as critical. Impacted is an unknown function of the component Packet Handler. Performing a manipulation results in improper privilege management. This vulnerability is known as CVE-2023-7343. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-34717 | opf openproject up to 17.2.2 Parameter operator.rb sql injection (GHSA-5rrm-6qmq-2364)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability has been found in opf openproject up to 17.2.2 and classified as critical. This vulnerability affects unknown code in the library modules/reporting/lib/report/operator.rb of the component Parameter Handler. This manipulation causes sql injection. This vulnerability appears as CVE-2026-34717. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2025-32957

CVE Trends
2 months 2 weeks ago
Currently trending CVE - Hype Score: 1 - baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the ...

CVE-2025-59489

CVE Trends
2 months 2 weeks ago
Currently trending CVE - Hype Score: 2 - Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an ...

How certain can you be about Agentic AI’s security capabilities?

Security Boulevard
2 months 2 weeks ago

What Are Non-Human Identities in Cybersecurity? Have you ever considered how well your organization manages machine identities? Non-Human Identities (NHIs) serve as the backbone of cybersecurity, safeguarding machine-to-machine communications across various industries. But with their intricate nature, managing these identities and the secrets associated with them—like encrypted passwords and tokens—is as crucial as it is […]

The post How certain can you be about Agentic AI’s security capabilities? appeared first on Entro.

The post How certain can you be about Agentic AI’s security capabilities? appeared first on Security Boulevard.

Alison Mack

Managed ad