Lucene search
K

41 matches found

Snyk
Snyk
added 2026/07/01 9:6 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the realm parameter in the authentication process. An attacker can cause the client to send requests to internal network endpoints or transmit credentials over an unencrypted channel by controlling t...

3.1CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-339 FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6AI score0.00272EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50138

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.1 Description In the Git Smart HTTP path, the system fails to enforce repository-scoped access-token permissions when tokens are provided via Bearer authentication. While the CheckRepoScopedToken function is design...

8.1CVSS5.9AI score0.00343EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.11 views

PT-2026-47578

internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...

7.1CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47623

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.1 Description The handleGetAuditLog function in internal/api/audit.go fails to perform an administrative privilege check. While the endpoint is protected by bearer authentication, any valid operator API key...

7.1CVSS5.9AI score0.00043EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.17 views

PT-2026-41693

Name of the Vulnerable Software and Affected Versions Arcane versions 1.18.1 and earlier Description An issue exists where the endpoint "GET /environments/id/volumes/volumeName/browse" accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside a helper...

6.3CVSS6AI score0.0021EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/14 8:44 p.m.13 views

User Impersonation

Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to User Impersonation via the sseUserContextMiddleware process. An attacker can gain unauthorized access to user sessions and perform actions as any user, including administrators, by...

9.3CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.11 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References1
OSV
OSV
added 2026/05/06 9:31 p.m.11 views

GHSA-M8WM-R5VQ-QJPG Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmxx-7p24-h892. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain...

9.2CVSS5.7AI score0.0054EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/06 9:31 p.m.11 views

EUVD-2026-28182

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.2CVSS5.8AI score0.0054EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.12 views

Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmxx-7p24-h892. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain...

9.8CVSS5.7AI score0.0054EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/06 8:16 p.m.17 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.8CVSS0.0054EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.7 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.2CVSS5.8AI score0.0054EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38240

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description The software captures resolved bearer-auth configuration during startup, which allows revoked tokens to remain valid after a SecretRef rotation. The Gateway HTTP and WebSocket handlers do not...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from capturing a resolved bearer-auth configuration during initialization, which could allow revoked tokens ...

9.8CVSS5.8AI score0.0054EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/05 6:21 p.m.13 views

FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6AI score0.00272EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37285

Name of the Vulnerable Software and Affected Versions FireFighter versions prior to 0.0.54 Description The 'POST /api/v2/firefighter/raid/jira bot' endpoint CreateJiraBotView is accessible without authentication. The attachments payload is processed via httpx.get without URL validation, allowing ...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/04 9:15 p.m.15 views

quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Summary The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected...

6.3CVSS5.8AI score0.004EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/17 10:32 p.m.16 views

OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...

9.8CVSS5.7AI score0.0054EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/17 10:32 p.m.6 views

GHSA-XMXX-7P24-H892 OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...

9.2CVSS5.7AI score0.0054EPSS
Exploits1References6
Rows per page
Query Builder