Lucene search
K

131 matches found

NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

5.5CVSS0.00176EPSS
Exploits0References6
CVE
CVE
added 2026/06/30 8:21 p.m.17 views

CVE-2026-9106

The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:21 p.m.7 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:21 p.m.36 views

CVE-2026-9106 UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS0.00176EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 8:21 p.m.10 views

EUVD-2026-40407

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53988

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A UI misrepresentation issue allows an OAuth application to obtain unauthorized access to organization runner management. An attacker can exploit this by creating an OAuth application...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:11 p.m.12 views

Malicious code in yunxin-overmind-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57551a10d99024d1d12c7f2e349e6557613ed3a5e036bf45d71129d501fbbabc On npm install, the package's scripts.postinstall runs src/postinstall.js, which spawns a detached Node child that collects the installer's hostname,...

5.3AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/13 7:10 a.m.95 views

Exploit for CVE-2026-48017

CVE-2026-48017 — Remote Code Execution in DbGate via function...

6.6AI score0.0051EPSS
Exploits1
Snyk
Snyk
added 2026/06/11 3:20 p.m.18 views

Directory Traversal

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the filtersafetarinfos and filtersafezipinfos functions in the archive extraction utilities. An attacker can write arbitrary files outside the...

8.6CVSS6.2AI score0.00518EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44068

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.8 through 18.10.6 GitLab EE versions 18.11 through 18.11.3 GitLab EE versions 19.0 through 19.0.0 Description An issue exists where improper user identity resolution when triggering Duo AI workflow runners could allow an...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/05/26 2:47 p.m.153 views

Exploit for CVE-2026-47668

CVE-2026-47668 DbGate Unauthenticated Remote Code Execution...

6.7AI score0.00336EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/17 10:16 p.m.27 views

OpenClaw: busybox and toybox applet execution weakened exec approval binding

Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...

8.8CVSS5.9AI score0.00356EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/17 10:16 p.m.2 views

GHSA-2CQ5-MF3V-MX44 OpenClaw: busybox and toybox applet execution weakened exec approval binding

Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...

8.8CVSS5.9AI score0.00356EPSS
Exploits0References6
CNVD
CNVD
added 2026/04/08 12:0 a.m.5 views

OpenClaw Authorization Problem Vulnerability (CNVD-2026-16621)

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11, which stems from the failure of the system.run approval function to properly bind variable file operands for specific script runners such as tsx, jiti, and others. An...

9.4CVSS5.8AI score0.00179EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/29 12:44 p.m.1 views

CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

9.4CVSS6AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.23 views

CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

9.4CVSS0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/03/29 12:44 p.m.2 views

CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified cod...

9.4CVSS6.1AI score0.00179EPSS
Exploits0References4
CVE
CVE
added 2026/03/29 12:44 p.m.18 views

CVE-2026-32978

OpenClaw OpenClaw

9.4CVSS6AI score0.00179EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:48 p.m.9 views

OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity

Summary In affected versions of openclaw, node-host system.run approvals did not bind a mutable file operand for some script runners, including forms such as tsx and jiti. An attacker could obtain approval for a benign script-runner command, rewrite the referenced script on disk, and have the...

9.4CVSS6.3AI score0.00179EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/13 3:48 p.m.13 views

GHSA-QC36-X95H-7J53 OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity

Summary In affected versions of openclaw, node-host system.run approvals did not bind a mutable file operand for some script runners, including forms such as tsx and jiti. An attacker could obtain approval for a benign script-runner command, rewrite the referenced script on disk, and have the...

8CVSS6.3AI score0.00179EPSS
Exploits0References5
Rows per page
Query Builder