Lucene search
K

87063 matches found

Github Security Blog
Github Security Blog
added 2026/04/10 12:30 a.m.12 views

Duplicate Advisory: OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h4jx-hjr3-fhgc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/10 12:30 a.m.2 views

EUVD-2026-21108

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.5AI score0.00192EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/10 12:30 a.m.4 views

EUVD-2026-21097

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticat...

8.1CVSS6.1AI score0.00346EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/10 12:30 a.m.3 views

EUVD-2026-21077

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6AI score0.0021EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.121 views

📄 RomM Cross Site Scripting / File Upload

RomM versions prior to 4.4.1 chained vulnerabilities exploit that leverages file upload to achieve cross site scripting that then leverages csrf token reuse to change a user's password. Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3...

7.6CVSS5.2AI score0.00273EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-31955

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

5.4CVSS5.9AI score0.00442EPSS
Exploits1References7
CNVD
CNVD
added 2026/04/10 12:0 a.m.9 views

IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

6.8CVSS5.8AI score0.00252EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.12 views

PT-2026-32011

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains an Open Redirect flaw in the session course edit page. An attacker can redirect an authenticated administrator to an...

4.7CVSS5.9AI score0.00178EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31858

Name of the Vulnerable Software and Affected Versions code-projects Simple IT Discussion Forum version 1.0 Description A security issue exists in code-projects Simple IT Discussion Forum 1.0 related to the processing of the /admin/user.php file. Manipulation of the fname argument can lead to cros...

4.8CVSS4.4AI score0.00202EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-32013

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, has an issue where the PlatformConfigurationController::decodeSettingArray method uses PHP's eval function to process platform settings retrieved...

8.8CVSS6.2AI score0.00319EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31926

CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f k levels list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass...

8.6CVSS5.9AI score0.00427EPSS
Exploits1References4
CNVD
CNVD
added 2026/04/10 12:0 a.m.4 views

OpenClaw elevation of privilege vulnerability (CNVD-2026-17893)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an invoker with pairing privileges but no administrator privileges to approve pending device requests that request ...

9.9CVSS7.5AI score0.00624EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities allowed an...

6.5CVSS5.9AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.5 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the permission checking logic when changing the parent project ID, which was inconsistent with the recursive...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator operators to self-request a broader scope during backend reconnection...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31946

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A permission escalation issue exists in Vikunja that allows a user with Write access to a project to escalate their permissions to Admin by moving the project under a project they own. This is due to...

8.3CVSS5.7AI score0.0029EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

CouchCMS 安全漏洞

CouchCMS is an open-source content management system CMS designed for designers. CouchCMS has a security vulnerability that stems from improper authorization verification. This vulnerability could allow authenticated administrator users to create super-administrator accounts by manipulating...

8.6CVSS5.8AI score0.00427EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.3 views

Keycloak < 26.4.11 Multiple Vulnerabilities

Keycloak versions installed prior to 26.4.11 are affected by multiple vulnerabilities: - A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an...

4.2CVSS5.8AI score0.00275EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38, Chamilo LMS had security vulnerabilities. These vulnerabilities stemmed from the Twig...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.10 views

PT-2026-31842

Name of the Vulnerable Software and Affected Versions Webling plugin for WordPress versions prior to 3.9.1 Description The Webling plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization, insufficient output escaping, and missing capabilities chec...

6.4CVSS5.9AI score0.00277EPSS
Exploits0References9
Rows per page
Query Builder