13 matches found
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...
EUVD-2026-21464
OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious...
CVE-2026-35659
OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious...
OpenClaw 数据伪造问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 had a data manipulation vulnerability. This vulnerability stemmed from the fact that TXT metadata in service discovery could affect CLI routing, allowing attackers to redirec...
CVE-2026-26327
Summary (CVE-2026-26327 OpenClaw) OpenClaw uses discovery beacons that publish TXT records (lanHost, tailnetDns, gatewayPort, gatewayTlsSha256). TXT values are unauthenticated and, prior to 2026.2.14, could be treated as authoritative routing/pinning hints by some clients (iOS/macOS used host hin...
CVE-2025-12969
Fluent Bit inforward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing...
CVE-2025-12978
Fluent Bit’s input plugins in_http, in_splunk, and in_elasticsearch have a flaw in tag_key validation that does not enforce exact key-length matching. This lets crafted tag prefixes be treated as full matches, enabling a remote attacker with access to those endpoints to manipulate tags and redire...
CVE-2025-12978 CVE-2025-12978
Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...
CVE-2025-12978 CVE-2025-12978
Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...
CVE-2025-12969 CVE-2025-12969
Fluent Bit inforward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing...
PT-2025-47924
Name of the Vulnerable Software and Affected Versions Fluent Bit in http, in splunk, and in elasticsearch input plugins affected versions not specified Description The input plugins in http, in splunk, and in elasticsearch within Fluent Bit have a flaw in how they validate the tag key. The...
The vulnerability of the PPPoE configuration process of D-Link’s router software D-Link DIR-2640-US allows a hacker to alter routing information, intercept DNS requests, and perform phishing attacks.
The vulnerability of the PPPoE configuration process of D-Link DIR-2640-US router software lies in the presence of pre-installed registration data. Exploiting this vulnerability allows a malicious actor to alter routing information, intercept DNS requests, and carry out phishing attacks from a...
ZyXel ZyWall unauthorized access
It's possible to manipulate with routing via RIP and OSPF with default non-changeble account 'zebra'...