12 matches found
Devolutions Remote Desktop Manager 2026.2.5 < 2026.2.12 Code Execution (DEVO-2026-0021)
The version of Devolutions Remote Desktop Manager installed on the remote host is 2026.2.5 through 2026.2.11. It is, therefore, affected by a code execution vulnerability: - Incorrect link resolution by display name in the custom PowerShell VPN editor allows an authenticated attacker with write...
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
CVE-2026-13372
Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...
PT-2026-52892
Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass...
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass...
Incorrect Authorization
Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization via the channels.feishu.allowFrom process. An attacker can gain unauthorized access by setting a display name that collid...
OpenClaw has a Feishu allowFrom authorization bypass via display-name collision
Summary Feishu allowlist authorization could be bypassed by display-name collision. Details channels.feishu.allowFrom is documented as an ID-based allowlist openid list, but Feishu policy matching accepted mutable sender display names in the same namespace. An attacker could set a display name...
GHSA-J4XF-96QF-RX69 OpenClaw has a Feishu allowFrom authorization bypass via display-name collision
Summary Feishu allowlist authorization could be bypassed by display-name collision. Details channels.feishu.allowFrom is documented as an ID-based allowlist openid list, but Feishu policy matching accepted mutable sender display names in the same namespace. An attacker could set a display name...
PT-2026-26402
Summary Feishu allowlist authorization could be bypassed by display-name collision. Details channels.feishu.allowFrom is documented as an ID-based allowlist open id list, but Feishu policy matching accepted mutable sender display names in the same namespace. An attacker could set a display name...
EUVD-2025-27515
Malicious code in bioql PyPI...
CVE-2025-59044
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...