Lucene search
K

6 matches found

OSV
OSV
added 2026/05/19 7:30 p.m.5 views

GHSA-M23H-6MWM-39M8 Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

6.9CVSS5.9AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

8.8CVSS6.4AI score0.00639EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

8.8CVSS6.4AI score
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.18 views

CVE-2026-32013 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

8.8CVSS0.00639EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 10:6 p.m.20 views

CVE-2026-32013

OpenClaw is affected: versions prior to 2026.2.25 contain a symlink traversal in agents.files.get and agents.files.set that can read/write files outside the agent workspace. Attackers can access arbitrary host files within gateway process permissions by following symlinked allowlisted files, whic...

8.8CVSS6.2AI score0.00639EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/12/18 8:24 p.m.12 views

CVE-2025-13911

CVE-2025-13911 affects Inductive Automation Ignition SCADA, where Python scripting is used for automation. The root cause is insufficient controls on which Python libraries can be imported/executed within the scripting environment, paired with an Ignition service account that has system-level Win...

7.3CVSS6.8AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder