Lucene search
K

7 matches found

CVE
CVE
added 2026/03/05 9:59 p.m.13 views

CVE-2026-28477

CVE-2026-28477 affects OpenClaw. The vulnerability is an OAuth state validation bypass in the manual Chutes login flow, enabling an attacker to substitute credentials and persist tokens for unauthorized accounts by tricking a user into pasting attacker-controlled OAuth callback data. Impact is cr...

7.1CVSS6AI score0.00133EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28477

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

5.9CVSS6AI score0.00133EPSS
Exploits0References4
OSV
OSV
added 2026/02/18 5:41 p.m.3 views

GHSA-7RCP-MXPQ-72PJ OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution

Summary The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution. Impact If an attacker can convince a user to paste attacker-provided OAuth callback data during the manu...

5.9CVSS5.7AI score0.00133EPSS
Exploits0References6
NVD
NVD
added 2025/10/01 6:15 p.m.5 views

CVE-2025-8679

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and...

9.8CVSS0.00319EPSS
Exploits0References1
Citrix
Citrix
added 2025/05/06 12:0 a.m.14 views

Domain passthrough with ZeroTrust VPN users get "cannot start your session" via Azure load balancer

When you access Store URL and click on "Log on" you see the error - cannot start your session. wait a few minutes and try to logon again. If you still experience problems, contact your help desk. When you click on the "OK" button multiple times, eventually it goes away. More details on deployment...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2016/06/17 12:0 a.m.27 views

op5 7.1.9 - Configuration Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'op5 v7.1.9 Configuration Command Execution', 'Description' = %q op5 an open source network monitoring software. The configurati...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/10/12 12:0 a.m.22 views

emekportal21.txt

BiyoSecurity.Org script name : Emek Portal v2.1 tr Script Download : http://www.aspindir.com/indir.asp?id=2728 Risk : High Regards : Dj ReMix Thanks : Korsan , Liz0zim , TrIP Vulnerable file : girisyap.asp Manual connect : Go to Admin Panel Login ----- http://victim.com/path to script/uyegiris.as...

7.4AI score
Exploits0
Rows per page
Query Builder