16831 matches found
Allocation of Resources Without Limits or Throttling
Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...
Introducing Penetration Test Findings: Unified Offensive Security in Wiz
Streamline pen-testing by unifying findings from bug bounties, manual audits, and Wiz Red Agent into a single, context-rich view...
CVE-2026-43535
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...
CVE-2026-40022
A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...
EUVD-2026-27283
OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when th...
CVE-2026-43535
OpenClaw (prior to 2026.4.14) contains an authorization context reuse vulnerability in collect-mode queue batches. The flaw lets messages from different senders inherit the final sender’s authorization context, enabling an attacker to drain batches by injecting multiple queued messages and have e...
CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...
CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...
CVE-2026-43535
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...
EUVD-2026-27281
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...
CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...
CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...
ARGUS: Defending LLM Agents against Context-Aware Prompt Injection
The rise of Large Language Model LLM agents, augmented with tool use, skills, and external knowledge, has introduced new security risks. Among them, prompt injection attacks, where adversaries embed malicious instructions into the agent workflow, have emerged as the primary threat. However,...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1646)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1646 advisory. In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories CVE-2025-68736 In the Linux kernel, the following vulnerability has been...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
check-copyfail check-copyfail.sh is a read-only Bash script...
Access Control Bypass
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Access Control Bypass via the MCP loopback process. An attacker can gain unauthorized access to owner-gated operations by spoofing owner-context metadata in request headers. Remediation...
GHSA-R6XH-PQHR-V4XH OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens
Summary MCP loopback owner context is derived from server-issued bearer tokens. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact The loopback MCP path accepted spoofable owner-context metadata from request headers, which could...
CVE-2026-7535
A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...
Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...