Lucene search
K

355 matches found

EUVD
EUVD
added 2026/04/28 6:10 p.m.4 views

EUVD-2026-26125

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS5.2AI score0.00282EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:10 p.m.4 views

CVE-2026-42422

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS5.2AI score0.00282EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.5 views

CVE-2026-42422 OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS5.2AI score0.00282EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 6:10 p.m.33 views

CVE-2026-42422 OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS0.00282EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35801

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS5.2AI score0.00282EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/16 10:48 p.m.18 views

Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys

Isolated paperclip instance running in authenticated mode default config on a clean Docker image matching commit b649bd4 2026.411.0-canary.8, post the 2026.410.0 patch. This advisory was verified on an unmodified build. Summary POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE...

6AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:25 p.m.12 views

CVE-2026-3567

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References7
OSV
OSV
added 2026/03/10 9:3 p.m.5 views

GHSA-WG9X-QFGW-PXHJ Feathers has an OAuth Callback Account Takeover issue

An unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query the raw request query when Grant's session/state responses are empt...

9.3CVSS5.8AI score0.00519EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 9:3 p.m.3 views

EUVD-2026-10825

Feathers has an OAuth Callback Account Takeover issue...

9.3CVSS5.8AI score0.00519EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/10 9:3 p.m.8 views

Feathers has an OAuth Callback Account Takeover issue

An unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query the raw request query when Grant's session/state responses are empt...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/10 8:16 p.m.9 views

CVE-2026-29792

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's...

9.8CVSS0.00519EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 8:6 p.m.4 views

CVE-2026-29792 Feathersjs has an OAuth Callback Account Takeover

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's...

9.3CVSS5.8AI score0.00519EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/10 7:44 p.m.2 views

CVE-2026-29113

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/10 7:44 p.m.16 views

CVE-2026-29113

Craft CMS prior to versions 4.17.4 and 5.9.7 suffers a CSRF flaw in the preview token endpoint (/actions/preview/create-token). The endpoint accepts an attacker-supplied previewToken without requiring a CSRF token, allowing a logged-in editor to mint a preview token chosen by an attacker. The att...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/10 7:44 p.m.4 views

CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References4
OSV
OSV
added 2026/03/10 6:22 p.m.3 views

GHSA-VG3J-HPM9-8V5V Craft CMS has a potential information disclosure vulnerability in preview tokens

Summary Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an attacker can force a logged-in victim editor to mint a preview...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24639

An unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query the raw request query when Grant's session/state responses are empt...

9.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24403

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...

2.3CVSS5.8AI score0.00174EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/06 12:31 a.m.9 views

EUVD-2026-9941

FUXA Unauthenticated Remote Code Execution via Admin JWT Minting...

10CVSS6AI score0.02675EPSS
Exploits3References12
OSV
OSV
added 2026/03/02 10:9 p.m.5 views

GHSA-8986-V76Q-8VR2 @keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

7.5CVSS6AI score
Exploits0References4
Rows per page
Query Builder