23 matches found
EUVD-2026-43570
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...
CVE-2026-62198
OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...
CVE-2026-62192
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...
CVE-2026-62192
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester authorizat...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, the CUPS daemon cupsd contained a authorization bypass vulnerability due to case-insensitive username comparisons during authorization checks. This vulnerability...
CVE-2026-27447
A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks. Mitigation...
UBUNTU-CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...
CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...
EUVD-2026-14938
Craft CMS: Unauthenticated Users Can Perform Restricted Project Config Sync Operations...
EUVD-2023-35662
Malicious code in bioql PyPI...
CVE-2025-47713 Apache CloudStack: Domain Admin can reset Admin password in Root Domain
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume...
CVE-2024-52312
Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...
CVE-2024-52312
Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...
CVE-2024-52312
CVE-2024-52312 affects data.all (open source framework). The issue stems from inconsistent authorization permissions that may allow an authenticated external actor to perform restricted operations on DataSets and Environments. Documents provide MEDIUM severity (CVSS 3.1/4.0) and describe the root...
CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments
Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...
CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments
Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...
RHEL 8 : python-pillow (RHSA-2020:0566)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0566 advisory. The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal...
Arista Networks CloudVision Portal Privilege Vulnerability
Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring and management. A...
Sharp AQUOS PhotoPlayer HN-PP150 Cross-Site Request Forgery Vulnerability
Sharp AQUOS PhotoPlayer HN-PP150 is a photo player product from Sharp Japan. The product offers slide show presentations, photo printing, and other features. A cross-site request forgery vulnerability exists in Sharp AQUOS PhotoPlayer HN-PP150 versions 1.02.00.04 through 1.03.01.04, which...
Revive Adserver Unauthorized Operation Vulnerability
Revive Adserver is an open source ad management system from the Revive Adserver team. A security vulnerability in Revive Adserver versions prior to 3.2.2 can be exploited by remote attackers to perform restricted operations with the help of unexpired sessions established by deleted or disconnecte...