3035 matches found
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
OpenMetaData - SpEL Injection in PUT /api/v1/policies
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...
CVE-2026-56081
Cap-go before 12.128.2 contains an authentication logic flaw allowing an attacker to register and take control of an account bound to a victim’s unverified email. By enabling two-factor authentication on the pre-registered account, the attacker can read and modify the account’s state and enforce ...
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
firefox: Privilege escalation in the Enterprise Policies component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...
CVE-2026-53818
OpenClaw CVE-2026-53818 affects OpenClaw prior to 2026.4.24. It describes an authorization bypass in the MCP loopback feature that lets non-owner callers skip owner-only tool policies and before-tool-call hooks, potentially causing invocation of owner-only behavior to execute restricted tools whe...
CVE-2026-53818 OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback
OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools...