Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40 matches found

NVD
NVDadded 5 days ago5 views

CVE-2026-49291

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...

8.1CVSS0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 5 days ago11 views

PT-2026-51006

Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.65.3 Description The HTTP MCP JSON-RPC endpoint at "/mcp" fails to properly validate OAuth scopes. It allows requests with only the read scope to be dispatched to handlers that include mutating tools...

8.1CVSS5.9AI score0.00264EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/06/05 7:17 p.m.7 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.5AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.7 views

PT-2026-40858

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.0 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper authorization allows an authenticated user possessing a read api scoped OAuth application to...

8.1CVSS5.8AI score0.00311EPSS
Exploits0References6
NVD
NVDadded 2026/04/24 9:16 a.m.1 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/24 8:28 a.m.1 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.2AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/24 8:28 a.m.4 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.3AI score0.00269EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/24 8:28 a.m.25 views

CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS0.00269EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/24 8:28 a.m.2 views

EUVD-2026-25409

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.3AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/24 12:0 a.m.6 views

PT-2026-34869

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.3AI score0.00269EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/23 6:33 p.m.5 views

EUVD-2026-25274

OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References4
NVD
NVDadded 2026/04/23 6:16 p.m.3 views

CVE-2026-41908

OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...

6.5CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/23 5:52 p.m.1 views

CVE-2026-41908 OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route

OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References3
CVE
CVEadded 2026/04/23 5:52 p.m.10 views

CVE-2026-41908

CVE-2026-41908: OpenClaw prior to 2026.4.20 contains a scope enforcement bypass in the assistant-media route. Trusted-proxy callers lacking operator.read can bypass identity-bearing HTTP auth scope validation to access protected assistant-media files and metadata within allowed media roots. Affec...

6.5CVSS5.8AI score0.00222EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/04/21 12:16 a.m.9 views

CVE-2026-41298

OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls...

5.4CVSS0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/20 11:8 p.m.4 views

CVE-2026-41298 OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint

OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References3
CVE
CVEadded 2026/04/20 11:8 p.m.15 views

CVE-2026-41298

CVE-2026-41298 affects OpenClaw prior to 2026.4.2. The issue: POST /sessions/:sessionKey/kill did not enforce write scopes in identity-bearing HTTP modes, allowing read-scoped callers to terminate running subagent sessions and bypass authorization checks. Impact is a write-class control-plane mut...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/04/10 5:17 p.m.7 views

CVE-2026-35657

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...

7.1CVSS0.00232EPSS
Exploits0References3
CVE
CVEadded 2026/04/10 4:3 p.m.13 views

CVE-2026-35657

OpenClaw is affected by an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history endpoint, present in versions before 2026.3.25. The issue allows access to session history without proper operator.read permissions by bypassing scope validation. Attackers can exploit this via...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/10 4:3 p.m.4 views

CVE-2026-35657 OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References3
Rows per page
Query Builder