119 matches found
SUSE CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
EUVD-2026-21150
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering...
CVE-2026-35649
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access...
CVE-2026-35649
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access...
CVE-2026-35649
OpenClaw components affected by CVE-2026-35649: OpenClaw prior to version 2026.3.22. The issue is a settings reconciliation vulnerability where explicit empty allowlists are treated as unset during reconciliation, silently undoing intended deny-all revocations and restoring previously revoked per...
EUVD-2026-21444
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access...
CVE-2026-35649 OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access...
PT-2026-31960
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the authentication for Google OIDC tokens in the GCR Receiver webhook endpoint. An attacker can trigger unauthorized reconciliation of resources by presenting any valid Google-issued...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the authentication for Google OIDC tokens in the GCR Receiver webhook endpoint. An attacker can trigger unauthorized reconciliation of resources by presenting any valid Google-issued...
CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
The Manipulate-And-Observe Attack on Quantum Key Distribution
Quantum key distribution is often regarded as an unconditionally secure method to exchange a secret key by harnessing fundamental aspects of quantum mechanics. Despite the robustness of key exchange, classical post-processing reveals vulnerabilities that an eavesdropper could target. In particula...
OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation
Summary Tlon settings reconciliation treated explicit empty allowlists as unset, which could silently undo an intended deny-all revocation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun
Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31 characters or more, causing a denial of service for all reconciliation. Details The controller...
Quantum CDMA-Based Continuous Variable Quantum Key Distribution Using Chaotic Phase Shifters
We present a quantum code-division multiple-access q-CDMA framework for multiuser continuous-variable quantum key distribution CV-QKD over a shared quantum channel. The proposed architecture employs chaotic phase shifters to encode and decode quantum states, enabling efficient multiplexing and...
EUVD-2026-11363
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted...
Tata Consultancy Services Cognix Recon Client 安全漏洞
Tata Consultancy Services Cognix Recon Client is a financial reconciliation software developed by Tata Consultancy Services in India. Version 3.0 of Tata Consultancy Services Cognix Recon Client contains a security vulnerability. This vulnerability stems from an access control flaw in the passwor...
CVE-2026-23683
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted...
CVE-2026-23683
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted...
CVE-2026-23683
CVE-2026-23683 affects SAP Fiori App Intercompany Balance Reconciliation. Root cause: missing authorization checks for an authenticated user leading to privilege escalation. Impact is described as low for confidentiality, integrity and availability; no exploitation details are provided. Remediati...