Lucene search
K

22 matches found

Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-59726 Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS0.00442EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-59726

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS6AI score0.00442EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42656

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS6AI score0.00442EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-56898

Name of the Vulnerable Software and Affected Versions Ruflo versions prior to 3.16.3 Description The default docker-compose deployment exposes the MCP bridge endpoints 'POST /mcp' and 'POST /mcp/:group' without authentication. This allows an unauthenticated network attacker to invoke the terminal...

10CVSS6.1AI score0.00442EPSS
Exploits0References12
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-497 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...

9.3CVSS6AI score0.00397EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2026/06/17 1:51 p.m.18 views

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence AI provider keys. "Every plugin poses as an AI coding assistant built on DeepSeek and other lar...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.11 views

CVE-2026-43528

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 12:16 p.m.25 views

CVE-2026-43528

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS0.00333EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.42 views

CVE-2026-43528 OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS0.00333EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:24 a.m.19 views

CVE-2026-43528

OpenClaw, prior to version 2026.4.14, is affected by a redaction bypass vulnerability that lets authenticated gateway clients read unredacted secrets via the sourceConfig and runtimeConfig aliases. Attackers with config read access can obtain sensitive material such as provider API keys, gateway ...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.7 views

CVE-2026-43528 OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.7 views

CVE-2026-43528

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from editing bypasses, allowing authenticated gateway clients to receive unedited secrets through alias fiel...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 12:31 a.m.10 views

EUVD-2026-24515

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References6
NVD
NVD
added 2026/04/21 10:16 p.m.13 views

CVE-2026-6830

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

4.8CVSS0.00113EPSS
Exploits0References5
CVE
CVE
added 2026/04/21 9:33 p.m.22 views

CVE-2026-6830

The CVE concerns nesquena Hermes WebUI, where switching profiles fails to clear environment variables from the previous profile, enabling leakage of sensitive credentials (e.g., provider API keys) between profiles. The underlying issue is residual environment variables that persist across profile...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:33 p.m.4 views

CVE-2026-6830

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/17 9:47 p.m.11 views

OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases

Summary config.get redaction bypass through sourceConfig and runtimeConfig aliases. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact An authenticated gateway client with config read access could receive unredacted secrets through alias fiel...

7.1CVSS5.7AI score0.00333EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.5 views

CVE-2026-39943

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 8:31 p.m.15 views

CVE-2026-31946

OpenOLAT OpenID Connect implicit flow (versions 10.5.4–before 20.2.5) does not verify JWT signatures. The JSONWebToken.parse() method discards the signature segment, and getAccessToken() validates only issuer/audience/state/nonce, without cryptographic verification against the IdP’s JWKS. This ca...

9.8CVSS5.8AI score0.00206EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder