Lucene search
K

39 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017432)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017432 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway...

8.8CVSS6.8AI score0.01346EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.7 views

CVE-2026-41916

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...

5.4CVSS5.2AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 7:37 p.m.5 views

CVE-2026-41916

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...

5.4CVSS0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.4 views

PT-2026-35798

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...

5.4CVSS5.2AI score0.00215EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities related to authentication state management. These vulnerabilities were resolved after configuration reloading, but the resolvedAuth closure became...

5.4CVSS5.9AI score0.00215EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/09 5:34 p.m.12 views

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration due to the resolvedAuth process becoming outdated after a configuration reload. An attacker can maintain unauthorized access by leveraging stale...

5.4CVSS5.8AI score0.00215EPSS
Exploits0References2
CNVD
CNVD
added 2025/10/21 12:0 a.m.4 views

Devolutions Server Improper Certificate Validation Vulnerability

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an improper certificate validation vulnerability that originates from...

8.8CVSS6.6AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/16 8:41 p.m.16 views

CVE-2025-11619

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic...

8.8CVSS6.8AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 9:31 p.m.7 views

EUVD-2025-34693

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic...

8.8CVSS6.3AI score0.0022EPSS
Exploits0References2
OSV
OSV
added 2025/10/15 8:15 p.m.5 views

CVE-2025-11619

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic...

8.8CVSS5.8AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/15 7:45 p.m.10 views

CVE-2025-11619

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic...

0.0022EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 7:45 p.m.16 views

CVE-2025-11619

The CVE-2025-11619 entry affects Devolutions Server. Affected component: the server’s gateway connection path where improper certificate validation occurs during gateway connections. Root cause: improper certificate validation enables a man-in-the-middle position to intercept traffic when establi...

8.8CVSS6.4AI score0.0022EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/15 7:45 p.m.4 views

CVE-2025-11619

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic...

6.4AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.3 views

Devolutions Server 安全漏洞

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an improper certificate validation vulnerability that originates from...

8.8CVSS6.4AI score0.0022EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-28269

Malicious code in bioql PyPI...

8.8CVSS7.2AI score0.01346EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.30 views

CentOS 9 : freerdp-2.4.1-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the freerdp-2.4.1-2.el9 build changelog. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to...

8.8CVSS6.8AI score0.01553EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.5 views

SUSE CVE-2021-41159

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections /gt:rpc fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue h...

8.8CVSS8.8AI score0.01346EPSS
Exploits0References6
Veracode
Veracode
added 2022/03/02 9:29 a.m.38 views

Insecure HTTP2 TrustManager

spring-cloud-gateway-server uses an insecure HTTP2 TrustManager. Application with default configuration and no key store or trusted certificates uses an insecure trustmanager factory option when HTTP2 is enabled, allowing the gateway connections to remote services with invalid or custom...

5.5CVSS2.7AI score0.04846EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.188 views

Rocky Linux 8 : freerdp (RLSA-2021:4622)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4622 advisory. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 usi...

8.8CVSS6.8AI score0.01553EPSS
Exploits0References5
Amazon
Amazon
added 2022/01/20 12:0 a.m.29 views

Important: freerdp

Issue Overview: A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw...

8.8CVSS7.8AI score0.01553EPSS
Exploits0
Rows per page
Query Builder