Lucene search
K

87066 matches found

Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.2 views

CVE-2026-35645 OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...

8.1CVSS5.9AI score0.0028EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.0 views

CVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.19 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS0.00458EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.1 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS6.4AI score0.00458EPSS
Exploits0References4
CVE
CVE
added 2026/04/09 9:27 p.m.20 views

CVE-2026-35639

CVE-2026-35639 affects OpenClaw prior to 2026.3.22. The vulnerability is in the device.pair.approve method, where an operator.pairing approver can approve pending device requests with broader operator scopes than the approver holds. This insufficient scope validation can escalate privileges to op...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.4 views

CVE-2026-35631

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

7.1CVSS6AI score0.00225EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.16 views

CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

7.1CVSS0.00225EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.3 views

CVE-2026-35625 OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.4AI score0.00192EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:26 p.m.1 views

CVE-2026-35625

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.5AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/04/09 9:26 p.m.5 views

CVE-2026-34512

OpenClaw before 2026.3.25 exposes an improper access control in the HTTP endpoint /sessions/:sessionKey/kill that lets any bearer-authenticated user invoke admin-level session termination via the killSubagentRunAdmin function, bypassing ownership/operator scope restrictions. The vulnerability ena...

8.1CVSS6.1AI score0.00346EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:26 p.m.1 views

CVE-2026-34512

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticat...

8.1CVSS6.1AI score0.00346EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.5 views

CVE-2026-34512 OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticat...

8.1CVSS5.9AI score0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 9:26 p.m.24 views

CVE-2026-34512 OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticat...

8.1CVSS0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.4 views

CVE-2026-21904 Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS5.9AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/09 9:26 p.m.17 views

CVE-2026-21904 Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 8:16 p.m.6 views

CVE-2026-35063

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

8.8CVSS0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.3 views

CVE-2026-39347

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-34724

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence typeenrichmentdata typically high-privilege...

8.7CVSS5.9AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 7:16 p.m.2 views

CVE-2026-39912

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the loginwithmaillinkenable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receiv...

9.1CVSS0.00584EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/04/09 7:0 p.m.2 views

CVE-2026-35063 Missing Authorization in OpenPLC_V3

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

8.7CVSS5.8AI score0.0024EPSS
Exploits0References1
Rows per page
Query Builder