58515 matches found
CVE-2026-29181 vulnerabilities
Vulnerabilities for packages: knative-net-istio-fips, crossplane-provider-aws-iam, cadvisor, cloudflared, db-operator-fips, cephcsi-fips, crossplane-provider-azure-authorization, gitlab-cng-fips, crossplane-provider-aws-cloudwatch-fips, crossplane-provider-azure-operationalinsights, dex-fips,...
GHSA-MH2Q-Q3FH-2475 vulnerabilities
Vulnerabilities for packages: knative-net-istio-fips, crossplane-provider-aws-iam, cadvisor, cloudflared, db-operator-fips, cephcsi-fips, crossplane-provider-azure-authorization, gitlab-cng-fips, crossplane-provider-aws-cloudwatch-fips, crossplane-provider-azure-operationalinsights, dex-fips,...
CVE-2026-29181 vulnerabilities
Vulnerabilities for packages: yunikorn-k8shim, gitlab-runner, crossplane-provider-sql, cadvisor, skopeo, cloudflared, external-secrets-operator, gitlab-kas, undock, node-problem-detector, crossplane-provider-azure-authorization, argo-rollouts, crossplane-provider-aws-lambda, neuvector-scanner,...
GHSA-MH2Q-Q3FH-2475 vulnerabilities
Vulnerabilities for packages: yunikorn-k8shim, gitlab-runner, crossplane-provider-sql, cadvisor, skopeo, cloudflared, external-secrets-operator, gitlab-kas, undock, node-problem-detector, crossplane-provider-azure-authorization, argo-rollouts, crossplane-provider-aws-lambda, neuvector-scanner,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: yunikorn-k8shim, gitlab-runner, gitea, cert-manager, openbao, external-secrets-operator, grafana, ratify, cert-manager-istio-csr, teleport, nuclei, rancher, dex, rancher-webhook, cert-manager-cmctl, cert-manager-csi-driver, xeol, kyverno-notation-aws,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: yunikorn-k8shim, gitlab-runner, gitea, cert-manager, openbao, external-secrets-operator, grafana, ratify, cert-manager-istio-csr, teleport, nuclei, rancher, dex, rancher-webhook, cert-manager-cmctl, cert-manager-csi-driver, xeol, kyverno-notation-aws,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: cert-manager-istio-csr, opentofu, kyverno, openbao, minio-fips, cert-manager-cmctl, seaweedfs, external-secrets-operator-fips, gitlab-runner-fips, spqr, cert-manager-openshift-routes, syncthing-fips, syncthing, flux, dex-fips, telegraf, openbao-fips, grafana-fips,...
k8sGPT has Prompt Injection through its k8sGPT-Operator
Summary In the auto-remediation pipeline, objecttoexecution.go was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of validation from the original Deployment object. Details This issue was fixed after coordination with Alex Jones. PoC To minimize the...
GHSA-394X-274P-MQC6 Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-767m-xrhc-fxm7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write...
EUVD-2026-25331
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized...
GHSA-2XP4-QHR4-XQM2 Duplicate Advisory: OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mhr7-2xmv-4c4q. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy...
Duplicate Advisory: OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mhr7-2xmv-4c4q. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy...
CVE-2026-41347
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized...
CVE-2026-41359 OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...
CVE-2026-41359 OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...
CVE-2026-41359
OpenClaw prior to version 2026.3.28 contains a privilege escalation vulnerability. Authenticated operators with write permissions can access admin-class Telegram configuration and cron persistence settings via the send endpoint due to insufficient access controls. The CVE entry notes a CVSS v3.1/...
CVE-2026-41347
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized...
CVE-2026-41347 OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized...
CVE-2026-41347 OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized...
Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.0 release.
Red Hat Web Terminal Operator 1.11.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...