CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Chainguard•added 2026/04/11 2:18 a.m.•5 views

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: k6-operator, flux, chaos-mesh-fips, terraform-provider-pagerduty, kubernetes-release-fips, harbor-scanner-trivy-fips, databricks-cli-fips, falco-exporter-fips, argocd-image-updater-fips, aws-s3-controller, opa-fips-envoy, etcd-fips, terraform-provider-azapi-fips,...

5.4AI score

Chainguard•added 2026/04/11 2:18 a.m.•8 views

CVE-2026-32283 vulnerabilities

7.5CVSS7.1AI score0.00019EPSS

Chainguard•added 2026/04/11 2:18 a.m.•4 views

GHSA-JRG3-GFJW-HM96 vulnerabilities

5.4AI score

RedhatCVE•added 2026/04/10 7:22 p.m.•3 views

CVE-2026-39961

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...

OSV•added 2026/04/10 5:22 p.m.•1 views

Exploits0References1

GHSA-99J8-WV67-4C72 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Impact A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and write...

EUVD•added 2026/04/10 5:22 p.m.•2 views

Exploits0References5

EUVD-2026-20965

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource...

Github Security Blog•added 2026/04/10 5:22 p.m.•2 views

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Exploits0References5Affected Software1

NVD•added 2026/04/10 5:17 p.m.•3 views

CVE-2026-35669

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

8.8CVSS0.0005EPSS

NVD•added 2026/04/10 5:17 p.m.•2 views

CVE-2026-35660

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...

8.1CVSS0.00052EPSS

NVD•added 2026/04/10 5:17 p.m.•4 views

CVE-2026-35657

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...

7.1CVSS0.0003EPSS

NVD•added 2026/04/10 5:17 p.m.•2 views

CVE-2026-35621

OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal...

7.1CVSS0.00038EPSS

Exploits1References2

NVD•added 2026/04/10 5:17 p.m.•5 views

CVE-2026-35620

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

5.4CVSS0.00065EPSS

Exploits1References6

NVD•added 2026/04/10 5:17 p.m.•0 views

CVE-2026-35619

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

5.3CVSS0.00036EPSS

Vulnrichment•added 2026/04/10 4:3 p.m.•2 views

CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

CVE•added 2026/04/10 4:3 p.m.•12 views

CVE-2026-35669

OpenClaw is affected prior to version 2026.3.25. The vulnerability resides in the gateway-authenticated plugin HTTP routes, where the system incorrectly mints operator.admin runtime scope regardless of caller-granted scopes. This scope boundary bypass can allow an attacker to escalate privileges ...

Exploits0References3Affected Software1

Cvelist•added 2026/04/10 4:3 p.m.•23 views

CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

8.8CVSS0.0005EPSS

ATTACKERKB•added 2026/04/10 4:3 p.m.•5 views

CVE-2026-35669

EUVD•added 2026/04/10 4:3 p.m.•2 views

EUVD-2026-21484

ATTACKERKB•added 2026/04/10 4:3 p.m.•0 views

CVE-2026-35663

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...