3509 matches found
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: chisel, jitsucom-bulker, k3s, polaris, nri-mssql, cert-manager, gostatsd, rancher, redka, kubo, crossplane-provider-azure-sql, local-path-provisioner, redpanda, crossplane-provider-aws-firehose, omnibump, telegraf, tekton-chains, stakater-reloader,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: chisel, jitsucom-bulker, k3s, polaris, nri-mssql, cert-manager, gostatsd, rancher, redka, kubo, crossplane-provider-azure-sql, local-path-provisioner, redpanda, crossplane-provider-aws-firehose, omnibump, telegraf, tekton-chains, stakater-reloader,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: chisel, jitsucom-bulker, k3s, polaris, nri-mssql, cert-manager, gostatsd, rancher, redka, kubo, crossplane-provider-azure-sql, local-path-provisioner, redpanda, crossplane-provider-aws-firehose, omnibump, telegraf, tekton-chains, stakater-reloader,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: chisel, jitsucom-bulker, k3s, polaris, nri-mssql, cert-manager, gostatsd, rancher, redka, kubo, crossplane-provider-azure-sql, local-path-provisioner, redpanda, crossplane-provider-aws-firehose, omnibump, telegraf, tekton-chains, stakater-reloader,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, crossplane-provider-azure-managedidentity, kube-bench, ingress-nginx-controller, crossplane-provider-aws-guardduty, postgres-operator-fips, docker-machine-driver-harvester, crossplane-provider-aws-sqs-fips,...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, crossplane-provider-azure-managedidentity, kube-bench, ingress-nginx-controller, crossplane-provider-aws-guardduty, postgres-operator-fips, docker-machine-driver-harvester, crossplane-provider-aws-sqs-fips,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, datadog-agent, influxd, crossplane-provider-azure-managedidentity, kube-bench, opa, ingress-nginx-controller, crossplane-provider-aws-guardduty, postgres-operator-fips, docker-machine-driver-harvester,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, datadog-agent, influxd, crossplane-provider-azure-managedidentity, kube-bench, opa, ingress-nginx-controller, crossplane-provider-aws-guardduty, postgres-operator-fips, docker-machine-driver-harvester,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, datadog-agent, influxd, crossplane-provider-azure-managedidentity, kube-bench, opa, ingress-nginx-controller, crossplane-provider-aws-guardduty, postgres-operator-fips, docker-machine-driver-harvester,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, datadog-agent, influxd, crossplane-provider-azure-managedidentity, kube-bench, opa, ingress-nginx-controller, crossplane-provider-aws-guardduty, postgres-operator-fips, docker-machine-driver-harvester,...
PT-2026-46853
Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...
CVE-2026-10273
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...
CVE-2026-10617
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
EUVD-2026-34009
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617
The CVE-2026-10617 entry describes a vulnerability in nextlevelbuilder GoClaw up to version 3.11.3, affecting the resolveAuth function in internal/http/auth.go of the Webhook Verification Handler. The issue results from a manipulation that leads to missing authentication, enabling remote exploita...
PT-2026-45821
Name of the Vulnerable Software and Affected Versions GoClaw versions prior to 3.11.4 Description An issue in the Webhook Verification Handler component allows for missing authentication. This occurs within the resolveAuth function located in the internal/http/auth.go file, enabling remote...
goclaw 访问控制错误漏洞
Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain a security vulnerability related to access control. This vulnerability stems from a lack of authentication in the resolveAuth function within the Webhook...