10 matches found
EUVD-2026-29151
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...
CVE-2026-45006
CVE-2026-45006 affects OpenClaw prior to 2026.4.23, due to improper access control in the gateway tool’s config.apply and config.patch. The vulnerability bypasses an incomplete denylist, allowing compromised models to persist unsafe configuration changes that can alter command execution, network ...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the gateway tools config.apply and config.patch, allowing compromised models...
CVE-2026-42176
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address...
CVE-2026-42176
CVE-2026-42176 affects Scoold prior to version 1.67.0. A forged Bearer token can modify the admins setting via /api/config/set/admins, allowing an attacker to persist admin access after a restart by writing their email to scoold.admins. The change is loaded at startup, enabling administrator priv...
PT-2026-39187
Name of the Vulnerable Software and Affected Versions Scoold versions prior to 1.67.0 Description Scoold allows the modification of the admins configuration value via the "/api/config/set/admins" endpoint using a forged Bearer token that is accepted as an admin API token. This action writes a...
SUSE CVE-2017-18915
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access...
The vulnerability of the PJSIP multimedia communication library arises from the improper switching of multimedia transport mechanisms from SRTP to the basic RTP after SRTP is restarted. This allows an intruder to gain unauthorized access to protected information.
The vulnerability of the PJSIP multimedia communication library is related to the improper switching of multimedia transport mechanisms from SRTP to the basic RTP after SRTP is restarted. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected informatio...
UBUNTU-CVE-2022-42929
If a website called window.print in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
PT-2020-8461
Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.8.2 Mattermost Server versions prior to 3.7.5 Mattermost Server versions prior to 3.6.7 Description: An issue was discovered in Mattermost Server. After a restart of a server, an attacker might suddenly...