9 matches found
CVE-2026-48492
CVE-2026-48492 affects Snipe-IT (IT asset/license management). Prior to version 8.6.1, the GET /api/v1/{object}/selectlist endpoint lacked an authorization check, allowing any logged-in user (with a web session cookie and no API token) to enumerate all user accounts and retrieve usernames, displa...
EUVD-2026-38058
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call...
EUVD-2026-25419
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...
CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...
CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...
CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...
Unintended Scope Exposure
SES is vulnerable to unintended scope exposure. The vulnerability is due to improper isolation due to top-level let, const, or class bindings in...
Juniper Networks Junos OS Evolved Security Vulnerability
Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS system. A security vulnerability exists in Juniper Networks Junos OS Evolved that stems from the presence of a Resource Exposure to Wrong Scope vulnerability that could allow an unauthenticated, web-based...
IBM Robotic Process Automation 安全漏洞
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It can help you automate more business and IT processes at scale with the ease and speed of traditional RPA.IBM Robotic Process Automation for Cloud Pak suffers from a resource...