Lucene search
+L

6527 matches found

OSV
OSV
added 2026/03/26 7:8 p.m.3 views

GHSA-QM9X-V7CX-7RQ4 OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper

Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-...

8.8CVSS5.9AI score0.00374EPSS
Exploits0References6
OSV
OSV
added 2026/03/26 7:0 p.m.3 views

GHSA-WQ58-2PVG-5H4F OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers

Summary Before v2026.3.23, the Gateway agent RPC accepted /reset and /new for callers with only operator.write, even though the direct sessions.reset RPC correctly requires operator.admin. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 - Latest released tag checked:...

7.1CVSS5.8AI score0.00272EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 6:59 p.m.11 views

GHSA-6MQC-JQH6-X8FC OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication

Summary Before v2026.3.23, Canvas and A2UI loopback requests could bypass Canvas bearer-or-capability authentication because authorizeCanvasRequest... treated isLocalDirectRequest... as an unconditional allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 -...

6.9CVSS5.8AI score0.00141EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/26 6:56 p.m.5 views

OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Summary Before v2026.3.23, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate baseUrl + nonce, but the replay key was derived from the full verification URL including the query string, so unsigned query-on...

8.3CVSS5.9AI score0.00283EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Fedora 44 : libopenmpt (2026-b58c5b3cc0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b58c5b3cc0 advisory. Update from 0.8.5 to 0.8.6 to fix regression: https://lib.openmpt.org/libopenmpt/2026/03/24/security-updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/ ---- Potentia...

6AI score
Exploits0References1
FreeBSD Advisory
FreeBSD Advisory
added 2026/03/26 12:0 a.m.7 views

FreeBSD-SA-26:09.pf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:09.pf Security Advisory The FreeBSD Project Topic: pf silently ignores certain rules Category: core Module: pf Announced: 2026-03-25 Credits: Michael Gmelin...

7.5CVSS5.9AI score0.0025EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.9 views

CVE-2026-23360

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2026/03/25 12:0 a.m.8 views

FreeBSD -- pf silently ignores certain rules

Problem Description: A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed...

5.8AI score0.0025EPSS
Exploits0
OSV
OSV
added 2026/03/23 4:34 p.m.10 views

SUSE-SU-2026:0976-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6.2AI score0.00728EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.8 views

Fedora 42 : scitokens-cpp (2026-a6d1791c49)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a6d1791c49 advisory. - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.5 views

Fedora 44 : scitokens-cpp (2026-176625c3fc)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-176625c3fc advisory. - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.4 views

Fedora 43 : scitokens-cpp (2026-52c99ecf64)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-52c99ecf64 advisory. - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded...

5.9AI score
Exploits0References1
Debian
Debian
added 2026/03/20 2:58 p.m.5 views

[SECURITY] [DLA 4504-1] libvirt security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4504-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 20, 2026 https://wiki.debian.org/LTS -...

5.7AI score
Exploits0
Ubuntu
Ubuntu
added 2026/03/19 5:31 p.m.7 views

USN-8105-2: FreeRDP regression

USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attack...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/03/19 5:31 p.m.5 views

USN-8105-2 freerdp3 regression

USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attack...

7.5CVSS6AI score0.00346EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/03/19 7:8 a.m.8 views

USN-8103-2: Exiv2 regression

USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle...

5.5CVSS6.7AI score0.00226EPSS
Exploits1References1
OSV
OSV
added 2026/03/19 7:8 a.m.5 views

USN-8103-2 exiv2 regression

USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle...

5.5CVSS5.8AI score0.00226EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2026/03/17 10:33 p.m.13 views

USN-8102-2: snapd regression

USN-8102-1 fixed a vulnerability in snapd. The update caused a regresision for Ubuntu 24.04 LTS while installing the package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that snapd incorrectly handled certain operations in the...

7.8CVSS6.1AI score0.00383EPSS
Exploits7References1
OSV
OSV
added 2026/03/17 10:33 p.m.8 views

USN-8102-2 snapd regression

USN-8102-1 fixed a vulnerability in snapd. The update caused a regresision for Ubuntu 24.04 LTS while installing the package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that snapd incorrectly handled certain operations in the...

7.8CVSS5.8AI score0.00383EPSS
Exploits7References3
Ubuntu
Ubuntu
added 2026/03/16 11:35 a.m.11 views

USN-8087-2: python-cryptography regression

USN-8087-1 fixed a vulnerability in python-cryptography. The update caused a regression when using ECC algorithms with certain software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-cryptography incorrectly handled...

5.8AI score
Exploits0References1
Rows per page
Query Builder