131 matches found
CVE-2026-9106
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...
CVE-2026-9106
The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...
CVE-2026-9106
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...
CVE-2026-9106 UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...
EUVD-2026-40407
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...
PT-2026-53988
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A UI misrepresentation issue allows an OAuth application to obtain unauthorized access to organization runner management. An attacker can exploit this by creating an OAuth application...
Malicious code in yunxin-overmind-comment (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57551a10d99024d1d12c7f2e349e6557613ed3a5e036bf45d71129d501fbbabc On npm install, the package's scripts.postinstall runs src/postinstall.js, which spawns a detached Node child that collects the installer's hostname,...
Exploit for CVE-2026-48017
CVE-2026-48017 — Remote Code Execution in DbGate via function...
Directory Traversal
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the filtersafetarinfos and filtersafezipinfos functions in the archive extraction utilities. An attacker can write arbitrary files outside the...
PT-2026-44068
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.8 through 18.10.6 GitLab EE versions 18.11 through 18.11.3 GitLab EE versions 19.0 through 19.0.0 Description An issue exists where improper user identity resolution when triggering Duo AI workflow runners could allow an...
Exploit for CVE-2026-47668
CVE-2026-47668 DbGate Unauthenticated Remote Code Execution...
OpenClaw: busybox and toybox applet execution weakened exec approval binding
Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...
GHSA-2CQ5-MF3V-MX44 OpenClaw: busybox and toybox applet execution weakened exec approval binding
Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...
OpenClaw Authorization Problem Vulnerability (CNVD-2026-16621)
OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11, which stems from the failure of the system.run approval function to properly bind variable file operands for specific script runners such as tsx, jiti, and others. An...
CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...
CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...
CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...
CVE-2026-32978
OpenClaw OpenClaw
OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity
Summary In affected versions of openclaw, node-host system.run approvals did not bind a mutable file operand for some script runners, including forms such as tsx and jiti. An attacker could obtain approval for a benign script-runner command, rewrite the referenced script on disk, and have the...
GHSA-QC36-X95H-7J53 OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity
Summary In affected versions of openclaw, node-host system.run approvals did not bind a mutable file operand for some script runners, including forms such as tsx and jiti. An attacker could obtain approval for a benign script-runner command, rewrite the referenced script on disk, and have the...