3093 matches found
PT-2026-50499
Name of the Vulnerable Software and Affected Versions undici versions 5.15.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description When parsing a Set-Cookie header, the software accepts any SameSite attribute value containing Strict, Lax, or None as a...
CVE-2026-53845
OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy...
CVE-2026-53857
OpenClaw before 2026.5.3 is vulnerable: the policy enforcement flaw allows Zalo display-name changes to influence allowFrom policy matching, causing attackers with mutable display names to receive responses intended for other Zalo identities when the feature is enabled. Affected product: OpenClaw...
CVE-2026-53845
OpenClaw prior to version 2026.5.6 has a hook bypass in the skill-command dispatch path, where commands routed through the affected path skip the before-tool-call hook coverage, potentially bypassing auditing and policy enforcement. This is described in the CVE entry as a dispatch hook bypass vul...
Chromium: CVE-2026-11684 Insufficient policy enforcement in Network
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
RHEL 8 : webkit2gtk3 (RHSA-2026:25918)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25918 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...
SUSE CVE-2026-12024
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-53835
OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...
CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist
OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...
CVE-2026-53828 OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...
EUVD-2026-36344
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
PT-2026-49035
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description A policy enforcement issue exists in the system.run safe-bin allowlist validation on POSIX nodes. This flaw allows shell expansion to modify how commands are interpreted. Authenticated operators...
CVE-2026-12024
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-12024
CVE-2026-12024 affects Google Chrome DevTools with insufficient policy enforcement, allowing a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability is associated with Chrome prior to 149.0.7827.115. According to the connected sources, this is mitigated by up...
CVE-2026-11684
An insufficient policy enforcement flaw was found in the Network component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517130229...
Chromium: CVE-2026-11247 Insufficient policy enforcement in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-35215
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
EUVD-2026-35210
Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...