Lucene search
+L

449 matches found

Cvelist
Cvelist
added 2026/04/09 9:27 p.m.23 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.3 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/04/09 9:27 p.m.29 views

CVE-2026-35644

OpenClaw before 2026.3.22 has an information disclosure vulnerability that allows attackers with operator.read scope to exfiltrate credentials embedded in channel baseUrl and httpUrl fields..adversaries can retrieve sensitive authentication information from gateway snapshots via config.get and ch...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/09 9:27 p.m.5 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.15 views

PT-2026-31777

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw before version 2026.3.22 contains an information disclosure issue. Attackers with operator.read scope can expose credentials embedded in the channel baseUrl and httpUrl fields. Sensitiv...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/26 9:15 p.m.4 views

Insufficiently Protected Credentials

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the config.get and channels.status processes. An attacker can obtain sensitive credentials by accessing gateway snapshots that include unredacted...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 9:15 p.m.7 views

OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status

Summary Read-scoped gateway snapshots could expose credentials embedded in channel baseUrl and related endpoint fields. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2 630f1479c44f78484dfa21bb407cbe6f171dac87 - Latest...

5.8AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/26 5:16 p.m.4 views

CVE-2026-33470

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS0.00305EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 5:6 p.m.3 views

CVE-2026-33470

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS5.8AI score0.00305EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

Frigate 安全漏洞

Frigate is a complete native NVR developed by Blake Blackshear, designed specifically for home assistants with AI object detection capabilities. Version 0.17.0 of Frigate contains a security vulnerability caused by an authorization chain issue, which may allow low-privilege users to access...

6.5CVSS5.8AI score0.00305EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.19 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.21 contained security vulnerabilities. These vulnerabilities stemmed from improper URL scheme validation in the assertBrowserNavigationAllowed function. This allowed unauthorize...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.3 views

EulerOS Virtualization 2.13.1 : libvirt (EulerOS-SA-2026-1639)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

5.5CVSS5.9AI score0.00204EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

EulerOS Virtualization 2.13.0 : libvirt (EulerOS-SA-2026-1643)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

5.5CVSS5.9AI score0.00204EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.12.1 : libvirt (EulerOS-SA-2026-1470)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

5.5CVSS5.9AI score0.00204EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.3 views

EulerOS Virtualization 2.12.0 : libvirt (EulerOS-SA-2026-1527)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

5.5CVSS5.9AI score0.00204EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 2:21 p.m.6 views

GHSA-8G75-Q649-6PV6 OpenClaw's system.run approvals did not bind mutable script operands across approval and execution

OpenClaw's system.run approval flow did not bind mutable interpreter-style script operands across approval and execution. A caller could obtain approval for an execution such as sh ./script.sh, rewrite the approved script before execution, and then execute different content under the previously...

6.3CVSS6.2AI score0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/20 4:3 p.m.5 views

CVE-2026-2818 Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only...

8.2CVSS5.5AI score0.00272EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/19 8:31 p.m.5 views

deno_cli (>=0.18.0-preview4 <=0.23.0), deno_cli_snapshots (>=0.0.3 <=0.19.0) +2 more potentially affected by CVE-2026-27190 via deno (>=0.15.0 <=0.6.0)

deno CARGO version =0.15.0, =0.18.0-preview4, =0.0.3, =0.0.1, =0.23.0 Source cves: CVE-2026-27190 Source advisory: OSV:GHSA-HMH4-3XVX-Q5HR...

9.8CVSS5.8AI score0.02213EPSS
Exploits1
Cvelist
Cvelist
added 2026/02/14 4:27 p.m.42 views

CVE-2026-23201 ceph: fix oops due to invalid pointer for kfree() in parse_longname()

In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree in parselongname This fixes a kernel oops when reading ceph snapshot directories .snap, for example by simply running ls /mnt/myceph/.snap. The variable str is guarded by freekfree,...

0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/14 4:27 p.m.5 views

EUVD-2026-5844

In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree in parselongname This fixes a kernel oops when reading ceph snapshot directories .snap, for example by simply running ls /mnt/myceph/.snap. The variable str is guarded by freekfree,...

5.2AI score0.00112EPSS
Exploits0References3
Rows per page
Query Builder