Lucene search
K

23 matches found

OSV
OSV
added 2026/03/26 9:45 p.m.3 views

GHSA-RQP8-Q22P-5J9Q OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Summary Synology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References6
NVD
NVD
added 2026/03/05 10:16 p.m.6 views

CVE-2026-28469

OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...

8.2CVSS0.003EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a Webhook routing issue in the Google Chat monitor component, which can be exploited by an attacker to cause cross-account policy context misrouting that bypass...

8.2CVSS5.8AI score0.003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:41 a.m.7 views

CVE-1999-0535

A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness...

10CVSS7.2AI score0.05975EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:41 a.m.3 views

CVE-1999-0597

A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire...

10CVSS7.1AI score0.03129EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/19 5:3 p.m.12 views

CVE-2025-64521 authentik deactivated service accounts can authenticate to OAuth

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

4.8CVSS0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-1999-0580

Malware in sbrugna...

10CVSS6.4AI score0.03129EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 6:10 p.m.8 views

CVE-1999-0582

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc...

5CVSS7AI score0.06279EPSS
Exploits0References1
OSV
OSV
added 2024/05/17 11:7 a.m.8 views

OESA-2024-1576 kubernetes security update

Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with t...

2.7CVSS6.7AI score0.02224EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/11/25 12:0 a.m.36 views

Microsoft Windows: Get RSOP_SecuritySettings

The RSOPSecuritySettings WMI class is the abstract class from which other RSoP security classes derive. Instances of this class are not logged. This class was added for Windows XP. The RSOPSecuritySettingNumeric WMI class represents the numeric security setting for an account policy. Account...

7.5AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/11/15 7:36 p.m.56 views

Moderate: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS6.9AI score0.03061EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.36 views

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (20150305)

An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...

5CVSS7AI score0.02108EPSS
Exploits0References3
Metasploit
Metasploit
added 2014/04/15 8:5 p.m.69 views

Windows Manage Change Password

This module will attempt to change the password of the targeted account. The typical usage is to change a newly created account's password on a remote host to avoid the error, 'System error 1907 has occurred,' which is caused when the account policy enforces a password change before the next logi...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/09/03 12:0 a.m.13 views

Active Directory - Enumerate User Account Policy

Binary data adsienumuseraccountpolicy.nbin...

7.3AI score
Exploits0
CVE
CVE
added 2000/02/04 5:0 a.m.115 views

CVE-1999-0535

CVE-1999-0535 affects Windows NT password policy settings. The connected records consistently describe a vulnerability where the account policy for passwords allows insecure configurations (e.g., inadequate minimum length, inappropriate password age, and lack of uniqueness), leading to potential ...

10CVSS7.6AI score0.05975EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2000/02/04 5:0 a.m.46 views

CVE-1999-0582

CVE-1999-0582 describes a misconfigured Windows NT account policy with insecure lockout settings (e.g., lockout duration, count of bad logon attempts). The NVD entry classifies impact as partial availability with network access, no confidentiality/integrity impact, and no authentication required,...

5CVSS7.4AI score0.06279EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.15 views

CVE-1999-0597

A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire...

6.7AI score0.03129EPSS
Exploits0References1
EUVD
EUVD
added 2000/02/04 5:0 a.m.5 views

EUVD-1999-0565

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc...

5CVSS6.6AI score0.06279EPSS
Exploits0References1
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.17 views

CVE-1999-0582

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc...

6.7AI score0.06279EPSS
Exploits0References1
CVE
CVE
added 2000/02/04 5:0 a.m.35 views

CVE-1999-0597

CVE-1999-0597 concerns a Windows NT account policy where remote users are not forcibly disconnected when logon hours expire. Several sources (NVD, Red Hat, CVE list, Red Team/PT security pages) confirm the issue is tied to the Windows NT account policy and its handling of remote logins; no detail...

10CVSS7.1AI score0.03129EPSS
Exploits0References1
Rows per page
Query Builder