Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 8:6 p.m.9 views

CVE-2026-53809 OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS5.3AI score0.00093EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-8754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper inp...

8.1CVSS5.7AI score0.00408EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.3 views

CVE-2024-8754

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...

8.1CVSS7.2AI score0.00408EPSS
Exploits0References1
NVD
NVD
added 2024/09/12 5:15 p.m.26 views

CVE-2024-8754

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...

8.1CVSS0.00408EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/12 5:2 p.m.13 views

CVE-2024-8754 External Control of Critical State Data in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...

6.4CVSS6.9AI score0.00408EPSS
Exploits0References1
OSV
OSV
added 2024/09/12 5:2 p.m.16 views

CVE-2024-8754 External Control of Critical State Data in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...

6.4CVSS6.8AI score0.00408EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.3 views

PT-2024-39228 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 16.9.7 through 17.1.7 GitLab EE/CE versions 17.2 through 17.2.5 GitLab EE/CE versions 17.3 through 17.3.2 Description: An issue has been discovered in GitLab EE/CE, allowing an attacker to squat on accounts via linking...

8.1CVSS7AI score0.00408EPSS
Exploits0References14
Rows per page
Query Builder