32 matches found
CVE-2026-53810
OpenClaw is affected by a code execution vulnerability present before version 2026.5.18. The issue arises from marketplace runtime extension metadata that can redirect loading to unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin co...
CVE-2026-53810 OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata
OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...
GHSA-9GW6-46QC-99VR Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...
PT-2026-48687
Name of the Vulnerable Software and Affected Versions meta-ads-mcp versions prior to 1.0.102 Description An improper authentication issue exists where the AuthInjectionMiddleware.dispatch function in http auth integration.py unconditionally forwards unauthenticated Streamable HTTP requests to...
nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator
internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...
GHSA-QM33-P5P9-F8VG nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator
internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...
GHSA-598G-H2VC-H5VG nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation
The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...
CVE-2026-28472
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2026-28472
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2026-28472
OpenClaw CVE-2026-28472 affects the gateway WebSocket connect handshake. The vulnerability allows bypassing device-identity checks when an auth.token is present but not validated, enabling attackers to connect to the gateway without device identity or pairing and potentially gain operator access ...
CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2026-28472
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
EUVD-2026-9918
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2022-35503
Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function VNF descriptor. An attacker may be able execute code to change the normal execution of the OSM components,...
CVE-2025-63210
The Newtec Celox UHD models: CELOXA504, CELOXA820 running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserNa...
EUVD-2018-7637
Malware in sbrugna...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the audit subsystem when manipulating log prefixes. An attacker can execute unauthorized code and gain network access by bypassing intended restrictions on privileged API operators. Note: This is exploitable...
Exploit for Cross-site Scripting in Livehelperchat Live_Helper_Chat
Exploit Title: LiveHelperChat 5. Save th...
CVE-2022-43553
A remote code execution vulnerability in EdgeRouters Version 2.0.9-hotfix.4 and earlier allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later...
Upgraded Q -> M from 9 [1659036743700]
Judge has assessed an item in Issue 9 as Medium risk. The relevant finding follows: Centralized risk The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts. If the private key of the owner or minter address is compromised, th...