Lucene search
K

44 matches found

OSV
OSV
added 2026/02/17 9:43 p.m.4 views

GHSA-8MH7-PHF8-XGFM OpenClaw skills.status could leak secrets to operator.read clients

Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/17 9:43 p.m.18 views

OpenClaw skills.status could leak secrets to operator.read clients

Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

MiracleLinux 7 : git-1.8.3.1-25.0.4.el7.AXS7 (AXSA:2025-10662:11)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10662:11 advisory. CVE-2025-48384: config: quote values containing CR character CVEs: CVE-2025-48384 Git is a fast, scalable, distributed revision control system with an...

8CVSS8AI score0.02775EPSS
Exploits9References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52259

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 1.0.12 Description In deployments utilizing the Certificate Signing Extension, encrypted configuration values, potentially including an Azure Key Vault-related key, could be disclosed to unauthenticated users vi...

5.3CVSS6.7AI score0.00133EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-2035)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...

8CVSS8AI score0.02775EPSS
Exploits9References2
RedHat Linux
RedHat Linux
added 2025/07/24 8:8 a.m.5 views

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

8CVSS5.7AI score0.02775EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2025/07/24 7:49 a.m.4 views

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

8CVSS5.7AI score0.02775EPSS
Exploits9References8
OSV
OSV
added 2025/07/22 5:59 p.m.5 views

CLSA-2025-1753207140 Fix CVE(s): CVE-2025-48384

SECURITY UPDATE: security vulnerability discovered - debian/patches/CVE-2025-48384.patch: quote values containing CR character in config to prevent unintentional stripping when reading - CVE-2025-48384...

8CVSS7.1AI score0.02775EPSS
Exploits9References1
RedHat Linux
RedHat Linux
added 2025/07/22 12:3 p.m.6 views

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

8CVSS5.7AI score0.02775EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2025/07/21 2:51 p.m.4 views

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

8CVSS5.7AI score0.02775EPSS
Exploits9References8
SUSE CVE
SUSE CVE
added 2025/07/09 11:22 p.m.3 views

SUSE CVE-2025-48384

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

7.8CVSS6.8AI score0.02775EPSS
Exploits9References12
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.4 views

Git 安全漏洞

Git is a free, open source distributed version control system open-sourced by Git. A security vulnerability exists in Git that stems from improper handling of trailing carriage returns when processing configuration values, which could allow submodules to be incorrectly detected in a hook director...

8CVSS7.1AI score0.02775EPSS
Exploits9References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.8 views

CVE-2024-52792

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

7.9CVSS6.5AI score0.17868EPSS
Exploits0References1
OSV
OSV
added 2024/12/17 10:15 p.m.1 views

DEBIAN-CVE-2024-52792

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

6.5CVSS5.7AI score0.00696EPSS
Exploits0References1
OSV
OSV
added 2024/12/17 10:15 p.m.1 views

UBUNTU-CVE-2024-52792

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

6.5CVSS5.9AI score0.00696EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/12/17 9:46 p.m.26 views

CVE-2024-52792 Arbitrary config values override in lam

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

6.5CVSS0.00696EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/17 9:46 p.m.14 views

CVE-2024-52792 Arbitrary config values override in lam

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

6.5CVSS6.9AI score0.00696EPSS
Exploits0References4
OSV
OSV
added 2024/12/17 9:46 p.m.8 views

CVE-2024-52792 Arbitrary config values override in lam

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

6.5CVSS7.5AI score0.00696EPSS
Exploits0References6
Hacker One
Hacker One
added 2022/10/29 3:5 a.m.12 views

Cloudflare Public Bug Bounty: Extraction of Pages build scripts, config values, tokens, etc. via symlinks

A vulnerability was discovered in Pages build scripts that allowed malicious actors to extract build source/configuration and environment variables via symlinks due to broader permission set on certain folders within the filesystem structure. The issue was remediated by tightening permissions on...

6.9AI score
Exploits0
OSV
OSV
added 2022/05/25 9:15 p.m.4 views

CVE-2022-26026

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability...

7.5CVSS7.1AI score0.0114EPSS
Exploits1References1
Rows per page
Query Builder