Lucene search
K

5 matches found

CVE
CVE
added 2026/06/11 8:9 p.m.37 views

CVE-2026-53817

OpenClaw CVE-2026-53817 affects the Control UI pairing in OpenClaw, where locality validation is insufficient. This allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens, converting temporary shared access into persistent administrative ...

8.8CVSS5.5AI score0.00309EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.50 views

Mattermost Server 10.11.x <= 10.11.13 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00570 / MMSA-2026-00575 / MMSA-2026-00582 / MMSA-2026-00622)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an...

5CVSS6AI score0.00143EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/18 6:56 a.m.39 views

CVE-2026-4273 Insufficient token rotation validation in remote cluster invite confirmation

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...

3.7CVSS0.00142EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/15 5:41 p.m.11 views

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation vulnerability discovered by ? in WordPress Npm better-auth versions 1.4.17...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/01/21 5:52 a.m.24 views

CVE-2026-1035 Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

3.1CVSS0.00282EPSS
Exploits0References4
Rows per page
Query Builder