Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/03/13 8:55 p.m.11 views

OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories

Summary OpenClaw automatically discovered and loaded plugins from .openclaw/extensions/ inside the current workspace without an explicit trust or install step. A malicious repository could include a crafted workspace plugin that executed as soon as a user ran OpenClaw from that cloned directory...

8.8CVSS6.3AI score0.00331EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:55 p.m.6 views

OpenClaw: Command-authorized non-owners could reach owner-only `/config` and `/debug` surfaces

Summary OpenClaw documented /config and /debug as owner-only commands, but the command handlers checked only whether the sender was command-authorized. A lower-trust sender who was intentionally allowed to run commands could still reach privileged configuration and debugging surfaces. Impact This...

5.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:55 p.m.12 views

OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths

Summary matchesExecAllowlistPattern normalized patterns and targets with lowercasing and compiled glob matching too broadly on POSIX. In addition, the ? wildcard could match /, which allowed matches to cross path segments. Impact These matching rules could overmatch allowlist entries and permit...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:54 p.m.12 views

OpenClaw: Feishu reaction events could bypass group authorization and mention gating

Summary A Feishu reaction-originated synthetic event could misclassify a group conversation as p2p when the inbound reaction payload omitted chattype. Authorization and mention-gating logic keyed off that incorrect chat type and evaluated the event as a direct message instead of a group message...

5.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:54 p.m.12 views

OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes

Summary An authorization mismatch in the gateway let an authenticated caller with only operator.write use browser.request to reach browser profile management routes that persist configuration to disk. In practice, this exposed an admin-only configuration write primitive through /profiles/create...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:54 p.m.10 views

OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens

Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:54 p.m.14 views

OpenClaw's Zalouser allowlist authorization matched mutable group names by default

Summary OpenClaw's Zalouser allowlist mode accepted mutable group names and normalized slugs as authorization matches instead of requiring stable group IDs. In deployments that used name-based channels.zalouser.groups entries together with permissive sender allowlists, a different group could be...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:51 p.m.14 views

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...

9.9CVSS6AI score0.00512EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/03/13 8:50 p.m.9 views

Statamic vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Patches This has been fixed in 6.6.2...

5.4CVSS5.7AI score0.0023EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:50 p.m.4 views

idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability

idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability Impact The Microsoft.Bcl.Memory package, a transitive dependency of idunno.AtProto and idunno.AtProto.OAuthCallback had a Denial of Service security vulnerability, CVE-2026-26127 Patches v1.7.0 updates...

7.5CVSS5.8AI score0.02049EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/03/13 8:44 p.m.24 views

Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning

Summary Centrifugo supports a configuration flag insecureskiptokensignatureverify that completely disables JWT signature verification. When enabled, Centrifugo accepts any JWT token regardless of signature validity — including tokens signed with wrong keys, random signatures, or no signature at...

5.9AI score
Exploits0References5Affected Software5
Github Security Blog
Github Security Blog
added 2026/03/13 8:44 p.m.10 views

simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

8.2CVSS5.8AI score0.00148EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:41 p.m.9 views

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

Description The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforci...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:41 p.m.10 views

Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

Impact The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression....

7.5CVSS5.7AI score0.00874EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:41 p.m.9 views

Undici has CRLF Injection in undici via `upgrade` option

Impact When an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: 1. Inject arbitrary HTTP headers 2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:37 p.m.10 views

Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

5.9CVSS5.7AI score0.00566EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:7 p.m.9 views

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

Impact A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24....

7.5CVSS5.8AI score0.00488EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:7 p.m.5 views

Undici has an HTTP Request/Response Smuggling issue

Impact Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: - Applications usi...

9.8CVSS5.8AI score0.00493EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:5 p.m.6 views

OneUptime: Password Reset Token Logged at INFO Level

Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...

6.9CVSS5.9AI score0.00235EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:5 p.m.5 views

PyJWT accepts unknown `crit` header extensions

Summary PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This is t...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:4 p.m.14 views

Parse Server's GraphQL WebSocket endpoint bypasses security middleware

Impact Any Parse Server deployment that uses the GraphQL API is affected. The GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection control, and query complexity limits. An attacker can connect to the...

7.3CVSS5.8AI score0.00342EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:4 p.m.11 views

Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145

Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validati...

8.7CVSS5.8AI score0.00451EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:4 p.m.24 views

xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

8.2CVSS5.8AI score0.00152EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:3 p.m.10 views

Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL

Summary Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or aud claim value that gets interpolated into the JWKS fetch URL before the...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References4Affected Software5
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.23 views

Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware

Impact Since version 1.4.0, Scrapy respects the Referrer-Policy response header to decide whether and how to set a Referer header on follow-up requests. If the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.6 views

Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint

Impact The OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is sent to the token introspection endpoint instead of the user's actual access token. Depending on the introspection endpoint's...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.9 views

Deno vulnerable to command Injection via incomplete shell metacharacter blocklist in node:child_process

Summary A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190 GHSA-hmh4-3xvx-q5hr. An attacker who controls arguments passed to spawnSync or spawn with shell: true can execute arbitrary OS commands, bypassing Deno's...

