Lucene search
K

9 matches found

CVE
CVE
added 2026/04/10 4:3 p.m.7 views

CVE-2026-35648

OpenClaw (npm) before 2026.3.22 contains a policy bypass where queued node actions are not revalidated against the current command policy at delivery time. Attackers could abuse stale allowlists or declarations that survive policy tightening to execute unauthorized commands. The root cause is lac...

5.9CVSS5.9AI score0.00217EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/02 3:31 p.m.6 views

EUVD-2026-18213

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References5
OSV
OSV
added 2026/04/02 3:31 p.m.8 views

GHSA-F2HX-5FX3-HMCV Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References10
NVD
NVD
added 2026/04/02 1:16 p.m.5 views

CVE-2026-4636

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS0.00346EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29732

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where an authenticated user possessing the uma protection role can circumvent User-Managed Access UMA policy validation. This allows an attacker to include resource...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References13
Amazon
Amazon
added 2026/01/07 12:0 a.m.16 views

Important: amazon-ssm-agent

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.00626EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.3 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2025-1214)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1214 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/07/09 12:58 a.m.7 views

crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509

A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages...

7.5CVSS5.7AI score0.00311EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2019/02/19 5:29 p.m.20 views

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

4.3CVSS6.8AI score0.02586EPSS
Exploits0References1
Rows per page
Query Builder