Lucene search
+L

36233 matches found

EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-45115

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked...

7.7CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-45113

OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can bypass tool policy restrictions through configured input paths to perform...

5.4CVSS6.2AI score
Exploits0References2
CVE
CVE
added 8 hours ago5 views

CVE-2026-62219

OpenClaw 2026.2.12 before 2026.5.26 contains an authorization bypass in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can submit blank agent IDs to bypass agent ID restrictions, enabling actions that should require stronger authorization or policy checks. Aff...

7.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added 8 hours ago4 views

CVE-2026-62216

OpenClaw 2026.4.20 before 2026.5.28 contains a policy bypass in the QQBot media upload feature that could allow a lower-trust caller or configured input path to reach network destinations blocked by policy (server-side request forgery). Practical impact depends on operator configuration and wheth...

5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-45104

OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy server-side request forgery. The practical impac...

5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-45103

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths,...

8CVSS6.1AI score
Exploits0References2
CVE
CVE
added 8 hours ago5 views

CVE-2026-62209

OpenClaw 2026.5.10-beta.1 before 2026.6.5 contains an authorization bypass in the ClickClack agent-mode dispatch feature. When enabled and reachable, a lower-trust caller or configured input path could bypass the required policy checks (toolsAllow), allowing actions that should require stronger a...

8.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-45097

OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an authorization bypass in the ClickClack agent-mode dispatch feature, which could ignore the toolsAllow policy check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could perform actions...

8.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-45095

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths...

8.8CVSS6.1AI score
Exploits0References2
CVE
CVE
added 8 hours ago5 views

CVE-2026-62201

OpenClaw prior to version 2026.6.6 contains a network policy bypass in the sandbox exec-server that lets lower-trust callers reach internal network destinations blocked by policy. Attackers can send HTTP requests through the exec-server to access restricted network resources. The CVE description ...

7.7CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-45090

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45038

A divide-by-zero vulnerability in the Productivity Suite allows a local attacker to cause a division by zero leading to a system crash...

6.8CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-62290

Affected software/area: cert-manager in Kubernetes clusters (certificates and issuers as resources). Vulnerability: Between 1.18.0 and 1.19.6, and 1.20.3, Challenge resources under acme.cert-manager.io could be created by namespace users without admission validation, allowing attacker-controlled ...

7.3CVSS6.1AI score
Exploits0References7
OSV
OSV
added yesterday4 views

GHSA-WCRF-9VRR-854F Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure

Impact The toabsolutenormalizedpath function security.lua:28-43 does not collapse redundant path separators // → /. On Linux, //etc/passwd is equivalent to /etc/passwd POSIX path semantics, but iscriticalpath fails to match the double-slash variant because //etc/passwd does not start with /etc/...

9.1CVSS6.1AI score0.0004EPSS
Exploits0References2
OSV
OSV
added yesterday3 views

GHSA-8FV2-88GG-HM7Q Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Pod-network reachability to :18002 no auth - Tenant can create EnvoyExtensionPolicy baseline - Attacker pod floods GET while churning EnvoyExtensionPolicy with distinct Wasm URLs -...

5.3CVSS6.1AI score0.0004EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.6.12 security update

The multicluster engine for Kubernetes 2.6 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.6 images The multicluster engine for Kubernetes provides the foundational components that are...

9.6CVSS6.8AI score0.01041EPSS
Exploits6References13
RedHat Linux
RedHat Linux
added yesterday5 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added yesterday6 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS6.9AI score0.00349EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-15043

A flaw was found in DBI::SQL::Nano, a mini-SQL engine for Perl. This vulnerability occurs because the engine incorrectly evaluates SQL operators for text comparisons, specifically inverting the logic for "less than or equal to" and "greater than or equal to" operations. This can lead to...

9.8CVSS6.1AI score0.00513EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday10 views

Privacy Policy Genius - Cross-Site Scripting

Privacy Policy Genius WordPress plugin v2.0.4 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13219...

6.1CVSS7AI score0.0056EPSS
Exploits1References2
Rows per page
Query Builder