Lucene search
K

9 matches found

OSV
OSV
added 2026/05/19 7:42 p.m.3 views

GHSA-G53W-W6MJ-HRPP MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path

Summary The MCP router extproc exposes an initialize-method code path that, when a request carries an mcp-init-host header, bypasses the gateway JWT session validator and rewrites the upstream :authority header to whatever the caller chooses, gated only by a single shared header value router-key...

9.3CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/04/28 6:10 p.m.5 views

EUVD-2026-26122

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...

5.4CVSS5.2AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 12:30 a.m.3 views

GHSA-9GVX-VJ57-VQQX Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mqc-jqh6-x8fc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where...

5.1CVSS5.7AI score0.00141EPSS
Exploits0References5
CVE
CVE
added 2026/03/19 10:7 p.m.12 views

CVE-2026-32031

CVE-2026-32031 affects OpenClaw server-http prior to 2026.2.26. The issue is an authentication bypass in gateway authentication for plugin channel endpoints caused by a path canonicalization mismatch between the gateway guard and the plugin handler routing. This allows attackers to bypass authent...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/19 12:44 p.m.2 views

GHSA-F842-PHM9-P4V4 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass

Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...

7.5CVSS5.8AI score0.00565EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/19 12:44 p.m.8 views

Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass

Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...

7.5CVSS5.8AI score0.00565EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/01/08 1:44 p.m.23 views

CVE-2025-14025

CVE-2025-14025 affects Red Hat Ansible Automation Platform (AAP) where read-only OAuth2 tokens bypass gateway write restrictions, enabling write operations to backend services (Controller, Hub, EDA) limited only by RBAC. The issue is fixed via Red Hat advisories RHSA-2026:0360/0361, which note a ...

8.5CVSS6.2AI score0.00389EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/09/22 12:0 a.m.3 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from the U.S. company Cisco Cisco. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity.Cisco IOS XE Software is vulnerable to an exploit that could be used ...

4.7CVSS5.4AI score0.01156EPSS
Exploits0References6
Check Point Advisories
Check Point Advisories
added 2019/11/26 12:0 a.m.3 views

Malicious Activity Over DNS Tunneling

DNS Tunneling is used to pass non-DNS information using DNS messages, which are normally allowed by security devices. Malicious users or malware may use DNS tunnels to bypass inspection by the security gateway...

3.5AI score
Exploits0
Rows per page
Query Builder