Lucene search
K

812 matches found

OSV
OSV
added 2026/03/29 3:30 p.m.3 views

GHSA-HH43-Q692-2XMQ Duplicate Advisory: `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wcxr-59v9-rxr8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows...

9.2CVSS5.9AI score0.00101EPSS
Exploits0References4
NVD
NVD
added 2026/03/29 1:17 p.m.5 views

CVE-2026-32918

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/29 12:44 p.m.1 views

CVE-2026-32918

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS6AI score0.00101EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/29 12:44 p.m.5 views

CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS6AI score0.00101EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause a sandboxed agent to access the state of a parent or sibling session to read or modify session data outside the scope of the sandb...

9.2CVSS5.8AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.7 views

PT-2026-28448

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains a session sandbox escape issue within the session status tool. This allows sandboxed subagents to access session state belonging to parent or sibling sessions. An attacker...

9.2CVSS6AI score0.00101EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.6 views

CVE-2025-13478

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

8.4CVSS6AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 3:30 p.m.3 views

EUVD-2025-209094

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

8.4CVSS6AI score0.00286EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/27 2:35 p.m.3 views

CVE-2026-5010 Reflected Cross-Site Scripting (XSS) in Sanoma’s Clickedu

A reflected Cross-Site Scripting XSS vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user...

5.1CVSS5.9AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 2:16 p.m.7 views

CVE-2025-13478

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

8.4CVSS0.00286EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/27 1:43 p.m.26 views

CVE-2025-13478 Cache Misconfiguration Leading to Cross-User Data Exposure

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

8.4CVSS0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 1:43 p.m.2 views

CVE-2025-13478

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

8.4CVSS6AI score0.00286EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 1:43 p.m.5 views

CVE-2025-13478 Cache Misconfiguration Leading to Cross-User Data Exposure

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

8.4CVSS6AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28272

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

8.4CVSS6AI score0.00286EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

OpenText Identity Manager 安全漏洞

OpenText Identity Manager is an identity governance platform provided by OpenText Corporation in Canada, which offers capabilities for managing the identity lifecycle and access control. Version 25.2 of OpenText Identity Manager contains a security vulnerability. This vulnerability stems from...

8.4CVSS5.8AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 1:31 p.m.11 views

CVE-2026-4816

CVE-2026-4816: A Reflected Cross Site Scripting (XSS) vulnerability exists in Support Board v3.7.7. An attacker can craft a malicious URL that injects JavaScript via the search parameter in /supportboard/include/articles.php, causing code execution in the victim’s browser and potentially exfiltra...

5.4CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.6 views

SUSE CVE-2026-27840

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

4.3CVSS5.9AI score0.00142EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:34 p.m.2 views

Race Condition

Overview org.webjars.npm:effect is a node package that allows you to add effects on images. Affected versions of this package are vulnerable to Race Condition in the MixedScheduler class, where the AsyncLocalStorage context is not properly isolated between concurrent fiber executions. An attacker...

9.1CVSS5.8AI score0.0027EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US-based wolfSSL company, designed for developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from a heap buffer overflow in the wolfSSLd2iSSLSESSION function. When...

8.1CVSS6AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.6 views

PT-2026-26362

Summary The application implements an HTML5 cross-origin resource sharing CORS policy that allows access from any domain. While the application is typically deployed within a trusted local network, successful exploitation of this weakness does not require any direct access to the instance by the...

9CVSS6AI score0.00257EPSS
Exploits0References10
Rows per page
Query Builder