Lucene search
K

75 matches found

CNNVD
CNNVD
added 2026/02/19 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has a security vulnerability that originates from the BlueBubbles iMessage channel plugin accepting webhook requests as authenticated based only on the TCP peer address as the loopback address i.e., when a missing or...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/18 12:54 a.m.4 views

Missing Authentication for Critical Function

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the tunnel.allowNgrokFreeTierLoopbackBypass configuration option in the webhook authentication. An attacker can trigger unauthorized...

6.9CVSS5.8AI score0.0029EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 9:40 p.m.5 views

GHSA-4HG8-92X6-H2F3 OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests

Summary In affected versions, OpenClaw's optional @openclaw/voice-call plugin Telnyx webhook handler could accept unsigned inbound webhook requests when telnyx.publicKey was not configured, allowing unauthenticated callers to forge Telnyx events. This only impacts deployments where the Voice Call...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/17 5:14 p.m.14 views

OpenClaw has a webhook auth bypass when gateway is behind a reverse proxy (loopback remoteAddress trust)

Summary The BlueBubbles webhook handler previously treated any request whose socket remoteAddress was loopback 127.0.0.1, ::1, ::ffff:127.0.0.1 as authenticated. When OpenClaw Gateway is behind a reverse proxy Tailscale Serve/Funnel, nginx, Cloudflare Tunnel, ngrok, the proxy typically connects t...

8.2CVSS6AI score0.00408EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-23540

Name of the Vulnerable Software and Affected Versions OpenClaw voice-call plugin versions prior to 2026.2.3 @clawdbot/voice-call versions through 2026.1.24 Description The voice-call plugin contains a flaw in webhook verification that allows remote attackers to bypass authentication by providing...

8.2CVSS5.8AI score0.00374EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/14 1:26 a.m.4 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:7 p.m.3 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/02/04 7:36 p.m.4 views

Directory Traversal

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the SSH node when workflows process uploaded files and transfer them to remote servers without validating their metadata. An attacker can write files to unintended locations ...

9CVSS6.8AI score0.01713EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.16 views

PT-2026-1574

Name of the Vulnerable Software and Affected Versions iPaymu Payment Gateway for WooCommerce plugin for WordPress versions up to and including 2.0.2 Description The iPaymu Payment Gateway for WooCommerce plugin for WordPress is susceptible to missing authentication. This occurs because the plugin...

8.2CVSS6.2AI score0.00306EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 7:11 a.m.6 views

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

2CVSS4AI score0.00575EPSS
Exploits0References1
NVD
NVD
added 2024/05/31 6:15 p.m.25 views

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

2CVSS3.8AI score0.00575EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.3 views

plugin: Lack of authentication mechanism in Git Plugin webhook

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

5.3CVSS5.8AI score0.00853EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.16 views

plugin: Lack of authentication mechanism in Git Plugin webhook

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

7.5CVSS5.8AI score0.05563EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.6 views

Jenkins Plugin XP-Dev 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00614EPSS
Exploits0References6
OSV
OSV
added 2018/03/13 3:29 p.m.4 views

DEBIAN-CVE-2018-1000089

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...

7.4CVSS7.3AI score0.01243EPSS
Exploits0References1
Rows per page
Query Builder