Lucene search
K

40 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-339 FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6AI score0.00272EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-50138

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.1 Description In the Git Smart HTTP path, the system fails to enforce repository-scoped access-token permissions when tokens are provided via Bearer authentication. While the CheckRepoScopedToken function is design...

8.1CVSS5.9AI score0.00343EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47578

internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...

7.1CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47623

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.1 Description The handleGetAuditLog function in internal/api/audit.go fails to perform an administrative privilege check. While the endpoint is protected by bearer authentication, any valid operator API key...

7.1CVSS5.9AI score0.00043EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.17 views

PT-2026-41693

Name of the Vulnerable Software and Affected Versions Arcane versions 1.18.1 and earlier Description An issue exists where the endpoint "GET /environments/id/volumes/volumeName/browse" accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside a helper...

6.3CVSS6AI score0.0021EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/14 8:44 p.m.13 views

User Impersonation

Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to User Impersonation via the sseUserContextMiddleware process. An attacker can gain unauthorized access to user sessions and perform actions as any user, including administrators, by...

9.3CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.10 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/06 9:31 p.m.10 views

EUVD-2026-28182

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.2CVSS5.8AI score0.0054EPSS
Exploits1References4
OSV
OSV
added 2026/05/06 9:31 p.m.10 views

GHSA-M8WM-R5VQ-QJPG Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmxx-7p24-h892. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain...

9.2CVSS5.7AI score0.0054EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.10 views

Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmxx-7p24-h892. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain...

9.8CVSS5.7AI score0.0054EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/06 8:16 p.m.17 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.8CVSS0.0054EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.7 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.2CVSS5.8AI score0.0054EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from capturing a resolved bearer-auth configuration during initialization, which could allow revoked tokens ...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38240

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description The software captures resolved bearer-auth configuration during startup, which allows revoked tokens to remain valid after a SecretRef rotation. The Gateway HTTP and WebSocket handlers do not...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/05 6:21 p.m.13 views

FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6AI score0.00272EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37285

Name of the Vulnerable Software and Affected Versions FireFighter versions prior to 0.0.54 Description The 'POST /api/v2/firefighter/raid/jira bot' endpoint CreateJiraBotView is accessible without authentication. The attachments payload is processed via httpx.get without URL validation, allowing ...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/04 9:15 p.m.15 views

quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Summary The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected...

6.3CVSS5.8AI score0.004EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/17 10:32 p.m.4 views

GHSA-XMXX-7P24-H892 OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...

9.2CVSS5.7AI score0.0054EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/17 10:32 p.m.15 views

OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...

9.8CVSS5.7AI score0.0054EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/10 8:59 p.m.3 views

GHSA-75HX-XJ24-MQRW n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport

Summary Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials. Impact An unauthenticated attacker with network access to the n8n-mcp HTTP server could disrupt active MCP sessions and gathe...

8.2CVSS5.7AI score
Exploits0References4
Rows per page
Query Builder