46 matches found
CVE-2026-42997
A flaw was found in OpenStack Ironic. During the import process, a user invoking molds can request that authorization credentials be sent to a remote endpoint. This can lead to the disclosure of a time-limited Keystone token, which grants access to OpenStack services Ironic is authorized for, or...
EUVD-2025-209959
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server...
CVE-2026-0393
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...
OpenStack Ironic has an Incorrect Resource Transfer Between Spheres
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...
EUVD-2026-19011
A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...
GHSA-VM29-7MQ3-9JRG Duplicate Advisory: OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qvr7-g57c-mrc7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and...
Duplicate Advisory: OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qvr7-g57c-mrc7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and...
EUVD-2026-17377
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...
CVE-2026-32970
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...
CVE-2026-32970 OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...
CVE-2026-32970
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...
CVE-2026-32970 OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...
CVE-2026-32970
OpenClaw prior to 2026.3.11 contains a credential fallback flaw in which unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Exploitation hinges on misconfigured local auth references, causing CLI a...
PT-2026-29230
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CL...
Not Failing Securely ('Failing Open')
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the credential resolution process. An attacker can access unintended remote credentials by configuring local authentication SecretRefs that are...
GHSA-QVR7-G57C-MRC7 OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Summary In affected versions of openclaw, local gateway helper credential resolution treated configured but unavailable gateway.auth.token and gateway.auth.password SecretRefs as if they were unset and could fall back to gateway.remote. credentials in local mode. Impact This could cause local CLI...
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Summary In affected versions of openclaw, local gateway helper credential resolution treated configured but unavailable gateway.auth.token and gateway.auth.password SecretRefs as if they were unset and could fall back to gateway.remote. credentials in local mode. Impact This could cause local CLI...
CVE-2026-20002
Cisco Secure FMC Software’s web-based management interface is affected by an SQL injection due to inadequate input validation. An authenticated, remote attacker with valid credentials could craft requests to access the database and read certain OS files, with high impact to confidentiality and in...
Synology DiskStation Manager (DSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check
Synology DiskStation Manager DSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
EUVD-2025-23988
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been...