Lucene search
+L

5359 matches found

OSV
OSV
added 2026/04/23 9:58 p.m.3 views

CVE-2026-41355 OpenClaw < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

5.4CVSS6.7AI score0.00123EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from an arbitrary code execution vulnerability in the mirror mode. By converting untrusted sandbox files int...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/04/20 2:56 p.m.7 views

OPENSUSE-SU-2026:20479-1 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...

5.3CVSS5.8AI score0.00414EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 6:34 p.m.6 views

EUVD-2026-20507

A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address URL. This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery SSRF...

6.5CVSS6AI score0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 6:34 p.m.13 views

EUVD-2025-209308

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 5:20 p.m.4 views

CVE-2025-14243

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 5:6 p.m.5 views

CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

5.2CVSS5.7AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 5:4 p.m.33 views

CVE-2026-32590

CVE-2026-32590 affects Red Hat Quay and relates to the handling of resumable container image layer uploads. The vulnerability stems from how intermediate upload data is stored in the database: if this data is tampered with, an attacker could trigger arbitrary code execution on the Quay server (re...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References11Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/08 5:4 p.m.4 views

CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/08 4:41 p.m.4 views

CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 4:41 p.m.27 views

CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/08 4:37 p.m.7 views

CVE-2025-14243

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation. Mitigation Mitigation for this issue is either not...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 4:26 p.m.6 views

CVE-2026-2377 Mirror-registry: quay: quay: server-side request forgery via log export functionality

A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as...

6.5CVSS6AI score0.00405EPSS
Exploits0References8
CVE
CVE
added 2026/04/08 4:26 p.m.36 views

CVE-2026-2377

CVE-2026-2377 affects mirror-registry’s log export functionality. Authenticated users can trigger a server-side request forgery (SSRF) by supplying a crafted URL, allowing the backend to reach internal network resources. This may expose sensitive information or access to internal systems. The des...

6.5CVSS6AI score0.00405EPSS
Exploits0References9Affected Software2
Cvelist
Cvelist
added 2026/04/08 4:26 p.m.36 views

CVE-2026-2377 Mirror-registry: quay: quay: server-side request forgery via log export functionality

A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as...

6.5CVSS0.00405EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

Red Hat OpenShift Mirror Registry 安全漏洞

Red Hat OpenShift Mirror Registry is a lightweight container image repository service provided by Red Hat Corporation. There is a security vulnerability in Red Hat OpenShift Mirror Registry. This vulnerability stems from failed authentication processes and different error messages during account...

5.3CVSS5.8AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31329

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

Red Hat OpenShift Mirror Registry 代码问题漏洞

Red Hat OpenShift Mirror Registry is a lightweight container image repository service provided by Red Hat Corporation. There are code-related vulnerabilities in Red Hat OpenShift Mirror Registry. These vulnerabilities allow authenticated users to utilize the log export feature to provide custom...

6.5CVSS5.9AI score0.00405EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006634)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006634 advisory. In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITSPERLONG The code in dm-log rounds up bitsetsize...

5.5CVSS6.1AI score0.00273EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 6:14 p.m.5 views

GHSA-M34Q-H93W-VG5X OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped

Summary Before OpenClaw 2026.4.2, the OpenShell mirror backend accepted arbitrary absolute remoteWorkspaceDir and remoteAgentWorkspaceDir values. In mirror mode, those paths were then used as the target of remote cleanup and overwrite operations. Impact If an attacker could influence those...

6.9CVSS6AI score0.00371EPSS
Exploits0References3
Rows per page
Query Builder