Export limit exceeded: 366926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-62231 | 1 Getgrav | 1 Grav | 2026-07-17 | 8.1 High |
| The Grav API plugin (getgrav/grav-plugin-api) before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created with limited scopes (e.g. read-only) can perform any write, delete, or administrative operation the owning user is authorized for. Fixed in 1.0.6. | ||||
| CVE-2026-62228 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8.8 High |
| OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can exploit mismatched environment configurations to persist or execute actions that exceed the caller's approved permissions. | ||||
| CVE-2026-62227 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 7.7 High |
| OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked. | ||||
| CVE-2026-62225 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 5.4 Medium |
| OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can bypass tool policy restrictions through configured input paths to perform unauthorized actions when the affected feature is enabled and reachable. | ||||
| CVE-2026-62222 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 7.8 High |
| OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level. | ||||
| CVE-2026-62221 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 5.4 Medium |
| OpenClaw 2026.5.12 before 2026.5.26 contain an incorrect authorization vulnerability in the ClickClack allowFrom feature. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization, including running non-allowlisted commands. | ||||
| CVE-2026-62219 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 7.1 High |
| OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or policy checks. | ||||
| CVE-2026-62218 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8.8 High |
| OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that allows lower-trust callers to bypass role-management checks. Attackers can perform actions requiring stronger authorization by reaching the affected feature through configured input paths. | ||||
| CVE-2026-62216 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 5 Medium |
| OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy (server-side request forgery). The practical impact depends on the operator's configuration and whether lower-trust input can reach that path. | ||||
| CVE-2026-62215 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8 High |
| OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths, bypassing intended policy checks. | ||||
| CVE-2026-62213 | 2026-07-17 | 6.5 Medium | ||
| OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary. | ||||
| CVE-2026-62212 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 7.1 High |
| OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path. | ||||
| CVE-2026-62211 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 5 Medium |
| OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose sensitive credentials and data through the export mechanism. | ||||
| CVE-2026-62210 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 6.5 Medium |
| OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs that consume gateway resources and reduce availability. | ||||
| CVE-2026-62209 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8.1 High |
| OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an authorization bypass in the ClickClack agent-mode dispatch feature, which could ignore the toolsAllow policy check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could perform actions that should have required a stronger authorization or policy check. | ||||
| CVE-2026-62207 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8.8 High |
| OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths. | ||||
| CVE-2026-62206 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 7.1 High |
| OpenClaw versions before 2026.6.9 contain a missing authorization vulnerability in Discord moderation actions. In affected versions, a lower-trust caller or configured input path could perform moderation actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach the affected path. | ||||
| CVE-2026-62203 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8.8 High |
| OpenClaw versions before 2026.6.6 contain an environment variable filtering vulnerability in host exec that fails to properly sanitize rustup startup variables. Attackers with lower-trust caller access or configured input paths can execute or persist actions beyond their intended authorization level. | ||||
| CVE-2026-62202 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8.8 High |
| OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege escalation vulnerability in isolated cron jobs that allows lower-trust callers to regain denied execution tools. Attackers can execute or persist actions beyond their intended authorization by leveraging misconfigured input paths in the affected cron feature. | ||||
| CVE-2026-11405 | 2026-07-16 | 9.8 Critical | ||
| The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor | ||||