Lucene search
K

24 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.13 views

Duplicate Advisory: OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r77c-2cmr-7p47. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media...

6.5CVSS5.7AI score0.00214EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/06 9:31 p.m.4 views

GHSA-82RM-QCFX-2V78 Duplicate Advisory: OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r77c-2cmr-7p47. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media...

6CVSS5.7AI score0.00214EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.7 views

CVE-2026-43583

OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery...

6CVSS5.8AI score0.00214EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38238

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.10 through 2026.4.13 Description An issue exists where session context is not persisted during delivery queue recovery for media replay. This allows attackers to exploit recovered queued outbound media to bypass group...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/04/28 6:9 p.m.10 views

CVE-2026-41381

OpenClaw =2026.3.31 (as per GHSA-CQGW-44WG-44RF), and the CVSS data shows a CVSSv3.1 base score around 5.4 (MEDIUM) with network attack vector and low confidentiality/integrity impact. No exploitation details beyond the advisory are provided in the documents. Remediation: upgrade openclaw to the ...

5.4CVSS5.3AI score0.00222EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2025-36438

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 8:31 p.m.20 views

CVE-2025-36438 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints...

5.1CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 8:31 p.m.14 views

CVE-2025-36438

IBM Concert 1.0.0–2.2.0 contains a vulnerability where improper restriction of channel communication to intended endpoints can let a privileged user perform unauthorized actions. Root cause: inadequate access control/endpoint restriction within the channel communication path. Affected products: I...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

IBM Concert 安全漏洞

IBM Concert is a new tool developed by the American international business machine IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions of IBM Concert prior to 2.2.0 contained a security vulnerability, which stemmed from improper restrictions on channel...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28115

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints...

5.1CVSS5.8AI score0.00123EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:22 p.m.3 views

CVE-2025-62843

An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the...

4.2CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.5 views

QNAP Systems QHora 安全漏洞

QNAP Systems QHora is a router product of QNAP Systems, a company based in Taiwan, China. There is a security vulnerability present in QNAP Systems QHora. This vulnerability stems from improper restrictions on communication channels, which may allow physical access attackers to gain privileges...

6.8CVSS7.1AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.6 views

CVE-2026-0997

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

Milner ImageDirector Capture security vulnerability

Milner ImageDirector Capture is a document collection and digital asset management software developed by the American company Milner. Versions of Milner ImageDirector Capture from 7.0.9 to 7.6.3.25808 contained security vulnerabilities. These vulnerabilities were due to insufficient credential...

8.5CVSS5.8AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 7:51 p.m.8 views

CVE-2025-33176

NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure...

6.2CVSS6.8AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.3 views

PT-2025-32760 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. The vulnerability allows remote attacke...

6.7CVSS7AI score0.00436EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.4 views

The vulnerability of the SSH protocol implementation in Cisco Unified Computing System servers of the Cisco UCS B-Series, Managed C-Series, and X-Series models allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSH protocol implementation in Cisco Unified Computing System servers of the Cisco UCS B-Series, Managed C-Series, and X-Series models is related to insufficient channel restrictions for specific endpoints. Exploiting this vulnerability can allow an attacker operating...

9CVSS5.5AI score0.0039EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.5 views

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server, related to insufficient restrictions on communication channels for specified endpoints, allows attackers to gain unauthorized access to protected information.

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks is related to insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability can allow a malicious actor to gain unauthorized acce...

7.6CVSS5.5AI score0.00457EPSS
Exploits0References3Affected Software6
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.2 views

Fortinet多款产品 安全漏洞

Fortinet FortiOS and others are products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiProxy is a secure network proxy that protects...

7.5CVSS6.3AI score0.00366EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/03 12:0 a.m.5 views

The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI arises from insufficient channel restrictions for specific endpoints, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI lies in the insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

4CVSS5.5AI score0.00218EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder