Lucene search
+L

99 matches found

RedHat Linux
RedHat Linux
added 2026/03/24 10:56 a.m.12 views

qemu-kvm: VNC WebSocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

7.5CVSS7AI score0.00783EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 10:16 p.m.7 views

CVE-2026-32001

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

5.4CVSS0.00268EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32001

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

5.4CVSS5.8AI score0.00268EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.26 views

CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

5.4CVSS0.00268EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.3 views

CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

5.4CVSS5.8AI score0.00268EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 10:6 p.m.8 views

CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

5.3CVSS6AI score0.00268EPSS
Exploits0References5
CVE
CVE
added 2026/03/19 10:6 p.m.17 views

CVE-2026-32001

OpenClaw prior to version 2026.2.22 is affected by an authentication bypass vulnerability during WebSocket handshake. Clients authenticated with a shared gateway token can connect as role=node without device identity verification, enabling attackers to claim the node role and inject unauthorized ...

5.4CVSS5.8AI score0.00268EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2026/03/12 12:0 a.m.22 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-13595)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the gateway WebSocket connection handshake allowing device identity checks to be skipped when auth.token is present but not verified, which can be...

9.8CVSS5.7AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.7 views

CVE-2026-28472

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...

9.8CVSS5.8AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 9:59 p.m.7 views

EUVD-2026-9918

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...

9.8CVSS5.9AI score0.00357EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.1 views

CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...

9.2CVSS5.8AI score0.00357EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 9:59 p.m.6 views

CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...

9.2CVSS6AI score0.00357EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

OpenClaw 访问控制错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the gateway WebSocket connection handshake allowing device identity checks to be skipped when auth.token is present but not verified, which can be...

9.8CVSS5.8AI score0.00357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/24 10:30 p.m.9 views

CVE-2025-68930

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability in the /api/socket endpoint. The application fails to validate the Origin header during the WebSocket handshake. This allows a remote attacker to bypass...

7.1CVSS5.5AI score0.00541EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.4 views

RHEL 9 : qemu-kvm (RHSA-2026:3165)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3165 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

7.5CVSS5.7AI score0.00783EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/23 8:44 p.m.31 views

CVE-2025-68930 Traccar Missing Origin Validation in WebSockets

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability in the /api/socket endpoint. The application fails to validate the Origin header during the WebSocket handshake. This allows a remote attacker to bypass...

7.1CVSS0.00541EPSS
Exploits4References1
RedHat Linux
RedHat Linux
added 2026/02/23 11:47 a.m.7 views

qemu-kvm: VNC WebSocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

7.5CVSS5.7AI score0.00783EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/23 12:0 a.m.10 views

RHEL 9 : qemu-kvm (RHSA-2026:3077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3077 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

7.5CVSS5.7AI score0.00783EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-23547

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The gateway WebSocket connect handshake allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity...

9.3CVSS5.8AI score0.00357EPSS
Exploits0References10
OSV
OSV
added 2026/02/13 1:15 p.m.19 views

OESA-2026-1353 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...

7.5CVSS6.2AI score0.00783EPSS
Exploits0References3
Rows per page
Query Builder