Lucene search
K

67 matches found

EUVD
EUVD
added 2026/03/29 3:30 p.m.3 views

EUVD-2026-16999

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS6AI score0.00101EPSS
Exploits0References3
NVD
NVD
added 2026/03/29 1:17 p.m.5 views

CVE-2026-32918

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/29 12:44 p.m.1 views

CVE-2026-32918

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS6AI score0.00101EPSS
Exploits0References3
CVE
CVE
added 2026/03/29 12:44 p.m.15 views

CVE-2026-32918

OpenClaw is affected by a session sandbox escape in the session_status tool (CVE-2026-32918). The vulnerability allows sandboxed subagents to access parent or sibling session state by supplying arbitrary sessionKey values, enabling reading or modification of session data outside the sandbox, incl...

9.2CVSS6AI score0.00101EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.7 views

PT-2026-28448

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains a session sandbox escape issue within the session status tool. This allows sandboxed subagents to access session state belonging to parent or sibling sessions. An attacker...

9.2CVSS6AI score0.00101EPSS
Exploits0References5
OSV
OSV
added 2026/03/18 9:4 p.m.3 views

CVE-2026-32703 OpenProject's repository files are served with the MIME type allowing them to be used to bypass Content Security Policy

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

9CVSS6AI score0.00189EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/13 8:55 p.m.19 views

`OpenClaw: session_status` let sandboxed subagents access parent or sibling session state

Summary The built-in sessionstatus tool did not enforce the intended session-visibility boundary. A sandboxed subagent could supply another session's sessionKey and inspect or modify state outside its own sandbox scope. Impact This allowed a sandboxed child session to read parent or sibling sessi...

9.2CVSS5.8AI score0.00101EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/25 7:33 p.m.22 views

CVE-2026-25734

Rucio WebUI vulnerability CVE-2026-25734: stored XSS in RSE metadata of the WebUI. Attacker-controlled input is persisted by the backend and rendered in the WebUI without proper output encoding, enabling arbitrary JavaScript execution in the user context and potentially session token theft or una...

6.1CVSS5.9AI score0.00287EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.12 views

PT-2026-3640

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...

6.1CVSS5.2AI score0.00168EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2026/01/19 12:0 a.m.168 views

📄 Abacre Retail Point of Sale 14.0.0.396 Cross Site Scripting

Abacre Retail Point of Sale version 14.0.0.396 suffers from a persistent cross site scripting vulnerability. CVE-2025-67263 - Stored cross-site scripting XSS in Abacre Retail Point of Sale 14.0.0.396 Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS...

6.1CVSS4.9AI score0.00168EPSS
Exploits2
OSV
OSV
added 2025/12/19 5:0 a.m.5 views

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

6.9CVSS6.8AI score0.00311EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/19 5:0 a.m.2 views

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

6.9CVSS6.5AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48567

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.11.0-beta.1 Description The admin plugin for Grav, an HTML user interface for configuring Grav and managing pages, contains a Stored Cross-Site Scripting XSS issue. This allows attackers to inject malicious scripts int...

6.8CVSS4.9AI score0.00182EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-5431

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

6.3CVSS5.6AI score0.00602EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:8 a.m.3 views

CVE-2023-21103

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-1...

5.5CVSS6.2AI score0.00096EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/02/03 8:57 a.m.3 views

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update vendored crates CVE-2024-43806, bsc1229952, bsc1230029 rustix 0.37.25 rustix 0.38.34 shlex 1.3.0 Update to version 0.2.6+13: Enable test functional/iak-idevid-persisted-and-protected builddeps: bump uuid from 1.7.0 to 1.10.0 builddep...

7.5CVSS7.7AI score0.00949EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/27 12:55 a.m.3 views

Malicious code in spid-growth-notifier-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cda56c0e08a98c9eabbe82bae2f3b70c122216d4ba4c53b799179a04061beedd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/11/07 3:23 p.m.11 views

firefox: thunderbird: Clipboard "paste" button persisted across tabs

The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack...

7.5CVSS7.3AI score0.0054EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.5 views

PT-2024-8444 · Symphony +4 · Symphony +4

Name of the Vulnerable Software and Affected Versions: Symphony versions prior to 5.4.47 Symphony versions prior to 6.4.15 Symphony versions prior to 7.1.8 Description: The vulnerability is related to the authentication process in the Symphony PHP framework. When consuming a persisted remember-me...

8.8CVSS6.9AI score0.63422EPSS
Exploits1References53
OSV
OSV
added 2024/09/30 6:14 p.m.4 views

USN-7046-1 bubblewrap, flatpak vulnerability

It was discovered that Flatpak incorrectly handled certain persisted directories. An attacker could possibly use this issue to read and write files in locations it would not normally have access to. A patch was also needed to Bubblewrap in order to avoid race conditions caused by this fix...

10CVSS7.2AI score0.01283EPSS
Exploits1References3
Rows per page
Query Builder