36 matches found
CVE-2026-53818 OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback
OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools...
EUVD-2026-13978
OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...
CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields
OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...
CVE-2026-32014
OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...
CVE-2026-32014
OpenClaw is affected in versions prior to 2026.2.26. The vulnerability is a metadata spoofing flaw where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on a trusted network can spo...
CVE-2026-29193 ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...
Improper Access Control
github.com/kyverno/kyverno is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of multiple policy exceptions in enforce mode, which allows an attacker to bypass enforced policies by leveraging a less restrictive exception even when a more restrictive exception...
Improper Access Control
mad-proxy is vulnerable to Improper Access Control. The vulnerability is due to flaws in HTTP/HTTPS traffic interception logic, allowing attackers to bypass security policies and evade traffic inspection, potentially exposing sensitive data...
PT-2025-41407
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space Security Director versions prior to 24.1R3 Patch V4 Description A missing authorization issue exists in Juniper Networks Junos Space Security Director. An unauthenticated network-based attacker can read or modify...
EUVD-2022-26172
Malicious code in bioql PyPI...
Cisco Firepower Threat Defense Software SMB Protocol Snort 3 Detection Engine Bypass and DoS (cisco-sa-ftd-smbsnort3-dos-pfOjOYUV)
According to its self-reported version, Cisco Firepower Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the interaction between the Server Message Block SMB protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense FTD Software coul...
CVE-2025-20268 Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability
A vulnerability in the Geolocation-Based Remote Access RA VPN feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region. This vulnerability exists becaus...
The Fintech Open Source Foundation GitProxy 安全漏洞
The Fintech Open Source Foundation GitProxy is a deployment of custom push protection and policies on top of Git by The Fintech Open Source Foundation Foundation. A security vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and earlier versions, which stems from a...
OESA-2024-2466 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2024:3341-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3341-1 advisory. - CVE-2021-25743: escape, meta and control sequences in raw data output to terminal not neutralized. bsc1194400 - CVE-2023-2727:...
Advisory ROSA-SA-2024-2405
software: kubernetes 1.25.15 WASP: ROSA-CHROME packageevrstring: kubernetes-1.25.15-1 CVE-ID: CVE-2023-2431 BDU-ID: 2023-03899 CVE-Crit: LOW CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient validation o...
CVE-2023-20270
A vulnerability in the interaction between the Server Message Block SMB protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS conditi...
USN-6296-1 postgresql-12, postgresql-14, postgresql-15 vulnerabilities
It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. CVE-2023-39417 It was discovered that PostgreSQL incorrectly handled the MERGE...
The vulnerability of the Kubernetes cluster management software relates to the possibility of circumventing the ImagePolicyWebhook module’s policies. This allows a hacker to bypass existing security restrictions when running containers.
The vulnerability of the Kubernetes cluster management software relates to the possibility of circumventing the ImagePolicyWebhook module’s policies. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions when running containers remotely...
CVE-2022-20943
Multiple vulnerabilities in the Server Message Block Version 2 SMB2 processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS condition on an affected device. These...