Lucene search
K

79 matches found

Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.5 views

PT-2026-28449

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains an authorization bypass issue. Attackers possessing write-scoped access can execute admin-only session reset logic. Specifically, individuals with operator.write scope can...

6.9CVSS5.9AI score0.00096EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that can be exploited by an attacker to access administrator-specific session reset logic to reset the state of a target session...

6.9CVSS5.8AI score0.00096EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 7:0 p.m.2 views

GHSA-WQ58-2PVG-5H4F OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers

Summary Before v2026.3.23, the Gateway agent RPC accepted /reset and /new for callers with only operator.write, even though the direct sessions.reset RPC correctly requires operator.admin. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 - Latest released tag checked:...

7.1CVSS5.8AI score0.00272EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 7:0 p.m.4 views

OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers

Summary Before v2026.3.23, the Gateway agent RPC accepted /reset and /new for callers with only operator.write, even though the direct sessions.reset RPC correctly requires operator.admin. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 - Latest released tag checked:...

8.1CVSS5.9AI score0.00272EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/13 3:48 p.m.4 views

GHSA-JF6W-M8JW-JFXC OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`

Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...

6.1CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/13 3:48 p.m.7 views

OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`

Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...

5.8AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/12 8:16 p.m.14 views

CVE-2026-24894

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...

8.7CVSS0.00356EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 7:12 p.m.4 views

CVE-2026-24894

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...

8.7CVSS5.5AI score0.00356EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-2051

Malware in sbrugna...

4.3CVSS6.1AI score0.03326EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-2265

Malware in sbrugna...

5.9CVSS5.9AI score0.01512EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-15785

Malware in sbrugna...

7.5CVSS7.6AI score0.01589EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-38081

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00503EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42103

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.01119EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21156

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00275EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-52353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS through 3.5.1. In mbedtlssslsessionreset, the maximum negotiable TLS version is mishandled. For example, if the last...

7.5CVSS7.2AI score0.00468EPSS
Exploits1References2
NVD
NVD
added 2025/07/11 3:15 p.m.7 views

CVE-2025-52953

An Expected Behavior Violation vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service DoS. Continuous receipt an...

7.1CVSS0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/11 3:4 p.m.4 views

CVE-2025-52953 Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset

An Expected Behavior Violation vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service DoS. Continuous receipt an...

7.1CVSS7.1AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/11 3:4 p.m.8 views

CVE-2025-52953 Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset

An Expected Behavior Violation vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service DoS. Continuous receipt an...

7.1CVSS0.00275EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/30 4:46 p.m.17 views

Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

5.7CVSS6.9AI score0.00209EPSS
Exploits0References4Affected Software1
RubySec
RubySec
added 2024/12/30 12:0 a.m.16 views

Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

5.7CVSS6.9AI score0.00209EPSS
Exploits0References1
Rows per page
Query Builder