58588 matches found
CVE-2026-1605 vulnerabilities
Vulnerabilities for packages: akhq, neo4j, apache-pulsar, solr, trino, kafka, druid, strimzi-kafka-operator, dependency-track, confluent-kafka...
GHSA-XXH7-FCF3-RJ7F vulnerabilities
Vulnerabilities for packages: akhq, neo4j, apache-pulsar, solr, trino, kafka, druid, strimzi-kafka-operator, dependency-track, confluent-kafka...
GHSA-XXH7-FCF3-RJ7F vulnerabilities
Vulnerabilities for packages: apache-pulsar-fips, confluent-kafka-jre-bcfips, neo4j, solr, akhq, apache-hop, druid, kafka, apache-hop-fips, trino, confluent-kafka, dependency-track, dependency-track-apiserver, strimzi-kafka-operator, apache-jena-fuseki, jenkins, apache-pulsar, kafka-fips...
CVE-2026-1605 vulnerabilities
Vulnerabilities for packages: apache-pulsar-fips, confluent-kafka-jre-bcfips, neo4j, solr, akhq, apache-hop, druid, kafka, apache-hop-fips, trino, confluent-kafka, dependency-track, dependency-track-apiserver, strimzi-kafka-operator, apache-jena-fuseki, jenkins, apache-pulsar, kafka-fips...
CVE-2026-28473
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...
CLEANSTART-2026-GI57625 OpenTelemetry-Go is the Go implementation of OpenTelemetry
Security vulnerability affects the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry...
CLEANSTART-2026-PP62083 OpenTelemetry-Go is the Go implementation of OpenTelemetry
Multiple security vulnerabilities affect the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...
CVE-2026-28473
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...
CVE-2026-28472
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2026-28473
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...
CVE-2026-28472
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2026-28473
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...
CVE-2026-28473 OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...
CVE-2026-28473
Summary of technical details for CVE-2026-28473 (OpenClaw) : OpenClaw versions prior to 2026.2.2 contain an authorization bypass in which a client with the operator.write scope can approve or deny exec approval requests by issuing the /approve chat command. The command path triggers exec.approval...
EUVD-2026-9919
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...
CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
EUVD-2026-9918
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2026-28472
OpenClaw CVE-2026-28472 affects the gateway WebSocket connect handshake. The vulnerability allows bypassing device-identity checks when an auth.token is present but not validated, enabling attackers to connect to the gateway without device identity or pairing and potentially gain operator access ...
CVE-2026-28472
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2025-62879
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...