Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.18 views

CVE-2026-45006

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

8.8CVSS5.8AI score0.00489EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 8:50 p.m.3 views

CVE-2026-39849 Pi-hole FTL remote code execution via newline injection in dns.interface configuration

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the dns.interface configuration field in Pi-hole FTL accepted newline characters without validation, allowing an attacker to inject arbitrary directives into the generated...

8.7CVSS6.2AI score0.00956EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/13 8:54 p.m.13 views

OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes

Summary An authorization mismatch in the gateway let an authenticated caller with only operator.write use browser.request to reach browser profile management routes that persist configuration to disk. In practice, this exposed an admin-only configuration write primitive through /profiles/create...

5.9AI score
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/01 12:0 a.m.9 views

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

8AI score0.0083EPSS
Exploits0References2
Rows per page
Query Builder