Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/04/10 4:3 p.m.28 views

CVE-2026-35653 OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the...

8.1CVSS0.006EPSS
Exploits1References4
OSV
OSV
added 2026/03/05 10:16 p.m.3 views

CVE-2026-28473

OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...

8.1CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/23 3:38 a.m.3 views

CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS6AI score0.00309EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 3:38 a.m.5 views

EUVD-2025-35649

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS5.8AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-33582

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01092EPSS
Exploits0References2
Prion
Prion
added 2022/05/21 12:15 a.m.10 views

Design/Logic Flaw

RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...

5CVSS7.5AI score0.01092EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/21 12:5 a.m.17 views

CVE-2022-29215 Argument Injection in RegionProtect

RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...

7.5CVSS7.5AI score0.01092EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/05/21 12:5 a.m.4 views

CVE-2022-29215 Argument Injection in RegionProtect

RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...

7.5CVSS7.5AI score0.01092EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/05/21 12:5 a.m.15 views

CVE-2022-29215 Argument Injection in RegionProtect

RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...

7.5CVSS7.7AI score0.01092EPSS
Exploits0References2
OSV
OSV
added 2020/11/23 2:15 p.m.2 views

DEBIAN-CVE-2020-28053

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...

6.5CVSS6.9AI score0.01379EPSS
Exploits0References1
Rows per page
Query Builder