Lucene search
+L

104 matches found

Github Security Blog
Github Security Blog
added 2026/03/31 11:58 p.m.12 views

OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement

Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/31 11:58 p.m.2 views

GHSA-JP4J-Q5FC-58GV OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement

Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...

5.3CVSS5.8AI score0.00166EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.5 views

CVE-2026-27524 OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path

OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject proto, constructor, or prototype keys to manipulate object prototypes and bypass command gate restrictio...

4.3CVSS5.8AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 1:34 a.m.9 views

CVE-2026-27524 OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path

OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject proto, constructor, or prototype keys to manipulate object prototypes and bypass command gate restrictio...

2.3CVSS5.9AI score0.00237EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/12 11:52 a.m.169 views

Exploit for Out-of-bounds Write in Netapp Bootstrap_Os

Typeform DevSecOps Pipeline POC !Pythonhttps://img.shields...

7.8CVSS7AI score0.81422EPSS
Exploits28
RedhatCVE
RedhatCVE
added 2026/02/25 4:16 p.m.9 views

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS6AI score0.00655EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 3:21 p.m.14 views

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS0.00655EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 1:52 p.m.4 views

CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS6.2AI score0.00655EPSS
Exploits0References2
CVE
CVE
added 2026/02/24 1:52 p.m.13 views

CVE-2026-27208

Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...

9.2CVSS6AI score0.00655EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/12/30 8:17 p.m.16 views

CVE-2025-14986

Temporal contains a namespace policy bypass vulnerability where, when frontend.enableExecuteMultiOperation is on, validation and feature gating for an embedded StartWorkflowExecutionRequest are evaluated against the embedded request’s Namespace instead of the outer ExecuteMultiOperationRequest.Na...

5.3CVSS6.5AI score0.00415EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/16 3:39 p.m.34 views

CVE-2025-68318 clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL

In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLKISCRITICAL The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang. Set all AXI clock gates to...

0.0015EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/11/06 12:0 a.m.5 views

Security Evaluation of Quantum Circuit Split Compilation under an Oracle-Guided Attack

Quantum circuits are the fundamental representation of quantum algorithms and constitute valuable intellectual property IP. Multiple quantum circuit obfuscation QCO techniques have been proposed in prior research to protect quantum circuit IP against malicious compilers. However, there has not be...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/05 12:0 a.m.4 views

Certified Randomness Amplification by Dynamically Probing Remote Random Quantum States

Cryptography depends on truly unpredictable numbers, but physical sources emit biased or correlated bits. Quantum mechanics enables the amplification of imperfect randomness into nearly perfect randomness, but prior demonstrations have required physically co-located, loophole-free Bell tests,...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.5 views

Communication-Optimal Blind Quantum Protocols

A user, Alice, wants to get server Bob to implement a quantum computation for her. However, she wants to leave him blind to what she's doing. What are the minimal communication resources Alice must use in order to achieve information-theoretic security? In this paper, we consider a single step of...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-24648

Malware in sbrugna...

8.8CVSS8.5AI score0.01253EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4015

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00736EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-2776

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00614EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in test-mlw2-grubs-gates (npm)

The package test-mlw2-grubs-gates was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-35455 Malicious code in test-mlw2-grubs-gates (npm)

The package test-mlw2-grubs-gates was found to contain malicious code...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

Designing with Deception: ML- and Covert Gate-Enhanced Camouflaging to Thwart IC Reverse Engineering

Integrated circuits ICs are essential to modern electronic systems, yet they face significant risks from physical reverse engineering RE attacks that compromise intellectual property IP and overall system security. While IC camouflage techniques have emerged to mitigate these risks, existing...

6.7AI score
Exploits0
Rows per page
Query Builder