23 matches found
GHSA-RQP8-Q22P-5J9Q OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision
Summary Synology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
CVE-2026-28469
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a Webhook routing issue in the Google Chat monitor component, which can be exploited by an attacker to cause cross-account policy context misrouting that bypass...
CVE-1999-0535
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness...
CVE-1999-0597
A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire...
CVE-2025-64521 authentik deactivated service accounts can authenticate to OAuth
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...
EUVD-1999-0580
Malware in sbrugna...
CVE-1999-0582
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc...
OESA-2024-1576 kubernetes security update
Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with t...
Microsoft Windows: Get RSOP_SecuritySettings
The RSOPSecuritySettings WMI class is the abstract class from which other RSoP security classes derive. Instances of this class are not logged. This class was added for Windows XP. The RSOPSecuritySettingNumeric WMI class represents the numeric security setting for an account policy. Account...
Moderate: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update
An update for 389-ds-base is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (20150305)
An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...
Windows Manage Change Password
This module will attempt to change the password of the targeted account. The typical usage is to change a newly created account's password on a remote host to avoid the error, 'System error 1907 has occurred,' which is caused when the account policy enforces a password change before the next logi...
Active Directory - Enumerate User Account Policy
Binary data adsienumuseraccountpolicy.nbin...
CVE-1999-0535
CVE-1999-0535 affects Windows NT password policy settings. The connected records consistently describe a vulnerability where the account policy for passwords allows insecure configurations (e.g., inadequate minimum length, inappropriate password age, and lack of uniqueness), leading to potential ...
CVE-1999-0582
CVE-1999-0582 describes a misconfigured Windows NT account policy with insecure lockout settings (e.g., lockout duration, count of bad logon attempts). The NVD entry classifies impact as partial availability with network access, no confidentiality/integrity impact, and no authentication required,...
CVE-1999-0597
A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire...
EUVD-1999-0565
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc...
CVE-1999-0582
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc...
CVE-1999-0597
CVE-1999-0597 concerns a Windows NT account policy where remote users are not forcibly disconnected when logon hours expire. Several sources (NVD, Red Hat, CVE list, Red Team/PT security pages) confirm the issue is tied to the Windows NT account policy and its handling of remote logins; no detail...