CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/05/11 12:0 a.m.•6 views

MATRA: Modeling the Attack Surface of Agentic AI Systems -- OpenClaw Case Study

LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners across different sectors lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a...

5.8AI score

Packet Storm News•added 2026/05/07 12:0 a.m.•4 views

SkillScope: Toward Fine-Grained Least-Privilege Enforcement for Agent Skills

Agent Skills have become a practical way to extend LLM agents by packaging metadata, natural-language instructions, and executable resources into reusable capability bundles. However, this growing Skill ecosystem introduces a new compliance risk: a Skill may perform high-impact actions that excee...

5.8AI score

CVE•added 2026/05/04 4:48 p.m.•13 views

CVE-2026-42810

CVE-2026-42810 affects Apache Polaris. The issue arises because Polaris accepts literal ‘’ characters in namespace and table names, and these unescaped characters are reused in temporary S3 access policies for delegated table access. In S3 IAM policy matching, ‘ ’ is treated as a wildcard, allowi...

Exploits0References2Affected Software1

EUVD•added 2026/05/04 4:48 p.m.•3 views

EUVD-2026-27035

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

ATTACKERKB•added 2026/05/04 4:48 p.m.•0 views

CVE-2026-42810

Vulnrichment•added 2026/05/04 4:48 p.m.•4 views

Exploits0References2

CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names

Positive Technologies•added 2026/04/30 12:0 a.m.•6 views

PT-2026-36819

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.OpenTelemetryProtocol versions 1.8.0 through 1.15.2 Description The OTLP disk retry feature silently falls back to Path.GetTempPath when OTEL DOTNET EXPERIMENTAL OTLP RETRY is set to disk but OTEL DOTNET EXPERIMENTAL OTL...

7.8CVSS5.8AI score0.00014EPSS

Exploits0References10

RedhatCVE•added 2026/04/28 6:35 p.m.•0 views

CVE-2026-32655

Dell Alienware Command Center AWCC, versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.8CVSS5.2AI score0.00007EPSS

Cvelist•added 2026/04/27 6:14 p.m.•24 views

CVE-2026-32655

5.3CVSS0.00007EPSS

Vulnrichment•added 2026/04/27 6:14 p.m.•3 views

CVE-2026-32655

5.3CVSS5.2AI score0.00007EPSS

Packet Storm News•added 2026/04/12 12:0 a.m.•4 views

Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents

Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x...

6AI score

Github Security Blog•added 2026/04/10 7:39 p.m.•3 views

Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export

Summary Ech0 scoped access tokens do not reliably enforce least privilege: multiple privileged admin routes omit scope checks, and the backup export handler strips token scope metadata entirely, allowing a low-scope admin access token to reach broader admin functionality than intended. Impact An...

5.9AI score

Exploits0References3Affected Software1

OSV•added 2026/04/10 7:39 p.m.•3 views

GHSA-4H9Q-P5J4-XVVH Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export

7.6CVSS5.9AI score

Exploits0References3

Github Security Blog•added 2026/03/27 5:43 p.m.•16 views

Moby has AuthZ plugin bypass when provided oversized request bodies

Summary A security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This is an incomplete fix for CVE-2024-41110. Impact If you don't use AuthZ plugins, you are not affecte...

8.8CVSS6.8AI score0.00009EPSS

Exploits1References7Affected Software3

Github Security Blog•added 2026/03/13 3:47 p.m.•2 views

OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

Summary In affected versions of openclaw, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always carried broad administrative scopes. Plugin-owned HTTP routes using auth: "plugin" could therefore trigger admin-only gateway actions without normal...

9.8CVSS5.8AI score0.00038EPSS

Exploits0References5Affected Software1

Packet Storm News•added 2026/03/09 12:0 a.m.•3 views

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

6AI score