Cybersecurity & Regolamentazione UE

News & Sicurezza

Aggiornamenti da ENISA, NVD e le principali fonti di cybersecurity europee. Tutto quello che un Responsabile Tecnico deve sapere.

26450 risultati

VulnerabilitàAlta
CVE-2026-53839 - OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

CVE ID :CVE-2026-53839 Published : June 12, 2026, 10:16 p.m. | 9 hours, 22 minutes ago Description :OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53836 - OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases

CVE ID :CVE-2026-53836 Published : June 12, 2026, 10:16 p.m. | 7 hours, 22 minutes ago Description :OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks by using unrecognized encoded-command alias forms to execute arbitrary PowerShell content. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53835 - OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

CVE ID :CVE-2026-53835 Published : June 12, 2026, 10:16 p.m. | 7 hours, 22 minutes ago Description :OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding feature to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53838 - OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

CVE ID :CVE-2026-53838 Published : June 12, 2026, 10:16 p.m. | 9 hours, 22 minutes ago Description :OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval restrictions. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53834 - OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

CVE ID :CVE-2026-53834 Published : June 12, 2026, 10:16 p.m. | 7 hours, 22 minutes ago Description :OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering command handling from blocked senders depending on operator configuration. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53833 (CVSS 7.7)

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching the affected command without non-wildcard allowlist entry requirements.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53832 (CVSS 7.7)

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate privileges.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53831 (CVSS 8.3)

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53829 (CVSS 8)

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53828 (CVSS 8.8)

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access control, potentially executing privileged commands from unauthorized users.

NVD (NIST)12 giu 2026
VulnerabilitàAlta
CVE-2026-53830 - OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload

CVE ID :CVE-2026-53830 Published : June 12, 2026, 10:16 p.m. | 3 hours, 7 minutes ago Description :OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation, potentially accepting previous credentials. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026
VulnerabilitàAlta
CVE-2026-53827 - OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding

CVE ID :CVE-2026-53827 Published : June 12, 2026, 10:16 p.m. | 3 hours, 7 minutes ago Description :OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVEfeed CVE12 giu 2026

Pagina 401 di 2205

Resta aggiornato sulla cybersecurity

Iscriviti a CodersRegistry per ricevere gli aggiornamenti più importanti su regolamentazione EU e vulnerabilità critiche.