Lucene search
K

15 matches found

NVD
NVD
added 2026/06/18 11:16 p.m.13 views

CVE-2026-56074

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 7:23 p.m.6 views

EUVD-2026-21164

PraisonAIAgents: Arbitrary File Read via readskillfile Missing Workspace Boundary and Approval Gate...

6.2CVSS5.8AI score0.00234EPSS
Exploits1References2
NVD
NVD
added 2026/04/10 5:17 p.m.7 views

CVE-2026-35651

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

5.3CVSS0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.25 views

CVE-2026-35651 OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

5.3CVSS0.0026EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.1 views

CVE-2026-35651

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/10 4:3 p.m.24 views

CVE-2026-35651

OpenClaw OpenClaw 2026.2.13 through 2026.3.24 contains an ANSI escape sequence injection vulnerability in approval prompts. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to spoof terminal output by manipulating displayed inf...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.1 views

CVE-2026-35651 OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31962

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Version 2026.2.13 to 2026.3.24 of OpenClaw contained security vulnerabilities. These vulnerabilities were caused by ANSI escape sequence injections in the approval prompts, which could allow attackers to forge...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/29 3:50 p.m.4 views

Improper Neutralization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization via the approval prompt process. An attacker can inject malicious ANSI escape sequences into terminal output by supplying crafted tool metadata, potentially spoofi...

5.3CVSS5.9AI score0.0026EPSS
Exploits0References3
CNVD
CNVD
added 2026/03/26 12:0 a.m.1 views

OpenClaw Security Bypass Vulnerability (CNVD-2026-16055)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause bypassing of interactive approval prompts...

5.4CVSS5.9AI score0.00257EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause bypassing of interactive approval prompts...

5.4CVSS5.8AI score0.00257EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.24 contained security vulnerabilities. These vulnerabilities stemmed from a permission bypass issue in the system.run allowlist mode, which allowed attackers to execute commands...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/26 12:22 p.m.8 views

CVE-2025-53811 TCC Bypass via misconfigured Node fuses in Mosh-Pro

The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted...

4.8CVSS0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34759 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor version 15.4.1 Description: The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC Transparency, Consent, and...

4.8CVSS6.9AI score0.00128EPSS
Exploits0References8
Rows per page
Query Builder