CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 6 days ago•14 views

CVE-2026-56074

PraxionAI before 1.5.128 caches tool approval decisions by tool name rather than invocation arguments, enabling bypass of approval prompts for subsequent execute_command calls. Attackers could obtain initial approval for a benign command and then exfiltrate API keys and credentials via later shel...

6.8CVSS5.3AI score0.00116EPSS

EUVD•added 2026/06/17 6:35 p.m.•8 views

EUVD-2025-210215

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.7AI score0.00094EPSS

CVE•added 2026/06/12 9:57 p.m.•28 views

CVE-2026-53838

OpenClaw is affected by a state mutation vulnerability in node pairing reconnection prior to version 2026.5.27. The issue lets paired nodes confuse approval scope decisions by manipulating reconnection logic, potentially restoring or presenting broader node authority than intended and bypassing a...

9.8CVSS5.3AI score0.00221EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/06/05 7:47 p.m.•5 views

CVE-2026-6883

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...

4.3CVSS5.5AI score0.00146EPSS

RedhatCVE•added 2026/06/05 7:10 p.m.•10 views

CVE-2026-35674

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...

8.8CVSS5.7AI score0.00253EPSS

OSV•added 2026/06/03 4:10 p.m.•6 views

DRUPAL-CONTRIB-2026-039

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

Positive Technologies•added 2026/06/03 12:0 a.m.•10 views

PT-2026-46112

Positive Technologies•added 2026/06/03 12:0 a.m.•8 views

PT-2026-46079

Drupal•added 2026/06/03 12:0 a.m.•8 views

LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

RedhatCVE•added 2026/06/02 4:1 p.m.•10 views

CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS

RedhatCVE•added 2026/06/02 4:3 a.m.•10 views

CVE-2026-32906

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

4.3CVSS5.8AI score0.00173EPSS

NVD•added 2026/06/01 7:16 p.m.•10 views

CVE-2026-23638

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS0.00184EPSS