25 matches found
CVE-2026-32302
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted rever...
OpenClaw Access Control Error Vulnerability (CNVD-2026-14390)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from a browser-initiated WebSocket connection that can bypass origin authentication under certain configurations, which can be exploited by an attacker ...
CVE-2026-32302
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted rever...
OpenClaw 访问控制错误漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from a browser-initiated WebSocket connection that can bypass origin authentication under certain configurations, which can be exploited by an attacker ...
PT-2026-25083
Summary In affected versions of openclaw, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inher...
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
As enterprises refine their strategies for handling Non-Human Identities NHIs, Robotic Process Automation RPA has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared...
EUVD-2020-18061
Malware in sbrugna...
CVE-2020-25374
CyberArk Privileged Session Manager PSM 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time...
CVE-2024-21545
Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handli...
VMware Enhanced Authentication Plug-in Security Vulnerability
The VMware Enhanced Authentication Plug-in is part of the VMware Horizon client from VMware, Inc. and is used to provide an additional authentication layer to enhance the security of access to VMware Horizon virtual desktops and applications. A security vulnerability exists in VMware Enhanced...
Default credentials
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources i.e. state level actors with large computational capabilities...
CVE-2023-47640 Insecure Use of HMAC-SHA1 For Session Signing in datahub
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources i.e. state level actors with large computational capabilities...
VulnCheck KEV: CVE-2022-23176
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access...
CVE-2022-23176
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2U1, 12.x before 12.1.3U3, and 12.2.x through 12.5.x before...
PT-2022-12317 · Unknown · Backdrop Cms
Name of the Vulnerable Software and Affected Versions: Backdrop CMS version 1.20 Description: A Cross Site Request Forgery CSRF issue exists, allowing remote attackers to gain Remote Code Execution RCE on the hosting web server via uploading a malicious add-on with a crafted PHP file. The attack...
Zoho ManageEngine Access Manager Plus has an unspecified vulnerability
ZOHO Zoho ManageEngine Access Manager Plus is a privileged session management solution from ZOHO for enterprises to centralize, secure, and manage remote access to privileged sessions.A security vulnerability exists in versions of Zoho ManageEngine Access Manager Plus prior to 4203. The...
CVE-2021-41065
An issue was discovered in Listary through 6. An attacker can create a \.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's...
IBM Security Secret Server 安全漏洞
IBM Security Secret Server is a privileged access management solution from IBM Corporation. The product supports password management, privileged account identification, and privileged session access monitoring and logging. security vulnerabilities existed prior to IBM Security Secret Server 11.0,...
IBM Security Secret Server 信息泄露漏洞
IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An information disclosure vulnerability exists in IBM Security Secret Serve...
CyberArk Software CyberArk Privileged Session Manager Code Issue Vulnerability
CyberArk Software CyberArk Privileged Session Manager PSM is a software application for privileged session management from CyberArk Software, Israel. The software is a centralized portal that protects privileged users and accounts from accessing target systems, and it is a single solution for...