Lucene search
K

2043 matches found

NVD
NVD
added 2026/04/10 5:17 p.m.23 views

CVE-2026-35654

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.24 views

CVE-2026-35654 OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS0.00227EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35654 OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35654

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 4:3 p.m.20 views

CVE-2026-35654

OpenClaw before 2026.3.25 has an authorization bypass in Microsoft Teams feedback invoke endpoints that lets an unauthorized sender trigger recording of session feedback or reflection. Attackers can bypass sender allowlists, enabling unauthorized access to feedback-related actions. The cited CVE ...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/10 4:3 p.m.5 views

EUVD-2026-21454

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities were caused by authorization bypasses in calls made through Microsoft Teams, which could allow unauthorized senders ...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-31965

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 7:25 p.m.6 views

CVE-2026-33350

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

7.5CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 5:47 p.m.3 views

EUVD-2026-20552

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 5:47 p.m.22 views

CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

7.5CVSS0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 5:47 p.m.5 views

CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 5:47 p.m.12 views

CVE-2026-33350

Product: LORIS (Longitudinal Online Research and Imaging System). Issue: SQL injection in the MRI feedback popup window of the imaging browser. Root cause: Vulnerable code sections allowed SQL ingestion prior to certain releases. Versions affected: before 27.0.3 and 28.0.1. Impact: Attackers coul...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/08 9:31 a.m.5 views

EUVD-2026-20142

Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through = 1.10.1...

5.9AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 9:31 a.m.3 views

EUVD-2026-20141

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

5.9AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.5 views

CVE-2026-39476

Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through = 1.10.1...

4.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 a.m.7 views

CVE-2026-39475

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

8.5CVSS0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.26 views

CVE-2026-39475 WordPress User Feedback plugin <= 1.10.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

7.6CVSS0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.23 views

CVE-2026-39476 WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through = 1.10.1...

4.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39475

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

5.9AI score0.00264EPSS
Exploits0References2
Rows per page
Query Builder