Lucene search
K

7 matches found

CVE
CVE
added 2026/04/28 6:9 p.m.9 views

CVE-2026-41380

OpenClaw vulnerable before 2026.3.28 via exec-approvals-allowlist.ts: an execution-approval weakness lets one-time allow-always entries persistently trust wrapper carrier executables routed through dispatch wrappers, broadening the allowlist and weakening execution boundaries. CVSS 3.1/4.0 indica...

7.3CVSS5.5AI score0.00124EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:34 p.m.1 views

CVE-2026-34384

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

4.5CVSS5.8AI score0.00169EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.3 views

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

9.8CVSS6.3AI score0.01145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29254

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

6.1AI score0.01659EPSS
Exploits0References3
OSV
OSV
added 2026/03/21 1:17 a.m.4 views

CVE-2026-32058

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

2.6CVSS6.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 1:21 a.m.7 views

CVE-2026-2494

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...

4.3CVSS5.6AI score0.00131EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.5 views

ITarian Saas platform 安全漏洞

ITarian is a remote access and IT management solution from ITarian, Inc. that helps organizations connect and communicate with their customers and employees, facilitating remote file access, system monitoring, troubleshooting and operations management across teams. A security vulnerability exists...

9.9CVSS8.4AI score0.01656EPSS
Exploits0References3
Rows per page
Query Builder