Lucene search
+L

183 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-62207

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths...

8.8CVSS0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45095

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths...

8.8CVSS6.1AI score0.00317EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-62207

The CVE-2026-62207 entry affects OpenClaw versions before 2026.6.5, where an authentication bypass exists due to insufficient policy checks on configured input paths. This vulnerability allows lower-trust callers to reach admin-scoped tools and perform actions that require higher authorization, a...

8.8CVSS6.1AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-62207 OpenClaw < 2026.6.5 Authentication Bypass via Admin Tools

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths...

8.8CVSS0.00317EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-62207 OpenClaw < 2026.6.5 Authentication Bypass via Admin Tools

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths...

7.7CVSS5.3AI score0.00317EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 11:55 a.m.30 views

CVE-2026-11719

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS0.0015EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/01 1:58 p.m.31 views

@agenticmail/mcp Missing Authentication for Critical Function

AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:27 p.m.10 views

CVE-2026-41936

Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...

8.6CVSS5.9AI score0.00271EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.9 views

CVE-2026-5333

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

9.8CVSS6.8AI score0.02666EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/02 3:31 p.m.6 views

EUVD-2026-18226

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

7.5CVSS6.8AI score0.02666EPSS
Exploits1References7
NVD
NVD
added 2026/04/02 2:16 p.m.5 views

CVE-2026-5333

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

9.8CVSS0.02666EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/02 1:30 p.m.4 views

CVE-2026-5333

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

7.5CVSS6.8AI score0.02666EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

Content Management System 命令注入漏洞

Content Management System is a lightweight content management system developed by DefaultFunction’s individual developer. Version 1.0 of Content Management System has a command injection vulnerability. This vulnerability stems from improper handling of the ‘host’ parameter in the ‘admin/tools.php...

9.8CVSS7.1AI score0.02666EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2015-9411

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS5.9AI score0.00267EPSS
Exploits1References4
NVD
NVD
added 2026/03/16 2:17 p.m.10 views

CVE-2015-20115

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS0.00267EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2015-20115

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

5.9AI score0.00267EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.27 views

CVE-2015-20115 RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS0.00267EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.4 views

CVE-2015-20115 RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS5.9AI score0.00267EPSS
Exploits1References3
CVE
CVE
added 2026/03/15 6:34 p.m.22 views

CVE-2015-20115

CVE-2015-20115 concerns RealtyScript 4.0.2 from Next Click Ventures. The connected documents confirm a stored cross-site scripting issue via the file upload parameter in admin/tools.php, caused by inadequate sanitization of uploaded files. Attackers could place JavaScript in uploads that would ex...

7.2CVSS5.9AI score0.00267EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.11 views

PT-2026-25718

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

7.2CVSS5.9AI score0.00267EPSS
Exploits1References5
Rows per page
Query Builder