CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Cvelist•added 2026/04/28 6:9 p.m.•23 views

CVE-2026-41398 OpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI Bridge

OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting...

4.6CVSS0.00007EPSS

Exploits0References3

CVE•added 2026/04/28 6:9 p.m.•4 views

CVE-2026-41398

OpenClaw (npm package) is affected by an improper access-control vulnerability in the iOS A2UI bridge prior to 2026.4.2. A local-network or tailnet page can be loaded to a vulnerable session and trigger unauthorized agent.request runs, polluting session state and depleting budget. The issue is fi...

4.6CVSS5.3AI score0.00007EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/28 6:9 p.m.•1 views

EUVD-2026-26106

4.6CVSS5.2AI score0.00007EPSS

Exploits0References3

OSV•added 2026/03/19 3:30 a.m.•1 views

GHSA-JQPF-VJ28-9V7R Duplicate Advisory: Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gw85-xp4q-5gp9. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel...

8.3CVSS5.7AI score0.00071EPSS

Exploits0References5

OSV•added 2026/03/19 2:16 a.m.•1 views

CVE-2026-31998

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

9.8CVSS5.9AI score

Exploits0References4

EUVD•added 2026/03/19 1:0 a.m.•2 views

EUVD-2026-13035

9.8CVSS5.8AI score0.00071EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 6:28 a.m.•4 views

CVE-2024-56348

In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents...

4.3CVSS6.9AI score0.00006EPSS

Exploits1References1

CVE•added 2024/12/20 2:11 p.m.•54 views

CVE-2024-56348

Summary: CVE-2024-56348 affects JetBrains TeamCity versions prior to 2024.12, due to improper access control that allows viewing details of unauthorized agents, potentially exposing confidential agent information. Impact: CVSSv3.1 base score 4.3 (Medium) with confidentiality impact rated Low. Rem...

4.3CVSS7AI score0.00006EPSS

Exploits1References1Affected Software1