2332 matches found
CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...
CVE-2026-34386
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...
CVE-2026-34386
Fleet is open source device management software. Before 4.81.0, a SQL injection vulnerability in Fleet’s MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet da...
PT-2026-28627
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a SQL injection issue in its MDM bootstrap package configuration. An authenticated user possessing Team Admin or Global Admin privileges...
CVE-2026-32041
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
EUVD-2026-15431
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...
CVE-2026-20084
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...
CVE-2026-20084
CVE-2026-20084 describes a vulnerability in the DHCP snooping feature of Cisco IOS XE Software affecting Cisco Catalyst 9000 Series switches. The issue arises from improper handling of BOOTP packets, which could allow an unauthenticated remote attacker to forward BOOTP packets between VLANs. The ...
CVE-2026-20084
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...
Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...
Cisco IOS XE Software 资源管理错误漏洞
Cisco IOS XE Software is a network operating system developed by the American company Cisco. There is a resource management vulnerability in Cisco IOS XE Software, which stems from improper handling of BOOTP packets. This vulnerability may lead to BOOTP packets being forwarded between VLANs,...
cc.chensoul.nacos:nacos-distribution (=2.5.2), com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1) +521 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=5.8.0 <=5.8.16)
org.springframework.security:spring-security-web MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =4.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-3373...
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
EUVD-2026-13330
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
CVE-2026-32041
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
CVE-2026-32041
OpenClaw vulnerable in versions prior to 2026.3.1 due to authentication bootstrap error at startup, leaving browser-control routes accessible without authentication. Local or loopback SSRF paths can reach browser-control routes, including evaluate-capable actions, without valid credentials. CVSS ...
GHSA-63F5-HHC7-CX6P OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
Summary openclaw versions = 2026.3.12 allowed bootstrap setup codes to be replayed before approval, which could widen the scopes on a pending device pairing request. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.3.12 - Fixed version: 2026.3.13 Details The...
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
Summary openclaw versions = 2026.3.12 allowed bootstrap setup codes to be replayed before approval, which could widen the scopes on a pending device pairing request. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.3.12 - Fixed version: 2026.3.13 Details The...
GHSA-VH8F-65QG-3M8J vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...