2341 matches found
Cisco IOS XE Software 资源管理错误漏洞
Cisco IOS XE Software is a network operating system developed by the American company Cisco. There is a resource management vulnerability in Cisco IOS XE Software, which stems from improper handling of BOOTP packets. This vulnerability may lead to BOOTP packets being forwarded between VLANs,...
cc.chensoul.nacos:nacos-distribution (=2.5.2), com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1) +521 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=5.8.0 <=5.8.16)
org.springframework.security:spring-security-web MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =4.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-3373...
CVE-2026-32041
OpenClaw vulnerable in versions prior to 2026.3.1 due to authentication bootstrap error at startup, leaving browser-control routes accessible without authentication. Local or loopback SSRF paths can reach browser-control routes, including evaluate-capable actions, without valid credentials. CVSS ...
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
EUVD-2026-13330
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
CVE-2026-32041
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
Summary openclaw versions = 2026.3.12 allowed bootstrap setup codes to be replayed before approval, which could widen the scopes on a pending device pairing request. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.3.12 - Fixed version: 2026.3.13 Details The...
GHSA-63F5-HHC7-CX6P OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
Summary openclaw versions = 2026.3.12 allowed bootstrap setup codes to be replayed before approval, which could widen the scopes on a pending device pairing request. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.3.12 - Fixed version: 2026.3.13 Details The...
GHSA-4VGM-C2WM-63MW vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-VH8F-65QG-3M8J vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-C8GQ-RHQH-WGWM vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-73J8-2GCH-69RQ vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26130 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26127 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
GHSA-7H7G-X2PX-94HJ OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
GHSA-4VGM-C2WM-63MW vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-VH8F-65QG-3M8J vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-C8GQ-RHQH-WGWM vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...