Lucene search
K

58771 matches found

OSV
OSV
added 2026/07/02 4:55 p.m.8 views

GHSA-XR4F-MJXJ-W6W5 OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes

Summary The bundled device-pair plugin exposed /pair on normal chat command surfaces. In affected releases, authorized non-owner chat senders could issue device-pairing bootstrap codes without having owner, admin, or pairing scope. This issue does not affect unauthenticated users. The caller must...

8.3CVSS5.9AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:43 p.m.8 views

GHSA-QJPC-QF9M-XWMR OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing

Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:23 p.m.6 views

GHSA-83W9-H5WV-J9XM OpenClaw: Node pairing reconnection could confuse approval scope state

Summary Node pairing reconnection could confuse approval scope state. In affected versions, a paired or reconnecting node session could mutate pairing state in a way that changed the approval scope decision. This advisory is scoped to the named feature and configuration. It does not change...

7.6CVSS6AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:18 p.m.5 views

GHSA-P2FH-F5FC-44HR OpenClaw: memory-wiki ingest could read local files with operator.write scope

Summary memory-wiki ingest could read local files with operator.write scope. In affected versions, a Gateway caller with operator.write access to the plugin tool could read arbitrary local file paths instead of staying within the intended ingest sources. This advisory is scoped to the named featu...

6.5CVSS6.1AI score0.00375EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/07/02 2:17 p.m.12 views

GHSA-9R4W-JG96-92MV vulnerabilities

Vulnerabilities for packages: teleport-operator-fips, tbot, teleport...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.12 views

GHSA-XF85-363P-868W vulnerabilities

Vulnerabilities for packages: opentofu-fips, linkerd2, headlamp, cert-manager-cmctl-fips, manifest-tool, rancher, cluster-api-helm-controller-fips, gatekeeper, kargo, kube-arangodb, zarf, xeol, opentofu, kots, rancher-fleet-fips, trivy, kgateway-fips, kgateway, helm-set-status, kube-mgmt-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.11 views

GHSA-VH4V-2XQ2-G5CG vulnerabilities

Vulnerabilities for packages: opentofu-fips, linkerd2, headlamp, cert-manager-cmctl-fips, manifest-tool, rancher, cluster-api-helm-controller-fips, gatekeeper, kargo, kube-arangodb, zarf, xeol, opentofu, kots, rancher-fleet-fips, trivy, kgateway-fips, kgateway, helm-set-status, kube-mgmt-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.10 views

CVE-2026-50162 vulnerabilities

Vulnerabilities for packages: opentofu-fips, linkerd2, headlamp, cert-manager-cmctl-fips, manifest-tool, rancher, cluster-api-helm-controller-fips, gatekeeper, kargo, kube-arangodb, zarf, xeol, opentofu, kots, rancher-fleet-fips, trivy, kgateway-fips, kgateway, helm-set-status, kube-mgmt-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.13 views

GHSA-8XWF-RJM4-XVHV vulnerabilities

Vulnerabilities for packages: opentofu-fips, linkerd2, headlamp, cert-manager-cmctl-fips, manifest-tool, rancher, cluster-api-helm-controller-fips, gatekeeper, kargo, kube-arangodb, zarf, xeol, opentofu, kots, rancher-fleet-fips, trivy, kgateway-fips, kgateway, helm-set-status, kube-mgmt-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.10 views

CVE-2026-48978 vulnerabilities

Vulnerabilities for packages: opentofu-fips, linkerd2, headlamp, cert-manager-cmctl-fips, manifest-tool, rancher, cluster-api-helm-controller-fips, gatekeeper, kargo, kube-arangodb, zarf, xeol, opentofu, kots, rancher-fleet-fips, trivy, kgateway-fips, kgateway, helm-set-status, kube-mgmt-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.8 views

CVE-2026-50151 vulnerabilities

Vulnerabilities for packages: opentofu-fips, linkerd2, headlamp, cert-manager-cmctl-fips, manifest-tool, rancher, cluster-api-helm-controller-fips, gatekeeper, kargo, kube-arangodb, zarf, xeol, opentofu, kots, rancher-fleet-fips, trivy, kgateway-fips, kgateway, helm-set-status, kube-mgmt-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.16 views

GHSA-JXPM-75MH-9FP7 vulnerabilities

Vulnerabilities for packages: opentofu-fips, linkerd2, headlamp, cert-manager-cmctl-fips, manifest-tool, rancher, cluster-api-helm-controller-fips, gatekeeper, kargo, kube-arangodb, zarf, xeol, opentofu, kots, rancher-fleet-fips, trivy, kgateway-fips, kgateway, helm-set-status, kube-mgmt-fips,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.14 views

CVE-2026-49835 vulnerabilities

Vulnerabilities for packages: tkn, kubescape, goreleaser, zarf, trivy-operator, spire-server, neuvector-sigstore-interface, tflint, kyverno, crossplane, aactl, falcoctl, tekton-chains, gitsign, policy-controller, teleport, trivy, kyverno-notation-aws...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.14 views

GHSA-9C54-X2G4-V92J vulnerabilities

Vulnerabilities for packages: tkn, kubescape, goreleaser, zarf, trivy-operator, spire-server, neuvector-sigstore-interface, tflint, kyverno, crossplane, aactl, falcoctl, tekton-chains, gitsign, policy-controller, teleport, trivy, kyverno-notation-aws...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/01 2:36 p.m.12 views

Critical: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.8CVSS6.7AI score0.03732EPSS
Exploits18References44
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-413 Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

9.1CVSS6AI score0.0013EPSS
Exploits0References6
Chainguard
Chainguard
added 2026/06/28 2:17 a.m.10 views

CVE-2026-46604 vulnerabilities

Vulnerabilities for packages: seaweedfs-operator-fips, rclone, rclone-fips, gitlab-workhorse-ce, hugo, seaweedfs, seaweedfs-fips, seaweedfs-operator, listmonk, mattermost...

7.5CVSS6.1AI score0.00346EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/28 2:16 a.m.9 views

GHSA-QVQC-4C52-X6QP vulnerabilities

Vulnerabilities for packages: kube-arangodb-fips, kube-arangodb, guac, gpu-operator-fips, gpu-operator...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/28 2:16 a.m.9 views

CVE-2026-49349 vulnerabilities

Vulnerabilities for packages: kube-arangodb-fips, kube-arangodb, guac, gpu-operator-fips, gpu-operator...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/26 9:29 p.m.6 views

GHSA-C6V2-3FFM-VCMC Nebula Mesh: Web UI lacks ownership checks, enabling cross-operator access to hosts and networks (read, block, delete)

Summary The web UI /ui/ does not apply the per-operator CA scoping the JSON API received for GHSA-598g-h2vc-h5vg. Any authenticated non-admin operator for example, one created via self-registration or OIDC can access resources belonging to other operators. Impact A non-admin operator can: - Block...

8.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder