Lucene search
K

2988 matches found

OSV
OSV
added last week10 views

GHSA-77Q5-RR5V-X43Q OpenClaw: Trusted retry endpoint checks could match hostname prefixes

Summary Trusted retry endpoint checks could match hostname prefixes. In affected versions, a retry endpoint URL chosen by lower-trust input could pass validation by using a hostname prefix that resembled a trusted host. This advisory is scoped to the named feature and configuration. It does not...

7.1CVSS6AI score0.00265EPSS
Exploits0References2
OSV
OSV
added last week3 views

GHSA-VXX3-6HC9-7CC3 OpenClaw: Combined POSIX shell options could confuse exec revalidation

Summary Combined POSIX shell options could confuse exec revalidation. In affected versions, a command request using combined shell flags could parse approval-time and execution-time shell options differently. This advisory is scoped to the named feature and configuration. It does not change...

8.8CVSS6AI score0.00419EPSS
Exploits0References4
OSV
OSV
added last week4 views

GHSA-3WQP-PRF6-2M72 OpenClaw: Feishu dynamic-agent bindings could miss configWrites enforcement

Summary Feishu dynamic-agent bindings could miss configWrites enforcement. In affected versions, a Feishu sender using dynamic-agent binding behavior could create or update bindings without honoring the configured config-write control. This advisory is scoped to the named feature and configuratio...

3.1CVSS6AI score0.00166EPSS
Exploits0References2
OSV
OSV
added last week4 views

GHSA-77PV-3W4Q-VRJ5 OpenClaw: QQBot pre-dispatch slash commands could skip allowFrom checks

Summary QQBot pre-dispatch slash commands could skip allowFrom checks. In affected versions, a QQBot sender able to invoke slash commands could dispatch the command before applying the configured allowFrom policy. This advisory is scoped to the named feature and configuration. It does not change...

6.9CVSS6AI score0.00192EPSS
Exploits0References2
OSV
OSV
added last week5 views

GHSA-XR4F-MJXJ-W6W5 OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes

Summary The bundled device-pair plugin exposed /pair on normal chat command surfaces. In affected releases, authorized non-owner chat senders could issue device-pairing bootstrap codes without having owner, admin, or pairing scope. This issue does not affect unauthenticated users. The caller must...

8.3CVSS5.9AI score0.0023EPSS
Exploits0References2
OSV
OSV
added last week4 views

GHSA-GP79-M99V-GJMH OpenClaw: Mattermost handlers could fall open when channel type was missing

Summary Mattermost handlers could fall open when channel type was missing. In affected versions, a Mattermost event missing channel type metadata could continue without applying the intended DM policy decision. This advisory is scoped to the named feature and configuration. It does not change...

6.3CVSS6AI score0.00189EPSS
Exploits0References2
OSV
OSV
added last week4 views

GHSA-QJPC-QF9M-XWMR OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing

Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
OSV
OSV
added last week5 views

GHSA-C29C-2Q9C-PC86 OpenClaw: Slack allowFrom could bind to mutable display names

Summary Slack allowFrom could bind to mutable display names. In affected versions, a Slack account able to change display name metadata could match a policy entry through mutable display metadata. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...

8.6CVSS6AI score0.00209EPSS
Exploits0References2
OSV
OSV
added last week3 views

GHSA-83W9-H5WV-J9XM OpenClaw: Node pairing reconnection could confuse approval scope state

Summary Node pairing reconnection could confuse approval scope state. In affected versions, a paired or reconnecting node session could mutate pairing state in a way that changed the approval scope decision. This advisory is scoped to the named feature and configuration. It does not change...

7.6CVSS6AI score0.00221EPSS
Exploits0References2
OSV
OSV
added last week3 views

GHSA-2J8V-HWGC-X698 OpenClaw: Shell wrapper argv could change between approval and execution

Summary Shell wrapper argv could change between approval and execution. In affected versions, a command request using a shell wrapper form could approve one resolved argv shape and rebuild another for execution. This advisory is scoped to the named feature and configuration. It does not change...

8.7CVSS6AI score0.00982EPSS
Exploits0References2
OSV
OSV
added last week7 views

GHSA-QH2F-99MV-MRCF OpenClaw: Bundle MCP loopback could miss its exec denylist on session spawn

Summary Bundle MCP loopback could miss its exec denylist on session spawn. In affected versions, a caller that can reach the affected bundled MCP session-spawn path could bypass the denylist that was intended for that loopback MCP entry point. This advisory is scoped to the named feature and...

6.9CVSS6AI score0.00094EPSS
Exploits0References2
OSV
OSV
added last week2 views

GHSA-XWW8-GQVH-92X9 OpenClaw: Exec approval display truncation could hide the command being approved

Summary OpenClaw exec approvals could show a shortened command in the approval UI while keeping the full original command for execution. For very long commands, an approver could see and approve a benign-looking prefix while a hidden suffix remained part of the command that would run after...

8CVSS5.8AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 2:8 p.m.9 views

EUVD-2026-41005

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/29 6:30 p.m.6 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 8:14 a.m.4 views

OPENSUSE-SU-2026:21166-1 Security update for nano

This update for nano fixes the following issues: Changes in nano: - Update to version 9.1: When searching, the viewport is placed snug left where possible. The ability to read and write files in old Mac format a lone carriage return as line ending was removed. The ^T toggle between WhereIs and...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-53005

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The out http output plugin allows the use of placeholders, such as $tag, in the endpoint configuration parameter. If a placeholder value is derived from untrusted input, an attacker can control the...

7.2CVSS7.3AI score
Exploits0References9
NVD
NVD
added 2026/06/23 3:16 p.m.8 views

CVE-2026-27604

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/19 4:28 p.m.8 views

CVE-2026-56211

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS6.7AI score0.00399EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Thermal/debugfs: Fixed two locking issues related to the thermal zone debug. With the current locking mechanism for thermal zones in the debugfs code, user space can open the “mitigations” file for a thermal zone before the...

5.5CVSS6.3AI score0.00143EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel’s EBPF verifier when handling internal data structures. Internal memory locations could be exposed to userspace. A local attacker with the permission to insert eBPF code into the kernel can exploit this vulnerability to leak internal kernel memor...

4.4CVSS6.7AI score0.00236EPSS
Exploits0References2
Rows per page
Query Builder