Lucene search
K

135 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-62198

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.4CVSS0.00198EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-62189

OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the...

7.6CVSS6.1AI score0.00254EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-62189

OpenClaw vulnerable prior to 2026.6.9 due to a symlink following vulnerability in the mirror sync feature. This flaw allows lower-trust callers to bypass policy checks and authorization boundaries when the feature is enabled and reachable, potentially enabling actions that require stronger author...

7.6CVSS6.1AI score0.00254EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/07/03 3:2 a.m.5 views

SUSE CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.9AI score0.00098EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-55628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by t...

5.5CVSS6AI score0.00098EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/01 11:6 p.m.7 views

CVE-2026-55628

A flaw was found in ImageMagick. The -concatenate operation, used for combining images, lacks proper security policy checks. This oversight could allow an attacker to read from or write to file paths that should otherwise be restricted by the security policy. This could lead to unauthorized acces...

6.1CVSS5.6AI score0.00098EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 7:16 p.m.7 views

CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS0.00098EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 7:16 p.m.3 views

DEBIAN-CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 7:16 p.m.4 views

UBUNTU-CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/01 6:16 p.m.6 views

CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54857

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-26 Description The -concatenate operation lacks necessary policy checks. This flaw allows the software to read from and write to file paths that are explicitly disallowed by the security policy, enabling a...

5.5CVSS6AI score0.00111EPSS
Exploits0References22
OSV
OSV
added 2026/06/30 11:9 p.m.6 views

SUSE-SU-2026:22436-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68822: Input: alps - fix use-after-free bugs caused by...

9.8CVSS7AI score0.0053EPSS
Exploits1References145
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.7 views

CVE-2026-13909

Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.8AI score0.00316EPSS
Exploits0
CVE
CVE
added 2026/06/29 1:22 p.m.29 views

CVE-2026-13676

The CVE concerns the fast-uri library (versions 2.3.1–3.1.2 and 4.0.0) where the IDN host canonicalization path fails to normalize Unicode hosts for HTTP URLs. A helper used in IDN conversion does not exist on the global URL constructor, leaving the host in Unicode form while normalize() and equa...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53834 OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS6AI score0.00192EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

6.3CVSS5.5AI score0.00206EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 5:22 p.m.8 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via improper enforcement of policy checks in the QQBot admin command. An attacker can gain unauthorized access to restricted admin commands by bypassing DM-only an...

5.4CVSS5.5AI score0.00148EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from a strategy-bypass vulnerability in QQBot administrator commands, which allowed authenticated senders to...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 7:16 p.m.16 views

CVE-2026-45042

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

7.1CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 6:32 p.m.11 views

EUVD-2026-32995

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
Rows per page
Query Builder