Lucene search
K

80 matches found

OSV
OSV
added 2026/03/04 6:55 p.m.4 views

GHSA-X2FF-J5C2-GGPR OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows

Impact In shared Slack workspace deployments that rely on sender restrictions allowFrom, DM policy, or channel user allowlists, some interactive callbacks blockaction, viewsubmission, viewclosed could be accepted before full sender authorization checks. In that scenario, an unauthorized workspace...

7.6CVSS5.9AI score0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-26387

Impact In shared Slack workspace deployments that rely on sender restrictions allowFrom, DM policy, or channel user allowlists, some interactive callbacks block action, view submission, view closed could be accepted before full sender authorization checks. In that scenario, an unauthorized...

7.6CVSS5.8AI score0.00283EPSS
Exploits0References7
OSV
OSV
added 2026/03/03 7:50 p.m.2 views

GHSA-RM2P-J3R7-4X4J OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress

Summary OpenClaw Slack monitor handled reaction and pin non-message events before applying sender-policy checks consistently. In affected versions, these events could be added to system-event context even when sender policy would not normally allow them. Affected Packages / Versions - Package: np...

5.3CVSS5.9AI score0.00204EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/03 6:9 p.m.5 views

OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection

A missing sender-authorization check in Telegram messagereaction handling allowed unauthorized users to trigger reaction-derived system events. Affected Packages / Versions - Package: openclaw npm - Introduced: 2026.2.17 - Affected: = 2026.2.17 and = 2026.2.24 - Latest published at patch time:...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/03 6:9 p.m.3 views

GHSA-QJ22-XQJR-V83V OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection

A missing sender-authorization check in Telegram messagereaction handling allowed unauthorized users to trigger reaction-derived system events. Affected Packages / Versions - Package: openclaw npm - Introduced: 2026.2.17 - Affected: = 2026.2.17 and = 2026.2.24 - Latest published at patch time:...

7.1CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-12233

Malware in sbrugna...

7.8CVSS8.1AI score0.00738EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-3433

Malware in sbrugna...

4.3CVSS4.8AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.7 views

CVE-2020-1357

An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'...

7.8CVSS6.9AI score0.00738EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.8 views

PT-2024-2582 · Lenovo · Lenovo Xclarity Administrator

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator affected versions not specified Description: The issue is related to information disclosure and can be exploited by a remote attacker to gain unauthorized access to an API endpoint without authentication. A valid...

7.5CVSS7.1AI score0.00458EPSS
Exploits0References5
Citrix
Citrix
added 2022/08/05 12:0 a.m.8 views

WEM 2203: Citrix WEM Service Citrix.Wem.Agent.Service.exe crash

After installing WEM Agent version 2203, the following system events are logged in the VDA: Event ID 1026: .NET Runtime Application: Citrix.Wem.Agent.Service.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. and Event ID 1000: Faulting...

7AI score
Exploits0
Apple
Apple
added 2022/07/20 12:0 a.m.170 views

About the security content of Security Update 2022-005 Catalina

About the security content of Security Update 2022-005 Catalina This document describes the security content of Security Update 2022-005 Catalina. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has...

9.8CVSS9.1AI score0.02996EPSS
Exploits9References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 8:50 p.m.221 views

Security Bulletin: Log4j as used in IBM® QRadar User Behavior Analytics application add on to IBM® QRadar SIEM is vulnerable to remote code execution (RCE) (CVE-2021-44228)

Summary Log4j is used by IBM® QRadar User Behavior Analytics application to log system events. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading IBM® QRadar User Behavior Analytics application add on to IBM® QRadar SIEM and thus addressing the exposure to the...

10CVSS1.1AI score0.99999EPSS
Exploits349Affected Software1
NVD
NVD
added 2020/10/19 8:15 p.m.22 views

CVE-2020-9111

E6878-370 versions 10.0.3.1H557SP27C233,10.0.3.1H563SP21C233 and E6878-870 versions 10.0.3.1H557SP27C233,10.0.3.1H563SP11C233 have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause...

4.5CVSS0.0029EPSS
Exploits0References1
Apple
Apple
added 2020/07/27 8:17 a.m.63 views

About the security content of iOS 11.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

9.8CVSS0.38602EPSS
Exploits10Affected Software1
NVD
NVD
added 2020/07/20 5:15 p.m.13 views

CVE-2020-15053

An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...

6.1CVSS6.1AI score0.01826EPSS
Exploits1References1
OSV
OSV
added 2020/07/20 5:15 p.m.3 views

CVE-2020-15053

An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...

6.1CVSS6.4AI score0.01826EPSS
Exploits1References1
Prion
Prion
added 2020/07/20 5:15 p.m.17 views

Cross site scripting

An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...

4.3CVSS6AI score0.01826EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/07/20 5:15 p.m.4 views

CVE-2020-15053

An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...

6.1CVSS6.2AI score0.01826EPSS
Exploits1References2
CNVD
CNVD
added 2020/07/20 12:0 a.m.4 views

Microsoft Windows System Events Broker Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows System Events Broker,...

7.8CVSS7.3AI score0.00738EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.6 views

The vulnerability of the System Events Broker component in the Windows operating system allows a hacker to exploit their privileges.

The vulnerability of the System Events Broker component in the Windows operating system is related to errors in file operation handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

7.8CVSS7.2AI score0.00738EPSS
Exploits0References4
Rows per page
Query Builder