Lucene search
K

252646 matches found

NVD
NVD
added 2026/03/31 3:16 p.m.4 views

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

8.6CVSS0.00379EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 2:10 p.m.2 views

CVE-2026-33577 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

8.6CVSS5.9AI score0.00379EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:10 p.m.1 views

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

8.6CVSS5.9AI score0.00379EPSS
Exploits0References4
CVE
CVE
added 2026/03/31 2:10 p.m.8 views

CVE-2026-33577

CVE-2026-33577 (OpenClaw) : OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node-pairing approval path. The issue is caused by missing callerScopes validation in node-pairing.ts, allowing a low-privilege operator to approve nodes with broader scopes onto t...

8.6CVSS5.9AI score0.00379EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 2:10 p.m.22 views

CVE-2026-33577 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

8.6CVSS0.00379EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:5 p.m.3 views

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

8.4CVSS5.7AI score0.00255EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2026/03/31 2:2 p.m.22 views

CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS0.00725EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 2:2 p.m.0 views

CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 2:2 p.m.16 views

CVE-2026-34202

ZEBRA (Zcash node) has a vulnerability in its transaction processing logic that can crash a remote, unauthenticated Zebra node by sending a crafted V5 transaction. The issue affects zebrad before version 4.3.0 and zebra-chain before 6.0.1, where transaction ID calculation can panic after successf...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/03/31 2:2 p.m.5 views

CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable)

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

9.2CVSS5.8AI score0.00725EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 1:40 p.m.6 views

Security Bulletin: Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950.

Summary Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition...

8.8CVSS6.4AI score0.00334EPSS
Exploits3Affected Software1
CVE
CVE
added 2026/03/31 1:33 p.m.39 views

CVE-2026-34156

NocoBase exposes a sandbox escape in the Workflow Script Node: an attacker can traverse the sandbox through the host console object (console._stdout/console._stderr) prototype chain to reach the Function constructor, access process, require child_process, and achieve Remote Code Execution as root...

9.9CVSS5.9AI score0.36503EPSS
Exploits7References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 1:33 p.m.27 views

CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

9.9CVSS0.36503EPSS
Exploits7References3
OSV
OSV
added 2026/03/31 1:33 p.m.3 views

CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

9.9CVSS5.9AI score0.36503EPSS
Exploits7References5
Github Security Blog
Github Security Blog
added 2026/03/31 12:31 p.m.10 views

Duplicate Advisory: OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rw39-5899-8mxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that display...

8CVSS6AI score0.00272EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/31 12:31 p.m.3 views

GHSA-W8RF-7QF8-65WW Duplicate Advisory: OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rw39-5899-8mxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that display...

7.3CVSS6AI score0.00272EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 11:17 a.m.26 views

CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

7.3CVSS0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.3 views

CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

7.3CVSS6AI score0.00272EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:17 a.m.3 views

CVE-2026-32971

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

7.3CVSS6AI score0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 11:17 a.m.9 views

CVE-2026-32971

CVE-2026-32971 (OpenClaw) affects OpenClaw prior to version 2026.3.11, in the node-host approval UI for system.run approvals. The root cause is an approval-integrity vulnerability that displays extracted shell payloads instead of the executed argv, enabling wrappers to be placed and wrapper-shape...

8CVSS6AI score0.00272EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder