Lucene search
+L

37 matches found

euvd
euvd
added 3 days ago5 views

EUVD-2026-43565

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
euvd
euvd
added 3 days ago4 views

EUVD-2026-43566

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
nvd
nvd
added 4 days ago6 views

CVE-2026-62188

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS0.00213EPSS
Exploits0References2
nvd
nvd
added 4 days ago6 views

CVE-2026-62187

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS0.00213EPSS
Exploits0References2
cvelist
cvelist
added 4 days ago33 views

CVE-2026-62188 OpenClaw < 2026.6.9 Feishu Authorization Bypass

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS0.00213EPSS
Exploits0References2
osv
osv
added 4 days ago3 views

CVE-2026-62188 OpenClaw < 2026.6.9 Feishu Authorization Bypass

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References5
cve
cve
added 4 days ago10 views

CVE-2026-62188

OpenClaw @openclaw/feishu (versions

8.6CVSS6.1AI score0.00213EPSS
Exploits0References2Affected Software1
osv
osv
added 4 days ago3 views

CVE-2026-62187 OpenClaw < 2026.6.9 Feishu tools Authorization Bypass

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago35 views

CVE-2026-62187 OpenClaw < 2026.6.9 Feishu tools Authorization Bypass

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS0.00213EPSS
Exploits0References2
cve
cve
added 4 days ago11 views

CVE-2026-62187

The CVE affects the npm package @openclaw/feishu (OpenClaw Feishu tools). Versions up to and including 2026.6.6 could ignore per-account disablement, allowing a lower-trust caller or a configured input path to perform actions that should require stronger authorization. The consequence is unauthor...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 4 days ago7 views

PT-2026-57889

Name of the Vulnerable Software and Affected Versions @openclaw/feishu versions prior to 2026.6.9 Description The software may ignore per-account disablement, allowing a lower-trust caller or a configured input path to perform actions that require stronger authorization or policy checks. This can...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References7
cvelist
cvelist
added 2026/06/08 3:5 p.m.44 views

CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS0.00271EPSS
Exploits0References2
euvd
euvd
added 2026/06/08 3:5 p.m.12 views

EUVD-2026-35085

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/08 3:5 p.m.10 views

CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References2
osv
osv
added 2026/06/08 3:5 p.m.3 views

CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS6AI score0.00271EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

5.7CVSS5.4AI score0.00586EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/13 8:23 p.m.9 views

CVE-2026-44873

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References1
euvd
euvd
added 2026/05/12 9:31 p.m.9 views

EUVD-2026-29822

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/12 2:19 p.m.8 views

CVE-2026-43983

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...

8.5CVSS5.8AI score0.00247EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/05/12 2:19 p.m.11 views

CVE-2026-43983 Pocket ID: OIDC refresh token flow bypasses authorization revocation, account disabling, and group restrictions

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...

8.5CVSS5.8AI score0.00247EPSS
Exploits1References1
Rows per page
Query Builder