Lucene search
K

6 matches found

Snyk
Snyk
added 2026/05/29 5:22 p.m.7 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via improper enforcement of policy checks in the QQBot admin command. An attacker can gain unauthorized access to restricted admin commands by bypassing DM-only an...

5.4CVSS5.5AI score0.00148EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

Keycloak 数据伪造问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a vulnerability related to data falsification. This vulnerability stems from defects in the WebAuthn registration component, which may allow for bypassing configured proofing policies and...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/25 2:10 a.m.4 views

CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enabl...

8.1CVSS5.6AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.22 views

PT-2026-21835

Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.56 through 1.0.0-alpha.82 Description RustFS does not properly validate policy conditions during presigned POST uploads PostObject. This allows bypassing content-length-range, starts-with, and Content-Type...

9.1CVSS5.4AI score0.00265EPSS
Exploits0References15
Snyk
Snyk
added 2025/07/30 8:44 p.m.4 views

Incorrect Authorization

Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Incorrect Authorization via the push parser action process. An attacker can introduce unauthorized changes to remote repositories by bypassing required...

8.3CVSS7.1AI score0.00436EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.17 views

PT-2023-3200

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The issue is related to the handling of invalid certificate policies in leaf certificates by OpenSSL. When a non-default option is used for verifying certificates, applications may be...

9.1CVSS7.4AI score0.99999EPSS
Exploits22References309
Rows per page
Query Builder