Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CNNVD
CNNVDadded 2026/04/29 12:0 a.m.2 views

SailPoint IdentityIQ 安全漏洞

SailPoint IdentityIQ is a security software developed by SailPoint Corporation. It provides credit monitoring, identity protection, and antivirus features. SailPoint IdentityIQ has a security vulnerability that stems from allowing authenticated identity roles to edit role definitions without havi...

8.8CVSS5.8AI score0.00044EPSS
Exploits0References1
NVD
NVDadded 2026/04/28 3:16 p.m.1 views

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

8.8CVSS0.00042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/28 1:42 p.m.3 views

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

4.2CVSS5.2AI score0.00042EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.2 views

PT-2026-35730

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

4.2CVSS5.2AI score0.00042EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/03/03 10:25 p.m.4 views

OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity

Summary The voice-call Twilio webhook path accepted replay/dedupe identity from unsigned request metadata i-twilio-idempotency-token, enabling replayed signed requests to bypass replay detection and manager dedupe by mutating only that header. Affected Packages / Versions - Package: openclaw npm ...

6AI score
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/03 10:25 p.m.1 views

GHSA-GCJ7-R3HG-M7W6 OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity

Summary The voice-call Twilio webhook path accepted replay/dedupe identity from unsigned request metadata i-twilio-idempotency-token, enabling replayed signed requests to bypass replay detection and manager dedupe by mutating only that header. Affected Packages / Versions - Package: openclaw npm ...

3.7CVSS6AI score
Exploits0References3
Rows per page
Query Builder