Lucene search
K

30 matches found

EUVD
EUVD
added 2026/07/02 3:40 p.m.11 views

EUVD-2026-36321

OpenClaw: Message read actions could skip channel allowlist checks...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 9:16 p.m.14 views

CVE-2026-53815

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:8 p.m.12 views

CVE-2026-53815 OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS5.2AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:8 p.m.34 views

CVE-2026-53815 OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 6:29 p.m.30 views

CVE-2026-47176 Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48745

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.19 Description An authorization bypass exists in message read actions due to insufficient validation, which allows the system to skip channel allowlist checks. This enables lower-trust callers to request and...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References6
NVD
NVD
added 2026/05/15 10:16 p.m.21 views

CVE-2026-44569

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...

7.1CVSS0.00266EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 9:3 p.m.19 views

EUVD-2026-30644

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the channel functionality. The...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39671

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.19 Description An Insecure Direct Object Reference IDOR exists in the channels message management system, allowing authenticated users to modify or delete any message within channels where they have read access...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31396

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00342EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/08/06 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2025-1728)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.02626EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.7 views

TencentOS Server 3: bind9.16 (TSSA-2023:0240)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0240 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS6.9AI score0.02626EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/04/01 12:0 a.m.15 views

Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2025-1314)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.02626EPSS
Exploits0References2
OSV
OSV
added 2025/03/11 3:13 a.m.3 views

USN-7340-1 openvpn vulnerabilities

It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu...

9.8CVSS7.7AI score0.03629EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2024/07/02 1:44 p.m.46 views

USN-6860-1: OpenVPN vulnerabilities

Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. CVE-2024-28882...

9.1CVSS6.6AI score0.00819EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.4 views

PT-2024-5857 · Openvpn +7 · Openvpn +7

Name of the Vulnerable Software and Affected Versions: OpenVPN versions prior to 2.6.11 Description: The issue is related to the lack of proper sanitization of PUSH REPLY messages, which can be exploited by attackers to inject unexpected arbitrary data into third-party executables or plug-ins. Th...

9.8CVSS7.4AI score0.09759EPSS
Exploits0References93
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.29 views

EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2023-3461)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion...

7.5CVSS6.9AI score0.02626EPSS
Exploits0References2
OSV
OSV
added 2023/10/27 9:49 p.m.23 views

MGASA-2023-0303 Updated bind packages fix security vulnerabilities

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

7.5CVSS7.5AI score0.02626EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.80 views

Oracle Linux 9 : bind (ELSA-2023-5689)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5689 advisory. 32:9.16.23-11.2 - stack exhaustion in control channel code may lead to DoS CVE-2023-3341 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.9AI score0.02626EPSS
Exploits0References2
Rows per page
Query Builder