Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54763

Name of the Vulnerable Software and Affected Versions Rancher Fleet affected versions not specified Description An authentication bypass exists in the webhook component. Additionally, a Pod Security Standard PSS bypass can be achieved through the manipulation of namespace labels. Recommendations ...

8.8CVSS5.7AI score0.00508EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32896 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin

The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by exploiting the...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 10:0 p.m.30 views

CVE-2026-29613

OpenClaw is affected in versions prior to 2026.2.12, where the BlueBubbles optional plugin webhook handler authenticates requests only by loopback remoteAddress and does not validate forwarding headers. This allows an unauthenticated attacker, especially when behind a reverse proxy, to reach the ...

8.2CVSS6.1AI score0.00408EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/02/18 12:54 a.m.4 views

Missing Authentication for Critical Function

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the tunnel.allowNgrokFreeTierLoopbackBypass configuration option in the webhook authentication. An attacker can trigger unauthorized...

6.9CVSS5.8AI score0.0029EPSS
Exploits0References2
Rows per page
Query Builder