Lucene search
K

591 matches found

CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

OpenClaw 访问控制错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that can be exploited by an attacker to cause a local process to capture a gateway authentication token...

6.8CVSS5.8AI score0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 5:26 a.m.23 views

CVE-2026-0953

CVE-2026-0953 affects the Tutor LMS Pro WordPress plugin (versions through 3.9.5). The issue is an authentication bypass in the Social Login addon: the plugin fails to verify that the email in the authentication request matches the email from the validated OAuth token, allowing unauthenticated at...

9.8CVSS5.8AI score0.00655EPSS
In wildExploits0References2
NVD
NVD
added 2026/03/09 8:16 p.m.6 views

CVE-2025-62166

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

7.5CVSS0.0038EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/06 11:38 p.m.3 views

Header Injection

Overview Affected versions of this package are vulnerable to Header Injection in the parseCaddyfile function. An attacker can inject arbitrary values into trusted identity headers by supplying crafted HTTP headers when authenticated with a valid token, leading to unauthorized privilege escalation...

8.8CVSS5.9AI score0.00249EPSS
Exploits1References2
CVE
CVE
added 2026/03/06 4:44 a.m.21 views

CVE-2026-29060

Gokapi CVE-2026-29060 affects pre-2.2.3 builds of Gokapi (self-hosted file sharing with encryption). Registered users without rights to create/modify file requests could generate a short‑lived API key and perform those actions, an issue patched in 2.2.3 per CVE description. SUSE and PTSecurity en...

5CVSS5.8AI score0.00137EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/05 10:16 p.m.5 views

CVE-2026-28472

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...

9.8CVSS0.00357EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 9:59 p.m.6 views

EUVD-2026-9921

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

6.3CVSS5.9AI score0.00284EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 8:52 p.m.5 views

GHSA-G962-2J28-3CG9 OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes

Summary When JWT authentication is configured using either: - authJwtPubKeyPath local RSA public key, or - authJwtHmacSecret HMAC secret, the configured audience value authJwtAud is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted...

8.8CVSS6AI score0.00301EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.1 views

SUSE CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.8AI score0.27661EPSS
Exploits1References3
OSV
OSV
added 2026/03/03 1:29 p.m.4 views

BIT-DISCOURSE-2026-26077 Discourse doesn't ensure webhooks require a token

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

Dataease SQLBot 数据伪造问题漏洞

Dataease SQLBot is a robot plugin developed by Dataease as open source. Versions of Dataease SQLBot 1.5.1 and earlier contained a data manipulation vulnerability. This vulnerability stemmed from improper verification of the encrypted signature for the validateEmbedded function in the JWT Token...

6.3CVSS5.8AI score0.00184EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-26006

Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. Details Affected versions inject x-openclaw-relay-token for loopback CDP URLs, and CDP reachability probes send that header to /json/version. If an attacker controls the probed loopback...

6.1CVSS5.9AI score0.00126EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/01 12:0 a.m.18 views

PT-2026-41180

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description A flaw in the chat completion API allows users to bypass tool restrictions, potentially leading to unauthorized actions or access. In the '/api/chat/completions' endpoint, the tool ids and tool...

7.5CVSS5.8AI score0.0026EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/02/26 2:58 p.m.21 views

CVE-2026-26077 Discourse doesn't ensure webhooks require a token

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Discourse 授权问题漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 have vulnerabilities related to authorization. These...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/25 10:40 p.m.6 views

Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...

7.3CVSS5.9AI score0.00453EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/02/25 10:16 p.m.3 views

CVE-2026-27616

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...

7.3CVSS0.00453EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/02/25 7:37 p.m.9 views

Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

6.1CVSS5.9AI score0.00287EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/02/25 3:41 a.m.23 views

CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

9.8CVSS0.00668EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/25 3:41 a.m.4 views

CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

9.8CVSS5.7AI score0.00668EPSS
Exploits1References3
Rows per page
Query Builder