Lucene search
K

219786 matches found

NVD
NVD
added 2026/05/06 8:16 p.m.6 views

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS0.00288EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.9 views

CVE-2026-44114 OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

8.5CVSS5.8AI score0.00129EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.5 views

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References5
CVE
CVE
added 2026/05/06 7:49 p.m.15 views

CVE-2026-44110

OpenClaw is affected by CVE-2026-44110, with vulnerability present in versions before 2026.4.15. The issue is an authorization bypass in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without be...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.7 views

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.31 views

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS0.00288EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.8 views

CVE-2026-43579

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.8 views

CVE-2026-43579 OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.31 views

CVE-2026-43579 OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS0.00218EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 7:16 p.m.5 views

CVE-2026-7952

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.11 views

CVE-2024-30151

HCL BigFix Service Management SX is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system...

8.3CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:57 p.m.8 views

CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.3CVSS6.6AI score0.36157EPSS
Exploits6References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:14 p.m.9 views

CVE-2024-30151

HCL BigFix Service Management SX is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system...

5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 6:14 p.m.8 views

CVE-2024-30151 HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability

HCL BigFix Service Management SX is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system...

8.3CVSS5.8AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 6:14 p.m.13 views

CVE-2024-30151

CVE-2024-30151 affects HCL BigFix Service Management (SX). The vulnerability is a Broken Access Control issue that could allow unauthorized users to escalate privileges and bypass intended access restrictions, potentially exposing sensitive data or enabling unauthorized system changes. Documented...

8.3CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/06 6:14 p.m.32 views

CVE-2024-30151 HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability

HCL BigFix Service Management SX is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system...

8.3CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.30 views

CVE-2026-7952

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 6:12 p.m.12 views

CVE-2026-7952

Google Chrome CVE-2026-7952 describes insufficient policy enforcement in Chrome Extensions prior to 148.0.7778.96, allowing a remote attacker who has compromised the renderer process to bypass discretionary access control via a crafted HTML page. Affected software: Chrome versions before 148.0.77...

4.2CVSS5.8AI score0.00172EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 6:12 p.m.8 views

CVE-2026-7952

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00172EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 5:54 p.m.12 views

Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Summary AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking whether the requesting user has viewAssets or viewPeerAssets permission ...

7.1CVSS6AI score0.00324EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder