Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Devolutions Remote Desktop Manager 2026.2.5 < 2026.2.12 Code Execution (DEVO-2026-0021)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2026.2.5 through 2026.2.11. It is, therefore, affected by a code execution vulnerability: - Incorrect link resolution by display name in the custom PowerShell VPN editor allows an authenticated attacker with write...

7.2CVSS6.5AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 7:16 p.m.8 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 6:22 p.m.36 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52892

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...

7.2CVSS5.9AI score0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.2 views

CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.23 views

CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass...

6.5CVSS0.00205EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/03 9:41 p.m.2 views

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization via the channels.feishu.allowFrom process. An attacker can gain unauthorized access by setting a display name that collid...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 9:41 p.m.9 views

OpenClaw has a Feishu allowFrom authorization bypass via display-name collision

Summary Feishu allowlist authorization could be bypassed by display-name collision. Details channels.feishu.allowFrom is documented as an ID-based allowlist openid list, but Feishu policy matching accepted mutable sender display names in the same namespace. An attacker could set a display name...

6.5CVSS5.9AI score0.00205EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 9:41 p.m.8 views

GHSA-J4XF-96QF-RX69 OpenClaw has a Feishu allowFrom authorization bypass via display-name collision

Summary Feishu allowlist authorization could be bypassed by display-name collision. Details channels.feishu.allowFrom is documented as an ID-based allowlist openid list, but Feishu policy matching accepted mutable sender display names in the same namespace. An attacker could set a display name...

6.5CVSS5.9AI score0.00205EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.11 views

PT-2026-26402

Summary Feishu allowlist authorization could be bypassed by display-name collision. Details channels.feishu.allowFrom is documented as an ID-based allowlist open id list, but Feishu policy matching accepted mutable sender display names in the same namespace. An attacker could set a display name...

6.3CVSS5.8AI score0.00205EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27515

Malicious code in bioql PyPI...

4.4CVSS6.5AI score0.00132EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/11 11:24 p.m.7 views

CVE-2025-59044

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...

4.4CVSS6.8AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder