Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/06/24 12:0 a.m.30 views

CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.31 views

CVE-2026-53830 OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6.5CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.20 views

CVE-2026-53830

OpenClaw prior to 2026.4.22 is affected by a webhook secret revocation bypass. The vulnerability lets callers with old Slack/Zalo webhook secrets remain active after secrets.reload, enabling delivery of webhook events during the stale-secret window and potentially accepting previous credentials. ...

6.5CVSS5.3AI score0.00207EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.9 views

CVE-2026-45005

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...

6CVSS5.8AI score0.00288EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:31 p.m.7 views

GHSA-V8J2-5F9P-FMH4 Duplicate Advisory: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q8ff-7ffm-m3r9. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to...

6CVSS5.7AI score0.00288EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.15 views

Duplicate Advisory: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q8ff-7ffm-m3r9. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to...

6CVSS5.7AI score0.00288EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/11 4:46 p.m.20 views

CVE-2026-45005

OpenClaw

6CVSS5.8AI score0.00288EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:46 p.m.7 views

CVE-2026-45005 OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...

6CVSS5.8AI score0.00288EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.7 views

CVE-2026-45005

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...

6CVSS5.8AI score0.00288EPSS
Exploits0References4
Rows per page
Query Builder