Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through the configWrites authorization. An attacker can modify protected configuration data of sibling accounts by issuing channel commands that target accounts with...

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

CVE-2020-7296

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface...

McAfee Web Gateway Elevation of Privilege Vulnerability (CNVD-2020-52201)

McAfee Web Gateway is a high-performance secure Web gateway with best-in-class threat protection in a unified appliance software architecture. An elevation of privilege vulnerability exists in McAfee Web Gateway versions prior to 9.2.1. The vulnerability stems from improper user interface access...

CVE-2020-7296

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface...

The vulnerability of the McAfee VirusScan Enterprise anti-virus software is related to deficiencies in access control, allowing attackers to disclose protected information.

The vulnerability of the McAfee VirusScan Enterprise antivirus software is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to view configuration information in text format through the graphical user interface...

The vulnerability of the User Mode Driver component of the Intel Graphics Driver allows a hacker to gain access to protected information related to device configuration.

The vulnerability of the User Mode Driver component of the Intel Graphics Driver relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to protected configuration information about the device’s settings...

The vulnerability in the web interface of the microprogramming software-based network interface cards Cisco RV110W Wireless-N VPN and the multi-functional VPN routers Cisco RV130W Wireless-N and Cisco RV215W Wireless-N VPN allows attackers to disclose sensitive information.

The vulnerability of the web interface of Microprogramming Software for Cisco RV110W Wireless-N VPN and Multi-Function VPN Routers such as Cisco RV130W Wireless-N and Cisco RV215W Wireless-N VPN lies in the insufficient control of access to web interface files. Exploiting this vulnerability can...

CVE-2018-6225

An XML external entity injection XXE vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script...