Lucene search
+L

547 matches found

OSV
OSV
added 2026/05/21 5:59 p.m.8 views

GHSA-HGV7-V322-MMGR @sveltejs/kit: `query.batch` cross-talk

query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...

5.9CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.20 views

PT-2026-42177

Name of the Vulnerable Software and Affected Versions phoenix storybook versions 0.4.0 through 1.0.x Description An authorization bypass occurs due to user-controlled keys, allowing cross-session PubSub topic injection via a URL query parameter. The function handle params/3 in...

2.3CVSS5.5AI score0.00449EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2026/05/04 12:0 a.m.8 views

The vulnerability of the Nextcloud Talk plugin with the AI agent OpenClaw (previously known as ClawdBot or MoltBot) allows a hacker to bypass existing security mechanisms.

The vulnerability of the Nextcloud Talk plugin and the AI agent OpenClaw previously known as ClawdBot or MoltBot is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms remotely...

10CVSS5.7AI score0.00489EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/28 7:37 p.m.6 views

CVE-2026-41379

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS0.00243EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41379

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS5.2AI score0.00243EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.32 views

CVE-2026-41379 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35764

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Authenticated operators with write permissions can escalate privileges to access admin-class Talk Voice configuration persistence. This is possible by exploiting the 'chat.send' endpoint to reac...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from permission escalation vulnerabilities, allowing authenticated operators with write permissions to acces...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 12:30 a.m.11 views

Duplicate Advisory: OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xhq5-45pm-2gjr. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room...

5.4CVSS5.6AI score0.00241EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/10 12:30 a.m.7 views

EUVD-2026-21106

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

4.2CVSS5.9AI score0.00241EPSS
Exploits0References5
OSV
OSV
added 2026/04/10 12:30 a.m.9 views

GHSA-5F7H-P83X-5VC2 Duplicate Advisory: OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xhq5-45pm-2gjr. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room...

4.2CVSS5.7AI score0.00241EPSS
Exploits0References5
NVD
NVD
added 2026/04/09 10:16 p.m.17 views

CVE-2026-35624

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

5.4CVSS0.00241EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.3 views

CVE-2026-35624 OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

4.2CVSS5.8AI score0.00241EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 9:26 p.m.24 views

CVE-2026-35624 OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

4.2CVSS0.00241EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:26 p.m.4 views

CVE-2026-35624

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

4.2CVSS5.9AI score0.00241EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 9:26 p.m.31 views

CVE-2026-35624

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms. Affec...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/09 9:26 p.m.3 views

CVE-2026-35624 OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

2.3CVSS6AI score0.00241EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.11 views

PT-2026-31760

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

4.2CVSS5.9AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities were caused by a strategy confusion in room authorization. Attackers could exploit rooms with similar names to bypas...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/07 6:11 p.m.10 views

OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send

Summary Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow...

7.1CVSS5.9AI score0.00243EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder