Lucene search
K

11 matches found

OSV
OSV
added 2026/06/01 11:42 a.m.6 views

BIT-KIBANA-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:39 a.m.6 views

BIT-ELK-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/04 9:30 p.m.8 views

ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.3AI score0.00404EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:24 p.m.4 views

CVE-2026-41369

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system...

7.1CVSS5.5AI score0.00307EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/27 9:36 p.m.3 views

Multiple Releases of Same Resource or Handle

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Multiple Releases of Same Resource or Handle via the applySkillConfigEnvOverrides function. An attacker can inject dangerous environment variables into the host process by modifying local...

8.8CVSS6AI score0.00316EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.4 views

PT-2026-24944

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.19-2 Description A flaw exists in the applySkillConfigenvOverrides function within the Skill Env Handler component. This issue allows for code injection when a manipulation is executed remotely. The issue arises becaus...

8.8CVSS6.6AI score0.00316EPSS
Exploits0References16
Snyk
Snyk
added 2025/10/07 4:11 a.m.1 views

Malicious Package

Overview tailwindcss-config-overrides is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/07 4:11 a.m.3 views

MAL-2025-47983 Malicious code in tailwindcss-config-overrides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 274dba937d6ffacd0bbf3b592f5e43f2dabc7de66db20c54a51965617ef82807 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/09/04 12:1 a.m.2 views

Malicious Package

Overview tailwind-config-overrides is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/04 12:1 a.m.4 views

Malicious code in tailwind-config-overrides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ac45edafa6ddcf4af5c1970929875bc85e162994b1e4a7e3f607529e1425763 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/09/04 12:1 a.m.2 views

MAL-2025-42139 Malicious code in tailwind-config-overrides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ac45edafa6ddcf4af5c1970929875bc85e162994b1e4a7e3f607529e1425763 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder