Lucene search
K
GithubRecent

33100 matches found

Github Security Blog
Github Security Blog
•added last week•14 views

Craft CMS: Unauthorized Deletion of Source Assets During File Replacement

We have identified an authorization issue in Craft CMS AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. Description Craft CMS’s craft\controllers\AssetsController::actionReplaceFile supports replacing...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•7 views

Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save check

Summary The EntriesController::actionMoveToSection endpoint checks only whether the current user can view the destination section, but it does not require permission to save entries into that section. A low-privileged authenticated control-panel user who can move an entry out of its current secti...

6CVSS5.8AI score0.00273EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•11 views

Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Summary EntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model. The subsequent author mutation path accepts attacker-supplied authors / author parameters and allows the change when the current user is one of the o...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent

Command injection via dotfiles URI parameter combined with workspace auto-creation Summary The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted dotfilesuri value for example,...

8.8CVSS6.4AI score0.0228EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
•added last week•7 views

mediawiki/maps has stored XSS through the overlays parameter in the display_map parser function

Summary Stored XSS through wikitext can be performed by inserting malicious HTML into the overlays parameter of the displaymap parser function when using the leaflet service. Details The maps extension doesn't escape overlay names before passing them to leaflet. Leaflet then inserts them as HTML:...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Summary dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious .gitmodules plus a matching tree gitlink whose path is .git/hooks or any...

7.5CVSS6.4AI score0.00448EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•7 views

Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added last week•14 views

Langroid: Path traversal in the file tools allows read/write outside configured current directory

Summary Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

5.8AI score
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added last week•13 views

Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect

Summary The Kerberos Hub upload path sends the agent's Hub credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the operator-configured Hub URL config.HubURI. The HTTP client used &http.Client in UploadKerberosHub is constructed without a CheckRedire...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added last week•14 views

OpenClaw: Native command authorization could skip owner-command enforcement

Summary Native command authorization could skip owner-command enforcement. In affected versions, a sender able to trigger native command handling could authorize a native command without enforcing the configured owner-only command policy. This advisory is scoped to the named feature and...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•12 views

OpenClaw: PowerShell encoded-command aliases could miss exec allowlist checks

Summary PowerShell encoded-command aliases could miss exec allowlist checks. In affected versions, a command request using abbreviated encoded-command flags could use an alias form not recognized by the allowlist parser. This advisory is scoped to the named feature and configuration. It does not...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•11 views

OpenClaw: Trusted retry endpoint checks could match hostname prefixes

Summary Trusted retry endpoint checks could match hostname prefixes. In affected versions, a retry endpoint URL chosen by lower-trust input could pass validation by using a hostname prefix that resembled a trusted host. This advisory is scoped to the named feature and configuration. It does not...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

OpenClaw: Telegram interactive callbacks could skip commands.allowFrom

Summary Telegram interactive callbacks could skip commands.allowFrom. In affected versions, a Telegram user able to invoke an affected callback could mark the callback as an authorized sender before applying commands.allowFrom. This advisory is scoped to the named feature and configuration. It do...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•12 views

Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set

Summary The aarch64 implementations of Cmov and CmovEq seem to assume that the high bits when loading a value of size smaller than a register into a register are zero-extended. However, this is not the case and these bits are unspecified. This can result in a left.cmovz&right, condition not movin...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

Contour has Improper JWT Verification for Non-SNI Requests on Virtual Hosts with Fallback Certificate Enabled

Impact When an HTTPProxy is configured with incompatible combination of both .spec.virtualhost.tls.enableFallbackCertificate: true and .spec.virtualhost.jwtProviders, Contour does not reject the configuration. Consequently, requests from clients that do not send TLS SNI or send an unrecognized SN...

5.8AI score0.00023EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•11 views

OpenClaw: Matrix allowFrom could bind to mutable display names

Summary Matrix allowFrom could bind to mutable display names. In affected versions, a Matrix account able to change display name metadata could match a policy entry through mutable display metadata. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•14 views

OpenClaw: Mattermost slash token revocation could lag until monitor refresh

Summary Mattermost slash token revocation could lag until monitor refresh. In affected versions, a caller with an old Mattermost slash token during the refresh window could continue accepting the old token until the monitor refreshed. This advisory is scoped to the named feature and configuration...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•8 views

OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance

Summary OpenClaw nodes send lifecycle events back to the gateway. In affected releases, a paired node could send an exec lifecycle event that was accepted without enough provenance tying it to an authorized system.run request. This issue affects the node event boundary. It does not allow an...

8.6CVSS5.8AI score0.00342EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

OpenClaw: Combined POSIX shell options could confuse exec revalidation

Summary Combined POSIX shell options could confuse exec revalidation. In affected versions, a command request using combined shell flags could parse approval-time and execution-time shell options differently. This advisory is scoped to the named feature and configuration. It does not change...

