10 matches found
CVE-2026-35653 OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the...
CVE-2026-28473
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...
CVE-2025-47699
Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...
EUVD-2025-35649
Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...
EUVD-2022-33582
Malicious code in bioql PyPI...
Design/Logic Flaw
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
CVE-2022-29215 Argument Injection in RegionProtect
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
CVE-2022-29215 Argument Injection in RegionProtect
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
CVE-2022-29215 Argument Injection in RegionProtect
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
DEBIAN-CVE-2020-28053
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...