Lucene search
K

104 matches found

EUVD
EUVD
added 4 days ago11 views

EUVD-2026-36323

OpenClaw: Control UI locality spoofing could mint a durable admin device token...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-45689

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with...

9.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 9:16 p.m.15 views

CVE-2026-53817

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

8.8CVSS0.00309EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:11 p.m.5 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via insufficient validation in the Control UI pairing process. An attacker can obtain persistent administrative device tokens by spoofing locality information over the...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:9 p.m.37 views

CVE-2026-53817

OpenClaw CVE-2026-53817 affects the Control UI pairing in OpenClaw, where locality validation is insufficient. This allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens, converting temporary shared access into persistent administrative ...

8.8CVSS5.5AI score0.00309EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS5.4AI score0.00448EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48747

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.22 Description An issue in the Control UI pairing process involves insufficient locality-derived trust validation. This allows attackers with network access to spoof locality information to convert temporary...

8.8CVSS5.2AI score0.00309EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/10 6:20 p.m.5 views

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment due to the failure to invalidate previously issued administrative tokens after an administrator account is suspended, deleted, or deactivated. An attacker can maintain unauthorized acces...

8.6CVSS5.3AI score0.00448EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 4:16 p.m.9 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS0.00448EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 2:57 p.m.9 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

5.4AI score0.00448EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48456

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description Improper Restriction of Security Token Assignment occurs when administrative tokens are not invalidated after an administrator account is suspended, deleted, or deactivated. This allows continu...

7.2CVSS5.9AI score0.00448EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 10:16 a.m.12 views

CVE-2026-41031

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 9:51 a.m.8 views

CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47731

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.12 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00295EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 6:27 p.m.28 views

CVE-2026-46395 HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS0.00295EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:27 p.m.10 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00295EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/28 5:45 p.m.12 views

EUVD-2026-32966

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...

5.1CVSS5.8AI score0.00204EPSS
Exploits0References8
NVD
NVD
added 2026/05/15 7:17 p.m.28 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS0.01709EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/15 6:2 p.m.12 views

Information Exposure

Dgraph is vulnerable to Information Exposure. The vulnerability is due to exposure of process command-line arguments through the unauthenticated /debug/vars endpoint, which allows an attacker to obtain sensitive admin tokens and gain unauthorized access to admin-only endpoints...

9.8CVSS5.8AI score0.02187EPSS
Exploits1References3Affected Software3
Rows per page
Query Builder