Lucene search
K
GithubRecent

33187 matches found

Github Security Blog
Github Security Blog
•added 2026/03/30 9:31 a.m.•11 views

MLflow Command Injection vulnerability

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS7.5AI score0.01994EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/30 3:30 a.m.•7 views

MLFlow path traversal vulnerability

A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...

10CVSS7.3AI score0.00587EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:50 p.m.•27 views

OpenClaw has ACP CLI approval prompt ANSI escape sequence injection

Summary ACP CLI approval prompt ANSI escape sequence injection Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.2.13, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details ACP tool titles could previously...

5.3CVSS5.9AI score0.0026EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:50 p.m.•6 views

OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State

Summary Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Telegram callba...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:50 p.m.•10 views

OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

Summary Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Weak Webhook Token Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.5CVSS5.9AI score0.00244EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:49 p.m.•7 views

OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback

Summary MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Microso...

6.9CVSS5.9AI score0.00227EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:49 p.m.•8 views

OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`

Summary Gateway Plugin Subagent Fallback deleteSession Uses Synthetic operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway plugin subagent...

8.8CVSS5.9AI score0.0028EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:49 p.m.•7 views

OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing

Summary Feishu Raw card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Feishu raw card...

6.9CVSS5.9AI score0.00276EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:48 p.m.•12 views

OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation

Summary Feishu webhook reads and parses unauthenticated request bodies before signature validation Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Feishu...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:48 p.m.•11 views

OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Summary SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions Incomplete Fix for CVE-2026-28476 Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24...

8.3CVSS5.9AI score0.00244EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:48 p.m.•7 views

OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName

Summary Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Google Chat group...

5.4CVSS5.9AI score0.00236EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:47 p.m.•11 views

OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility

Summary sessionstatus sessionId resolution bypasses sandboxed session-tree visibility Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.11, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:46 p.m.•4 views

OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope

Summary Gateway HTTP Session History Route Bypasses Operator Read Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details The HTTP /sessions/:sessionKey/histor...

7.1CVSS5.9AI score0.00232EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:44 p.m.•6 views

MikroORM has Prototype Pollution in Utils.merge

A prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent special keys such as proto, constructor, or prototype, allowing attacker-controlled input to modify the JavaScript object prototype when...

9.1CVSS6AI score0.00377EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:44 p.m.•16 views

MikroORM is vulnerable to SQL Injection via specially crafted object

Summary MikroORM versions = 6.6.9 and = 7.0.5 are vulnerable to SQL injection when specially crafted objects are interpreted as raw SQL query fragments. Impact If user-controlled input is passed directly to MikroORM query construction APIs, an attacker may inject raw SQL fragments. This can lead ...

9.8CVSS6AI score0.00426EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:41 p.m.•6 views

AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications

Summary The plugin/Live/uploadPoster.php endpoint allows any authenticated user to overwrite the poster image for any scheduled live stream by supplying an arbitrary livescheduleid. The endpoint only checks User::isLogged but never verifies that the authenticated user owns the targeted schedule...

5.4CVSS6AI score0.00243EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:41 p.m.•9 views

AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking

Summary The plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint allows any authenticated user with streaming permission to create or modify broadcast schedules targeting any playlist on the platform, regardless of ownership. When the schedule executes, the rebroadcast runs under the...

6.3CVSS6AI score0.00249EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:40 p.m.•5 views

AVideo: Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal Tokens, and User Financial Records

Summary Multiple payment plugin list.json.php endpoints lack authentication and authorization checks, allowing unauthenticated attackers to retrieve all payment transaction records including PayPal billing agreement IDs, Express Checkout tokens, Authorize.Net webhook payloads with transaction...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:39 p.m.•7 views

wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

Summary A GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner. Details The workflow is triggered by issuecomment, which can be controlled by external users. In the...

9.8CVSS6.5AI score0.02172EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:37 p.m.•11 views

Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)

Summary There is a potential vulnerability in Traefik due to its dependency on an affected version of gRPC-Go CVE-2026-33186. A remote, unauthenticated attacker can send gRPC requests with a malformed HTTP/2 :path pseudo-header omitting the mandatory leading slash e.g., Service/Method instead of...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/29 3:30 p.m.•6 views

Duplicate Advisory: OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vhwf-4x96-vqx2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the...

6.2CVSS5.8AI score0.00087EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:30 p.m.•7 views

Duplicate Advisory: OpenClaw session transcript files were created without forced user-only permissions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vr7j-g7jv-h5mp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing loca...

8.4CVSS5.8AI score0.0012EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:30 p.m.•6 views

Duplicate Advisory: OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jq3f-vjww-8rq7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the...

