Lucene search
K

36 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 8:9 p.m.8 views

CVE-2026-53818 OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback

OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools...

6.9CVSS5.4AI score0.00096EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/21 12:42 a.m.5 views

EUVD-2026-13978

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.2 views

CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

8.6CVSS5.8AI score0.0019EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.2 views

CVE-2026-32014

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

8.6CVSS5.8AI score0.0019EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:6 p.m.9 views

CVE-2026-32014

OpenClaw is affected in versions prior to 2026.2.26. The vulnerability is a metadata spoofing flaw where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on a trusted network can spo...

8.6CVSS5.8AI score0.0019EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/07 3:11 p.m.8 views

CVE-2026-29193 ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

8.2CVSS5.7AI score0.00312EPSS
Exploits0References3
Veracode
Veracode
added 2026/01/21 9:12 a.m.10 views

Improper Access Control

github.com/kyverno/kyverno is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of multiple policy exceptions in enforce mode, which allows an attacker to bypass enforced policies by leveraging a less restrictive exception even when a more restrictive exception...

5.6AI score
Exploits0
Veracode
Veracode
added 2025/12/13 8:3 a.m.8 views

Improper Access Control

mad-proxy is vulnerable to Improper Access Control. The vulnerability is due to flaws in HTTP/HTTPS traffic interception logic, allowing attackers to bypass security policies and evade traffic inspection, potentially exposing sensitive data...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.8 views

PT-2025-41407

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space Security Director versions prior to 24.1R3 Patch V4 Description A missing authorization issue exists in Juniper Networks Junos Space Security Director. An unauthenticated network-based attacker can read or modify...

8.6CVSS6.5AI score0.00284EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-26172

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00764EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Cisco Firepower Threat Defense Software SMB Protocol Snort 3 Detection Engine Bypass and DoS (cisco-sa-ftd-smbsnort3-dos-pfOjOYUV)

According to its self-reported version, Cisco Firepower Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the interaction between the Server Message Block SMB protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense FTD Software coul...

5.8CVSS6.1AI score0.00668EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/14 4:30 p.m.8 views

CVE-2025-20268 Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability

A vulnerability in the Geolocation-Based Remote Access RA VPN feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region. This vulnerability exists becaus...

5.8CVSS0.00449EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.5 views

The Fintech Open Source Foundation GitProxy 安全漏洞

The Fintech Open Source Foundation GitProxy is a deployment of custom push protection and policies on top of Git by The Fintech Open Source Foundation Foundation. A security vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and earlier versions, which stems from a...

8.3CVSS6.3AI score0.00436EPSS
Exploits1References4
OSV
OSV
added 2024/11/22 2:23 p.m.3 views

OESA-2024-2466 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/09/20 12:0 a.m.41 views

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2024:3341-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3341-1 advisory. - CVE-2021-25743: escape, meta and control sequences in raw data output to terminal not neutralized. bsc1194400 - CVE-2023-2727:...

7.7CVSS7.4AI score0.99999EPSS
Exploits21References34
Rosalinux
Rosalinux
added 2024/04/23 12:1 p.m.61 views

Advisory ROSA-SA-2024-2405

software: kubernetes 1.25.15 WASP: ROSA-CHROME packageevrstring: kubernetes-1.25.15-1 CVE-ID: CVE-2023-2431 BDU-ID: 2023-03899 CVE-Crit: LOW CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient validation o...

6.5CVSS5.9AI score0.02157EPSS
Exploits1
OSV
OSV
added 2023/11/01 5:15 p.m.2 views

CVE-2023-20270

A vulnerability in the interaction between the Server Message Block SMB protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS conditi...

5.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/08/17 11:56 a.m.4 views

USN-6296-1 postgresql-12, postgresql-14, postgresql-15 vulnerabilities

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. CVE-2023-39417 It was discovered that PostgreSQL incorrectly handled the MERGE...

8.8CVSS7.5AI score0.01572EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/19 12:0 a.m.8 views

The vulnerability of the Kubernetes cluster management software relates to the possibility of circumventing the ImagePolicyWebhook module’s policies. This allows a hacker to bypass existing security restrictions when running containers.

The vulnerability of the Kubernetes cluster management software relates to the possibility of circumventing the ImagePolicyWebhook module’s policies. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions when running containers remotely...

7.7CVSS6.5AI score0.01134EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2022/11/15 9:15 p.m.22 views

CVE-2022-20943

Multiple vulnerabilities in the Server Message Block Version 2 SMB2 processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS condition on an affected device. These...

5.8CVSS0.0089EPSS
Exploits0References1
Rows per page
Query Builder