9.8CVSS6.1AI score0.02213EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.5 views

rs-soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction

Security Advisory: Incorrect Equality for Fr Scalar Field Types BN254, BLS12-381 Summary Missing modular reduction in Fr causes incorrect equality comparisons for BN254 and BLS12-381 types in soroban-sdk. Impact The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values usin...

5.3CVSS5.9AI score0.00279EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:0 p.m.7 views

OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

Summary The Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams, enabling XSS through Mermaid's click directive which can execute arbitrary...

7.6CVSS6.2AI score0.00224EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:0 p.m.6 views

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:58 p.m.14 views

OpenClaw: Discord guild reaction ingress could bypass users and roles allowlists

Summary In affected versions of openclaw, Discord reaction ingestion for guild channels did not enforce the same member users and roles allowlist checks used for normal inbound guild messages. A non-allowlisted guild member could still trigger reaction events that were accepted and queued as...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:57 p.m.9 views

CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

Summary Kozea/CairoSVG 300K downloads/week has exponential denial of service via recursive element amplification in cairosvg/defs.py line 335. This causes CPU exhaustion from a small input. Severity High — CVSS 3.1: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Vulnerable Code File:...

7.5CVSS5.8AI score0.0049EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:57 p.m.16 views

Yamux vulnerable to remote Panic via malformed WindowUpdate credit

Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...

8.7CVSS6AI score0.00462EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.8 views

Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload

Summary The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size...

4.3CVSS5.7AI score0.00253EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.8 views

Gokapi vulnerable to DoS in E2E Metadata Parser

Summary An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. Impact Any authenticated user can crash the Gokapi server by sending concurrent large payloads...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.8 views

Gokapi vulnerable to Privilege Escalation in File Replace

Summary An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. Impact Any authenticated user...

4.1CVSS5.8AI score0.00179EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.7 views

SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 6:55 p.m.8 views

SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy

Impact In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the...

8.1CVSS5.7AI score0.00521EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/13 4:10 p.m.8 views

Locutus vulnerable to RCE via unsanitized input in create_function()

Summary The createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 GHSA-fp25-p6mj-qqg6 which was calluserfuncarray using eval in v2.x. This finding affects...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 4:10 p.m.6 views

SM9 Infinity-Point Ciphertext Forgery Vulnerability

Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...

7.5CVSS5.9AI score0.00211EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:48 p.m.8 views

OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode

Summary In affected versions of openclaw, local gateway helper credential resolution treated configured but unavailable gateway.auth.token and gateway.auth.password SecretRefs as if they were unset and could fall back to gateway.remote. credentials in local mode. Impact This could cause local CLI...

3.3CVSS5.9AI score0.00104EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:48 p.m.9 views

OpenClaw: Sandbox staged writes could escape the verified parent directory before commit

Summary In affected versions of openclaw, sandbox fs-bridge writes validated the destination before commit, but temporary file creation and population were not pinned to a verified parent directory. A raced parent-path alias change could cause the staged temp file to be created outside the intend...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:48 p.m.10 views

OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`

Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:48 p.m.8 views

OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity

Summary In affected versions of openclaw, node-host system.run approvals did not bind a mutable file operand for some script runners, including forms such as tsx and jiti. An attacker could obtain approval for a benign script-runner command, rewrite the referenced script on disk, and have the...

9.4CVSS6.3AI score0.00179EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.5 views

OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions

Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.5 views

OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Summary In affected versions of openclaw, node-host system.run approvals could display only an extracted shell payload such as jq --version while execution still ran a different outer wrapper argv such as ./env sh -c 'jq --version'. Impact This is an approval-integrity bug. An attacker who could...

8CVSS6.1AI score0.00272EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.5 views

OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity

Summary In affected versions of openclaw, node-host system.run approvals could still execute rewritten local code for interpreter and runtime commands when OpenClaw could not bind exactly one concrete local file operand during approval planning. Impact Deployments using node-host system.run...

7.3CVSS6.2AI score0.00132EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.6 views

OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries

Summary In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree. Impact A low-privilege sandboxed leaf worker could steer or kill a sibling ru...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.10 views

OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE

Summary In affected versions of openclaw, a caller holding only operator.pairing could use device.token.rotate to mint a new token with broader scopes for an already paired device. If the target device was approved for operator.admin, the attacker could obtain an administrative token without...

6.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.4 views

OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

Summary In affected versions of openclaw, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always carried broad administrative scopes. Plugin-owned HTTP routes using auth: "plugin" could therefore trigger admin-only gateway actions without normal...

9.8CVSS5.8AI score0.00461EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33225