154 matches found
EUVD-2026-30093
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...
CVE-2026-0241 Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...
PT-2026-40766
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...
Palo Alto Networks Trust Protection Foundation 代码问题漏洞
Palo Alto Networks Trust Protection Foundation is a machine identity and certificate security management platform provided by Palo Alto Networks. There is a code vulnerability in Palo Alto Networks Trust Protection Foundation, which stems from incorrect authorization. This vulnerability could all...
CVE-2026-41912
OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources...
CVE-2026-41912
OpenClaw (npm package) before 2026.4.8 is affected by a Server-Side Request Forgery (SSRF) policy bypass via Interaction-Triggered Navigation. The issue allows browser interactions to trigger navigations that bypass normal SSRF checks, potentially enabling access to restricted resources. Affected...
CVE-2026-41912
OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources...
PT-2026-35794
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8 Description A server-side request forgery SSRF policy bypass allows attackers to trigger navigations that circumvent standard SSRF checks. By exploiting browser interactions, attackers can bypass these...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities. These vulnerabilities stemmed from a server-side request forgery strategy that bypassed security measures. This could allow attackers to trigger...
Interpretation Conflict
Overview Affected versions of this package are vulnerable to Interpretation Conflict via a mismatch in path normalization between components. An attacker can gain unauthorized access to restricted resources or perform actions without proper authentication by crafting requests with specially...
Server-side Request Forgery (SSRF)
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the screenshot upload, due to improper enforcement of domain restrictions after redirects. An attacker c...
CVE-2026-4363
GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisio...
CVE-2026-4363
CVE-2026-4363 affects GitLab EE: versions 18.1–before 18.8.7, 18.9–before 18.9.3, and 18.10–before 18.10.1 are impacted due to improper caching of authorization decisions. This could allow an authenticated user to gain unauthorized access to resources. GitLab has released patches; upgrading to 18...
BIT-DISCOURSE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
CVE-2026-23743
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
CVE-2026-23743
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
CVE-2026-23743
Summary of CVE-2026-23743 (Discourse) : Prior to versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks to access-restricted resources (private topics/categories/posts/hidden tags) could redirect to URLs containing the resource slug in the Location header or 404 search box, leaking potent...
CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
EUVD-2026-4861
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...