Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

82 matches found

Github Security Blog
Github Security Blogadded 2026/03/03 9:39 p.m.9 views

OpenClaw unpaired device identity can bypass operator pairing and self-assign operator scopes with shared auth

Summary A client using shared gateway auth could attach an unpaired device identity and request elevated operator scopes including operator.admin before pairing approval, enabling privilege escalation. Impact Attackers with valid shared gateway auth could self-assign higher operator scopes by...

5.9AI score
Exploits0References3Affected Software1
OpenVAS
OpenVASadded 2005/11/03 12:0 a.m.31 views

BEA WebLogic Operator/Admin Password Disclosure Vulnerability

The remote web server is running WebLogic. BEA WebLogic Server and WebLogic Express are reported prone to a vulnerability that may result in the disclosure of Operator or Admin passwords. An attacker who has interactive access to the affected managed server, may potentially exploit this issue in ...

4.6CVSS0.1AI score0.00422EPSS
Exploits0
Rows per page
Query Builder