8.7CVSS5.8AI score0.00531EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:30 p.m.•7 views

Duplicate Advisory: OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qc36-x95h-7j53. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutabl...

9.4CVSS5.9AI score0.00179EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:30 p.m.•5 views

Duplicate Advisory: OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g353-mgv3-8pcj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only...

9.8CVSS6AI score0.00247EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:30 p.m.•7 views

Duplicate Advisory: OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xf99-j42q-5w5p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local...

7.3CVSS6.3AI score0.00132EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:30 p.m.•6 views

Duplicate Advisory: `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wcxr-59v9-rxr8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows...

9.2CVSS5.9AI score0.00101EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:27 p.m.•5 views

OpenCC has an Out-of-bounds read when processing truncated UTF-8 input

Summary OpenCC versions before 1.2.0 contain two CWE-125: Out-of-bounds Read issues caused by length validation failures in UTF-8 processing. When handling malformed or truncated UTF-8 input, OpenCC trusted derived length values without enforcing the invariant that processed length must not excee...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:25 p.m.•6 views

Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted

Summary A nil pointer dereference in tunnelCloseHandler causes the handler goroutine to panic whenever a reverse tunnel rportfwd close is attempted. Both the legitimate close path AND the unauthorized close path dereference tunnel.SessionID where tunnel is guaranteed nil. This means rportfwd...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:23 p.m.•4 views

Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

Summary happy-dom may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from origin A to destination B. Details In packages/happy-dom/src/fetch/utilities/FetchRequestHeaderUtility.ts...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:23 p.m.•5 views

Parse Server has an MFA single-use token bypass via concurrent authData login requests

Impact An attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated sessions by sending concurrent login requests via the authData login endpoint. This defeats the single-use guarantee of MFA recovery cod...

4.4CVSS5.9AI score0.00311EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:22 p.m.•15 views

Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

Impact The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The...

5.9AI score
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/29 3:20 p.m.•10 views

mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:19 p.m.•24 views

XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion

Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

7.5CVSS5.9AI score0.00519EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:17 p.m.•12 views

Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

Summary The prototype method blocklist in lib/handlebars/internal/proto-access.js blocks constructor, defineGetter, defineSetter, and lookupGetter, but omits the symmetric lookupSetter. This omission is only exploitable when the non-default runtime option allowProtoMethodsByDefault: true is...

9.8CVSS5.9AI score0.04506EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:16 p.m.•9 views

Handlebars.js has a Property Access Validation Bypass in container.lookup

Summary In lib/handlebars/runtime.js, the container.lookup function uses container.lookupProperty as a gate check to enforce prototype-access controls, but then discards the validated result and performs a second, unguarded property access depthsiname. This Time-of-Check Time-of-Use TOCTOU patter...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:15 p.m.•6 views

mppx has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered in tempo/charge and tempo/session which allowed for undesirable behaviors, including: - Replaying tempo/charge transaction hashes across push/pull modes, across charge/session endpoints, and via concurrent requests - Performing free tempo/charge...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:14 p.m.•7 views

Parse Server exposes auth data via verify password endpoint

Impact The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. Patch...

8.2CVSS5.9AI score0.00303EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:13 p.m.•25 views

Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Summary Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. Details Iceberg REST catalog typically needs access to object storage. This access can be configured in multiple differen...

7.7CVSS6.1AI score0.00196EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:11 p.m.•3 views

mppx has Stripe charge credential replay via missing idempotency check

Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...

8.1CVSS5.9AI score0.00494EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/29 3:10 p.m.•6 views

mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:37 p.m.•11 views

OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret

Summary Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:32 p.m.•10 views

OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events

Summary BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:31 p.m.•13 views

OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers

Summary Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Matrix verificatio...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:31 p.m.•15 views

OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing

Summary BlueBubbles Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Password Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.5CVSS5.9AI score0.00361EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:30 p.m.•11 views

OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers

Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...

8.8CVSS5.9AI score0.00298EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:29 p.m.•9 views

OpenClaw: Silent privilege escalation via gateway shared-auth reconnect

Summary Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verificati...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:29 p.m.•6 views

OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Backend-labeled...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:28 p.m.•9 views

OpenClaw: Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding

Summary Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding. Details The HTTP route previously treated any bearer-authenticated request as admin-eligible and could call without binding the action to requester ownership or caller-granted operator scopes. Th...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/27 10:26 p.m.•8 views

MinIO is Vulnerable to SSE Metadata Injection via Replication Headers

Impact What kind of vulnerability is it? Who is impacted? A flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication- headers on a normal PutObject request. The...

7.1CVSS6AI score0.00124EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33187