8.8CVSS6AI score0.00419EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•11 views

OpenClaw: MCP loopback could skip owner-only tool policy for non-owner callers

Summary MCP loopback could skip owner-only tool policy for non-owner callers. In affected versions, a non-owner caller reaching the affected loopback path could skip owner-only tool policy and before-tool-call hooks. This advisory is scoped to the named feature and configuration. It does not chan...

6.9CVSS5.9AI score0.00096EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

OpenClaw: Slack and Zalo webhook secrets could remain active after secrets.reload

Summary Slack and Zalo webhook secrets could remain active after secrets.reload. In affected versions, a caller with an old webhook secret during the stale-secret window could keep accepting the previous secret after secrets.reload. This advisory is scoped to the named feature and configuration. ...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•6 views

OpenClaw: Feishu dynamic-agent bindings could miss configWrites enforcement

Summary Feishu dynamic-agent bindings could miss configWrites enforcement. In affected versions, a Feishu sender using dynamic-agent binding behavior could create or update bindings without honoring the configured config-write control. This advisory is scoped to the named feature and configuratio...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

OpenClaw: Sandboxed session spawn could expose the real workspace path to child prompts

Summary Sandboxed session spawn could expose the real workspace path to child prompts. In affected versions, a child session spawned from a sandboxed parent could forward the host workspace path into the child session prompt. This advisory is scoped to the named feature and configuration. It does...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

OpenClaw: Embedded runner policy could be confused by provider aliases

Summary Embedded runner policy could be confused by provider aliases. In affected versions, a request using provider aliases could compare policy against an alias instead of the canonical provider identity. This advisory is scoped to the named feature and configuration. It does not change...

4.8CVSS5.9AI score0.00093EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

OpenClaw: Fake package roots could influence memory-core artifact loading

Summary Fake package roots could influence memory-core artifact loading. In affected versions, a local package root resolution path influenced by workspace state could select a package root that was not the intended bundled artifact root. This advisory is scoped to the named feature and...

7.8CVSS5.9AI score0.00114EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

OpenClaw: Workspace .env could override Homebrew executable selection for skill install flows

Summary Workspace .env could override Homebrew executable selection for skill install flows. In affected versions, a workspace .env in a repository opened by a trusted operator could override the Homebrew executable used by the install helper. This advisory is scoped to the named feature and...

8.8CVSS6AI score0.00298EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

OpenClaw: QQBot pre-dispatch slash commands could skip allowFrom checks

Summary QQBot pre-dispatch slash commands could skip allowFrom checks. In affected versions, a QQBot sender able to invoke slash commands could dispatch the command before applying the configured allowFrom policy. This advisory is scoped to the named feature and configuration. It does not change...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•12 views

OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes

Summary The bundled device-pair plugin exposed /pair on normal chat command surfaces. In affected releases, authorized non-owner chat senders could issue device-pairing bootstrap codes without having owner, admin, or pairing scope. This issue does not affect unauthenticated users. The caller must...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•8 views

OpenClaw: Browser debug/export routes could reuse already-open blocked tabs

Summary Browser debug/export routes could reuse already-open blocked tabs. In affected versions, a caller that can reference an already-open browser tab could reuse blocked private-network tabs without reapplying the expected SSRF policy. This advisory is scoped to the named feature and...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

OpenClaw: message.action forwarding could send Gateway credentials to model-supplied loopback URLs

Summary message.action forwarding could send Gateway credentials to model-supplied loopback URLs. In affected versions, model-controlled action metadata that selects a loopback Gateway URL could forward the action payload with Gateway credentials to the supplied loopback URL. This advisory is...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•7 views

OpenClaw: QQBot admin commands could skip DM-only and allowFrom policy

Summary QQBot admin commands could skip DM-only and allowFrom policy. In affected versions, a QQBot sender able to trigger the exported command could route admin commands without the QQBot-specific DM-only and allowFrom checks. This advisory is scoped to the named feature and configuration. It do...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•8 views

OpenClaw: Mattermost handlers could fall open when channel type was missing

Summary Mattermost handlers could fall open when channel type was missing. In affected versions, a Mattermost event missing channel type metadata could continue without applying the intended DM policy decision. This advisory is scoped to the named feature and configuration. It does not change...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•7 views

OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing

Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

OpenClaw: Slack allowFrom could bind to mutable display names

Summary Slack allowFrom could bind to mutable display names. In affected versions, a Slack account able to change display name metadata could match a policy entry through mutable display metadata. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•6 views

OpenClaw: Skill Workshop apply flow could override pending approval

Summary Skill Workshop apply flow could override pending approval. In affected versions, an agent tool call reaching the affected Skill Workshop apply path could set apply: true despite approvalPolicy: pending. This advisory is scoped to the named feature and configuration. It does not change...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

