35 matches found
CVE-2026-35617 OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources...
PT-2026-31756
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources...
CVE-2025-64761
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...
EUVD-2002-0441
Malware in sbrugna...
EUVD-2019-7628
Malware in sbrugna...
EUVD-2005-0546
Malware in sbrugna...
EUVD-2005-3172
Malware in sbrugna...
CVE-2025-47288 Discourse Policy plugin private group members visible
Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1....
Discourse Policy 信息泄露漏洞
Discourse Policy is an open source plugin for Discourse that confirms that a user has seen or done something by alerting them. An information disclosure vulnerability exists in versions prior to Discourse Policy 0.1.1 that stems from not properly handling private group policies, which could lead ...
CVE-2019-17201
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service...
CVE-2019-17202
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a...
One policy to rule them all
Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In...
Policy data may be lost when a CVAD site is upgraded from an older version to 2311 or 2402
Citrix group policies may fail to appear in Studio post upgrade to CVAD Versions 2311 or 2402, and on Citrix DaaS. VDAs that expect the missing policies to be applied may behave differently...
Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla
In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Googles search engine page and localized to North America. Victims are tricked into downloadi...
Some GPO's fail to apply when elastic layering is enabled
With Elastic Layering Apps Only enabled, gpupdate /force may report an error while applying some group policies...
How to restrict connections from clients\endpoints with specific versions of Citrix Workspace app
This article describes how to control connections to published applications or published desktops from specific versions of Citrix Workspace app for Windows. In the steps below, configure local group policies using the Windows Group Policy Object administrative template for Citrix Workspace app...
Windows Update has changed over the years. Here are 25 group policies to avoid
Microsoft has published a list of 25 group policies that administrators should not use in Windows 10 and Windows 11 as they do not provide optimal behavior or cause unexpected results. Since November 2015 when Windows 10 was first introduced, there have been many changes and some of them have...
GPOZaurr - Group Policy Eater Is A PowerShell Module That Aims To Gather Information About Group Policies
Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them. Installing GPOZaurr requires RSAT installed to provide results. If you don't have them you can install them as below. Keep in mind it also instal...
CVE-2019-17202
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a...
CVE-2019-17201
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service...