Lucene search
K

1303 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.4 views

EulerOS 2.0 SP13 : sssd (EulerOS-SA-2026-1298)

According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, th...

8.8CVSS5.8AI score0.00756EPSS
Exploits0References2
OSV
OSV
added 2026/03/09 5:27 p.m.3 views

GHSA-HMQR-WJMJ-376C Netmaker has Insufficient Authorization in Host Token Verification

The Authorise middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorisation checks without verifying that the host is authorised to access the specific requested resource. Any entit...

8.6CVSS5.8AI score0.00366EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/09 5:27 p.m.8 views

Netmaker has Insufficient Authorization in Host Token Verification

The Authorise middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorisation checks without verifying that the host is authorised to access the specific requested resource. Any entit...

8.6CVSS5.9AI score0.00366EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/09 8:1 a.m.5 views

CVE-2026-29194

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

8.6CVSS5.8AI score0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/03/07 4:15 p.m.18 views

CVE-2026-29194

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

8.6CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 8:50 a.m.2 views

CVE-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

5.8AI score0.00633EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/07 2:31 a.m.10 views

FUXA has a hardcoded fallback JWT signing secret

FUXA used a static fallback JWT signing secret frangoteam751 when no secretCode was configured. If authentication was enabled without explicitly setting a custom secret, an attacker who knew the default value could forge valid JWT tokens and bypass authentication. This issue has been addressed in...

9.8CVSS5.7AI score0.02036EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/05 8:53 p.m.2 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to improper preservation of authentication context in the RestartAction function. An attacker can gain unauthorized access to execute privileged shell actions by exploiting the...

6.3CVSS5.9AI score0.00414EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005663 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault...

5.5CVSS5.6AI score0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/03/04 7:17 p.m.3 views

GHSA-VVJH-F6P9-5VCF OpenClaw Canvas Authentication Bypass Vulnerability

ZDI-CAN-29311: OpenClaw Canvas Authentication Bypass Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: OpenClaw - OpenClaw -- VULNERABILITY DETAILS ------------------------ Version...

7.4CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/03/03 11:19 p.m.2 views

GHSA-2CH6-X3G4-7759 OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From

Summary commands.allowFrom is documented as a sender authorization allowlist for commands/directives, but command authorization could include ctx.From conversation identity as a sender candidate. When commands.allowFrom contained conversation-like identifiers for example Discord channel: or...

7.1CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 11:19 p.m.15 views

OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From

Summary commands.allowFrom is documented as a sender authorization allowlist for commands/directives, but command authorization could include ctx.From conversation identity as a sender candidate. When commands.allowFrom contained conversation-like identifiers for example Discord channel: or...

5.9AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/03 11:19 p.m.3 views

Command Injection

Overview @openclaw/lobster is an Adds the lobster agent tool as an optional plugin tool. Affected versions of this package are vulnerable to Command Injection via the fallback process on Windows systems when certain spawn failures occur and shell: true is used. An attacker can execute arbitrary...

7CVSS6AI score0.00525EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 11:19 p.m.3 views

GHSA-FG3M-VHRR-8GJ6 OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path

Summary On Windows, the Lobster extension previously retried certain spawn failures ENOENT/EINVAL with shell: true for wrapper compatibility. In that fallback path, tool-provided arguments could be interpreted by cmd.exe if fallback was triggered. Affected Packages / Versions - Package: openclaw...

5.1CVSS6.1AI score0.00525EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/03 11:19 p.m.12 views

OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path

Summary On Windows, the Lobster extension previously retried certain spawn failures ENOENT/EINVAL with shell: true for wrapper compatibility. In that fallback path, tool-provided arguments could be interpreted by cmd.exe if fallback was triggered. Affected Packages / Versions - Package: openclaw...

7CVSS6.1AI score0.00525EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 11:17 p.m.9 views

OpenClaw has Canvas route hardening for mixed-trust deployments

Summary This advisory tracks a defense-in-depth hardening for canvas routes. In mixed-trust or network-visible deployments, prior canvas auth/fallback behavior could broaden access beyond intended boundaries. Deployment Context OpenClaw’s default model is trusted host + loopback-first access. Som...

5.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/03 10:8 p.m.9 views

GHSA-XMV6-R34M-62P4 OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot

Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...

7.8CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 10:8 p.m.14 views

OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot

Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/03 9:39 p.m.2 views

GHSA-5H2C-8V84-QPVR OpenClaw shell-env fallback trusted startup env and could execute attacker-influenced login-shell paths

Summary OpenClaw shell-env fallback trusted startup environment values and could execute attacker-influenced login-shell startup paths before loading env keys. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.1.5 and = 2026.2.21-2 - Fixed on main:...

5.3CVSS6.2AI score
Exploits0References3
OSV
OSV
added 2026/03/03 9:35 p.m.4 views

GHSA-5MX2-2MGW-X8RM OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)

Summary BlueBubbles webhook auth in the optional beta iMessage plugin allowed a passwordless fallback path. In some reverse-proxy/local routing setups, this could allow unauthenticated webhook events. Affected Component and Scope - Component: extensions/bluebubbles webhook handler - Scope: only...

6.3CVSS6AI score0.00249EPSS
Exploits0References6
Rows per page
Query Builder