79 matches found
PT-2026-28449
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains an authorization bypass issue. Attackers possessing write-scoped access can execute admin-only session reset logic. Specifically, individuals with operator.write scope can...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that can be exploited by an attacker to access administrator-specific session reset logic to reset the state of a target session...
GHSA-WQ58-2PVG-5H4F OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers
Summary Before v2026.3.23, the Gateway agent RPC accepted /reset and /new for callers with only operator.write, even though the direct sessions.reset RPC correctly requires operator.admin. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 - Latest released tag checked:...
OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers
Summary Before v2026.3.23, the Gateway agent RPC accepted /reset and /new for callers with only operator.write, even though the direct sessions.reset RPC correctly requires operator.admin. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 - Latest released tag checked:...
GHSA-JF6W-M8JW-JFXC OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`
Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...
OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`
Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...
CVE-2026-24894
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...
CVE-2026-24894
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...
EUVD-2009-2051
Malware in sbrugna...
EUVD-2017-2265
Malware in sbrugna...
EUVD-2017-15785
Malware in sbrugna...
EUVD-2024-38081
Malicious code in bioql PyPI...
EUVD-2023-42103
Malicious code in bioql PyPI...
EUVD-2025-21156
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-52353
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS through 3.5.1. In mbedtlssslsessionreset, the maximum negotiable TLS version is mishandled. For example, if the last...
CVE-2025-52953
An Expected Behavior Violation vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service DoS. Continuous receipt an...
CVE-2025-52953 Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset
An Expected Behavior Violation vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service DoS. Continuous receipt an...
CVE-2025-52953 Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset
An Expected Behavior Violation vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service DoS. Continuous receipt an...
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...