OpenClaw: QQBot streaming command could mutate config without explicit allowFrom

Summary QQBot streaming command could mutate config without explicit allowFrom. In affected versions, a QQBot sender reaching the affected command could change configuration without requiring an explicit non-wildcard allowlist entry. This advisory is scoped to the named feature and configuration...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

OpenClaw: Node pairing reconnection could confuse approval scope state

Summary Node pairing reconnection could confuse approval scope state. In affected versions, a paired or reconnecting node session could mutate pairing state in a way that changed the approval scope decision. This advisory is scoped to the named feature and configuration. It does not change...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•7 views

OpenClaw's Slack plugin approvals used the exec approver gate for plugin actions

Summary Slack plugin approvals used the exec approver gate for plugin actions. In affected versions, a Slack user authorized only for exec approvals could resolve a plugin approval through the exec approver gate. This advisory is scoped to the named feature and configuration. It does not change...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•11 views

OpenClaw: memory-wiki ingest could read local files with operator.write scope

Summary memory-wiki ingest could read local files with operator.write scope. In affected versions, a Gateway caller with operator.write access to the plugin tool could read arbitrary local file paths instead of staying within the intended ingest sources. This advisory is scoped to the named featu...

6.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•6 views

OpenClaw: Scoped chat.send route inheritance could bypass admin command scope gates

Summary Some internal command handlers require operator.approvals or operator.admin scopes. In affected releases, a scoped Gateway chat.send request delivered through an inherited external route could be evaluated as an external-channel command while still carrying the lower Gateway client scopes...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion

Summary On POSIX nodes, OpenClaw's system.run safe-bin checks could approve a command before shell expansion changed how the command was interpreted. A value that appeared to be a safe-bin argument could expand into additional shell words and become a file operand. This issue is limited to paired...

6.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•8 views

OpenClaw: QQBot native approval buttons did not enforce configured approver identity

Summary OpenClaw's QQBot channel can deliver native approval buttons for exec and plugin approvals. In affected releases, the button callback path resolved approvals without enforcing the configured QQBot approver identity. The text command approval path used the authorization check; the issue wa...

8CVSS5.8AI score0.00199EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•8 views

OpenClaw: Hook-triggered CLI runs could receive owner MCP tool authority

Summary OpenClaw hook ingress can start automated agent runs using a configured hook token. In affected releases, a hook-triggered run could select a bundled CLI backend that received owner-scoped MCP loopback authority instead of a scope appropriate for hook ingress. This issue affects the...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•8 views

OpenClaw: Control UI locality spoofing could mint a durable admin device token

Summary In affected LAN/shared-token Control UI deployments, a caller could spoof locality information used during Control UI pairing and obtain a durable admin-capable device token. This issue is limited to deployments where the caller already has the network/authentication foothold needed to...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•8 views

OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers

Summary Same-host trusted-proxy deployments could accept local forged identity headers. In affected versions, a local same-host caller that can reach the proxy-facing Gateway port could supply identity headers normally reserved for the trusted proxy. This advisory is scoped to the named feature a...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•7 views

OpenClaw's marketplace runtime extension metadata could point at unscanned payloads

Summary Marketplace runtime extension metadata could point at unscanned payloads. In affected versions, a package selected for installation by a trusted operator could redirect runtime loading toward hidden package content that was not scanned as expected. This advisory is scoped to the named...

8.8CVSS6AI score0.00419EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•7 views

OpenClaw's browser act interactions could bypass private-network navigation checks

Summary OpenClaw's browser control SSRF checks blocked direct navigation to private or loopback URLs, but some Playwright act interactions could trigger navigation after the initial check. A later browser evaluation could then read from the page reached by that action-triggered navigation. This...

7.7CVSS5.8AI score0.00247EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added last week•10 views

How GitHub used secret scanning to reach inbox zero

Several years ago, GitHub Security launched an initiative to assess and improve our overall secrets hygiene. As part of that effort, we piloted the Secret Scanning capability that was under development at the time. That's when we found more than 20,000 secrets spread across our 15,000+...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
•added last week•9 views

OpenClaw: Shell wrapper argv could change between approval and execution

Summary Shell wrapper argv could change between approval and execution. In affected versions, a command request using a shell wrapper form could approve one resolved argv shape and rebuild another for execution. This advisory is scoped to the named feature and configuration. It does not change...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added last week•9 views

OpenClaw: Bundle MCP loopback could miss its exec denylist on session spawn

Summary Bundle MCP loopback could miss its exec denylist on session spawn. In affected versions, a caller that can reach the affected bundled MCP session-spawn path could bypass the denylist that was intended for that loopback MCP entry point. This advisory is scoped to the named feature and...

6AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities33100