Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/03/19 10:16 p.m.1 views

CVE-2026-32039

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

6.5CVSS0.00032EPSS
Exploits0References3
OSV
OSVadded 2026/03/19 10:16 p.m.0 views

CVE-2026-32039

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

5.9CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/19 10:7 p.m.1 views

CVE-2026-32039

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

6CVSS5.8AI score0.00032EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/19 10:7 p.m.2 views

EUVD-2026-13326

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

6CVSS5.8AI score0.00032EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/03/03 11:12 p.m.6 views

OpenClaw's typed sender-key matching for toolsBySender prevents identity-collision policy bypass

Summary channels..groups..toolsBySender could match a privileged sender policy using a colliding mutable identity value for example senderName or senderUsername when deployments used untyped keys. The fix introduces explicit typed sender keys id:, e164:, username:, name:, keeps legacy untyped key...

6.5CVSS5.9AI score0.00032EPSS
Exploits0References5Affected Software1
Snyk
Snykadded 2026/02/08 1:52 a.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the privateexports process. An attacker can access another user's private data exports by exploiting UUID collisions that occur when the UUID is converted to an integer, causing files...

8.2CVSS5.6AI score0.00044EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/02/03 12:0 a.m.3 views

Decidim 安全漏洞

Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim from 0.30.0 up to 0.30.4, as well as versions from 0.31.0.rc1 up to 0.31.0, have security vulnerabilities. These vulnerabilities stem from UUID collisions in the private data export...

8.2CVSS5.8AI score0.00044EPSS
Exploits0References5
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions Listadded 2020/02/07 12:0 a.m.44 views

[20200304] - Core - Identifier collisions in com_users

Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses...

5.3CVSS3AI score0.00211EPSS
Exploits0Affected Software1
Rows per page
Query Builder