CVE tracker
357 subscribers
4.81K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-61502 - Rejetto HFS < 3.2.1 Cross-Site Request Forgery via GET Requests

CVE ID :CVE-2026-61502
Published : July 13, 2026, 6:16 p.m. | 1 hour, 11 minutes ago
Description :Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and exempts GET requests from its anti-CSRF header check. A remote attacker can perform administrative actions including account creation and configuration changes leading to code execution - by causing a logged-in administrator's browser to navigate to a crafted URL, or without any credentials against default installations when the attack originates from the server's own machine.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61503 - Rejetto HFS < 3.2.1 Username Enumeration via Login Response Differences

CVE ID :CVE-2026-61503
Published : July 13, 2026, 6:16 p.m. | 1 hour, 11 minutes ago
Description :Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and session-forgery attacks.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61504 - Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

CVE ID :CVE-2026-61504
Published : July 13, 2026, 6:16 p.m. | 1 hour, 11 minutes ago
Description :Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name contains script that executes in the browser of anyone viewing the listing.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-61505 - Rejetto HFS < 3.2.1 Limited File Disclosure via Path Traversal in lang Parameter

CVE ID :CVE-2026-61505
Published : July 13, 2026, 6:16 p.m. | 1 hour, 11 minutes ago
Description :Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6875 - Sandbox Escape in ServiceNow AI Platform

CVE ID :CVE-2026-6875
Published : July 13, 2026, 6:17 p.m. | 1 hour, 10 minutes ago
Description :ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. We are not currently aware of exploitation against ServiceNow instances. We recommend customers promptly apply appropriate updates or upgrade to a patched release if they have not already done so.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14906 - Malicious webpage titles could allow overwriting of bundled PDF resources when saving webpages as PDFs in Firefox for iOS

CVE ID :CVE-2026-14906
Published : July 13, 2026, 6:27 p.m. | 1 hour ago
Description :Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-55772 - CedarJava has a type confusion vulnerability

CVE ID :CVE-2026-55772
Published : July 13, 2026, 6:44 p.m. | 43 minutes ago
Description :CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Record-to-Entity type confusion across the Java-Rust FFI boundary. CedarJava sends authorization requests to the Rust cedar-policy evaluator as JSON. The JSON protocol reserves magic single-key object shapes (__entity and __extn) for entity references and extension values. When serializing a CedarMap, there is no validation preventing these reserved keys from being used. If an integrating service builds a CedarMap from caller-supplied key/value data (such as request headers, user-defined metadata, or resource tags), an actor who controls those keys could cause the Rust evaluator to interpret a record as an entity reference. This issue requires the integrating service to build a CedarMap where the an actor controls the keys, and a policy must reference that value in a when/unless clause. This vulnerability has been fixed in versions 2.3.6, 3.4.1, and 4.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62188 - OpenClaw < 2026.6.9 Feishu Authorization Bypass

CVE ID :CVE-2026-62188
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could perform actions that should have required a stronger authorization or policy check. The issue is fixed in version 2026.6.9.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62189 - OpenClaw < 2026.6.9 Symlink Following via Mirror Sync

CVE ID :CVE-2026-62189
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62190 - OpenClaw < 2026.6.9 Authorization Bypass via flock wrapper

CVE ID :CVE-2026-62190
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform unauthorized operations when the affected feature is enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62191 - OpenClaw 2026.6.6 < 2026.6.8 Authorization Bypass via Message Mutations

CVE ID :CVE-2026-62191
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and execute privileged operations when the affected feature is enabled and reachable.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62192 - OpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass

CVE ID :CVE-2026-62192
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester authorization and execute restricted operations.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62193 - OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install

CVE ID :CVE-2026-62193
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's configuration and whether lower-trust input can reach the affected path. The issue is fixed in 2026.6.9.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62194 - OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

CVE ID :CVE-2026-62194
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate privileges and perform unauthorized actions when the feature is reachable.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62195 - OpenClaw 2026.5.20 < 2026.6.6 Authorization Bypass via MCP loopback

CVE ID :CVE-2026-62195
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their intended permissions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62196 - OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs

CVE ID :CVE-2026-62196
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected feature.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62197 - OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery

CVE ID :CVE-2026-62197
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62198 - OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search

CVE ID :CVE-2026-62198
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute restricted operations.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62199 - OpenClaw < 2026.6.6 Authentication Bypass via Environment Filtering

CVE ID :CVE-2026-62199
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions beyond the caller's intended authorization.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62200 - OpenClaw < 2026.6.6 Authentication Bypass via Git ext transport

CVE ID :CVE-2026-62200
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-62239 - FlashAttention Symlink Attack via tarfile.extractall in hopper/setup.py

CVE ID :CVE-2026-62239
Published : 2026年7月13日 22:16 | 1 小時, 1 分 ago
Description :FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download_and_copy() function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the predictable cache directory to redirect extracted binaries to an attacker-chosen location, enabling arbitrary file write with victim privileges during build time.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...