Lucene search
+L

30 matches found

OSV
OSV
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53834 OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS6AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 3:11 p.m.18 views

EUVD-2026-33337

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.6 views

CVE-2026-27659

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

4.6CVSS5.8AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 6:31 p.m.8 views

GHSA-RMHW-C3XR-M3XX Mattermost doesn't properly validate CSRF tokens

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

4.6CVSS5.9AI score0.00123EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.2.2 and earlier of the 11.2.x series, as well as versions 10.11.10 and earlier of the 10.11.x series, 11.4.0 and earlier of the 11.4.x series, and 11.3...

4.6CVSS5.8AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-24836

Malware in sbrugna...

5.8CVSS5.9AI score0.00927EPSS
Exploits0References2
Veracode
Veracode
added 2024/07/03 7:6 a.m.17 views

Improper Access Control

aimeos/ai-admin-graphql is vulnerable to Improper Access Control. The vulnerability is due to inadequate enforcement of access control policies within aimeos/ai-admin-graphql, allowing editors are able to manage their own services via the GraphQL API, bypassing the intended restrictions designed...

3.8CVSS6.7AI score0.00425EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2023/12/11 6:28 p.m.43 views

Teleport: access list owner can escalate his role to the highest roles

Summary: 1. Go to your-domain.teleport.sh/web/accesslists. 2. Create a new access list and add a role to "Roles Granted," e.g., "reviewer" role. 3. Add a user as the Access List Owner. 4. The user, as the Access List Owner, can escalate the role of the list to higher roles, thereby escalating the...

7.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2023/11/01 6:15 p.m.25 views

CVE-2023-20246

Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being...

5.8CVSS6.2AI score0.00559EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/05/23 4:30 p.m.19 views

Employee guilty of joining ransomware attack on his own company

A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/03/29 12:0 a.m.8 views

CVE-2020-14140

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute...

7.9AI score0.01031EPSS
Exploits0References1
OSV
OSV
added 2022/01/19 1:15 a.m.4 views

CVE-2022-22152

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on...

6.5CVSS6.6AI score0.0078EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/11/02 12:0 a.m.6 views

The vulnerability of the implementation of the Ethernet Industrial Protocol (ENIP) in the microsoftware-based network interface controllers of Cisco Firepower Threat Defense (FTD) allows a attacker to circumvent the configured access control policies.

The vulnerability of the Industrial Ethernet Protocol ENIP implementation of Cisco Firepower Threat Defense’s micro-programmed network interface controllers is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to bypass the configured access contr...

5.8CVSS5.5AI score0.00645EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/07/28 12:0 a.m.22 views

Cisco Firepower Threat Defense Software TCP Intercept Bypass (cisco-sa-tcp-intercept-bypass-xG9M3PbY)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies including...

5.8CVSS6.1AI score0.00927EPSS
Exploits0References3
NVD
NVD
added 2020/10/21 7:15 p.m.30 views

CVE-2020-3565

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies including Geolocation and Service Polices on an affected system. The vulnerability exists because TCP...

5.8CVSS0.00927EPSS
Exploits0References1
Prion
Prion
added 2020/10/21 7:15 p.m.19 views

Improper access control

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies including Geolocation and Service Polices on an affected system. The vulnerability exists because TCP...

4.3CVSS5.7AI score0.00927EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/21 6:40 p.m.32 views

CVE-2020-3565 Cisco Firepower Threat Defense Software TCP Intercept Bypass Vulnerability

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies including Geolocation and Service Polices on an affected system. The vulnerability exists because TCP...

5.8CVSS5.7AI score0.00927EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/10/21 6:40 p.m.9 views

CVE-2020-3565 Cisco Firepower Threat Defense Software TCP Intercept Bypass Vulnerability

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies including Geolocation and Service Polices on an affected system. The vulnerability exists because TCP...

5.8CVSS6.9AI score0.00927EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.30 views

Cisco Firepower Threat Defense Software TCP Intercept Bypass Vulnerability

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies including Geolocation and Service Polices on an affected system. The vulnerability exists because TCP...

5.8CVSS5.6AI score0.00927EPSS
Exploits0References1
Rows per page
Query Builder