Lucene search
K

15 matches found

OSV
OSV
added 2026/06/01 11:42 a.m.8 views

BIT-KIBANA-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 9:19 p.m.13 views

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the DM pairing-store process. An attacker can gain unauthorized access to privileged room control commands by leveraging DM-paired sender IDs to bypass...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 9:19 p.m.18 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the DM pairing-store process. An attacker can gain unauthorized access to privileged room control commands by leveraging DM-paired sender IDs to bypass...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.5 views

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 7:37 p.m.8 views

CVE-2026-41376

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...

6.5CVSS0.00157EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.4 views

CVE-2026-33578

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32895

OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted sender...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.32 views

CVE-2026-32895 OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers

OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allowlists by sending system events from non-allowlisted sender...

5.4CVSS0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26744

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.26 Description The software does not properly enforce sender authorization in member and message subtype system event handlers. This allows unauthorized events to be enqueued, potentially bypassing Slack DM...

5.4CVSS5.7AI score0.0018EPSS
Exploits0References7
CVE
CVE
added 2026/03/18 1:34 a.m.13 views

CVE-2026-22175

OpenClaw prior to 2026.2.23 is affected by an exec approval bypass in allowlist mode. Unrecognized multiplexer wrappers (e.g., busybox/toybox sh -c) can bypass allow-always restrictions, enabling invocation of arbitrary payloads under the same wrapper and bypassing execution restrictions. Affecte...

7.1CVSS6AI score0.00333EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28474 OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...

9.3CVSS7.2AI score0.00489EPSS
Exploits0References5
OSV
OSV
added 2026/03/05 9:59 p.m.8 views

CVE-2026-28469 OpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity

OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...

8.2CVSS6AI score0.003EPSS
Exploits0References5
NVD
NVD
added 2026/01/05 4:15 p.m.8 views

CVE-2025-65328

Mega-Fence webgate-lib. 25.1.914 and prior trusts the first value of the X-Forwarded-For XFF header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant...

6.5CVSS0.00227EPSS
Exploits1References2
OSV
OSV
added 2026/01/05 4:15 p.m.4 views

CVE-2025-65328

Mega-Fence webgate-lib. 25.1.914 and prior trusts the first value of the X-Forwarded-For XFF header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant...

6.5CVSS5.9AI score0.00227EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/04 9:30 a.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL validation process. An attacker can access internal or otherwise restricted resources by submitting a specially crafted URL that bypasses configured allowlists. Remediation Upgrade...

5.3CVSS7AI score0.0029EPSS
Exploits0References2
Rows per page
Query Builder