14 matches found
CVE-2026-43528
OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the sourceConfig and runtimeConfig alias fields, which were not properly redacted. An attacker can obtain sensitive...
PT-2026-37014
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description A redaction bypass exists that allows authenticated gateway clients with config read access to receive unredacted secrets. This occurs through the sourceConfig and runtimeConfig alias fields,...
EUVD-2018-7483
Malware in sbrugna...
Important: unbound
Issue Overview: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw...
CVE-2023-37264 Pipelines do not validate child UIDs
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...
Avaya Aura Orchestration Designer Runtime Config Component Cross-Site Request Forgery Vulnerability
Avaya Aura Orchestration Designer is a suite of full-featured graphical development environments from Avaya, Inc. It is used to develop applications that run on media processing servers, voice portals, and interactive response software platforms.Runtime Config is one of the runtime environment...
CVE-2018-15612
CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions include all up to 7.2.1. Available references corroborate the CSRF issue across multiple sources; no explicit mitiga...
CVE-2018-15612 Orchestration Designer Runtime Config CSRF
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1...
CVE-2018-15613 Orchestration Designer Runtime Config XSS
A cross-site scripting XSS vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1...
CVE-2018-15613
A cross-site scripting XSS vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1...
CVE-2018-15612
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1...
CVE-2018-15612
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1...
No Free Pass for ExPetr
Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won't write the special malicious code which encrypts the MFT to MBR. Some have even speculated that some kind of conspiracy might be ongoing. Others have pointed out it's plain and simple...