Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2026/03/03 9:41 p.m.9 views

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28363 +1 more via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28363, CVE-2026-32059 Source advisory: OSV:GHSA-3C6H-G97W-FG78...

9.9CVSS5.8AI score0.00495EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.4 views

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS6.1AI score0.00495EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 3:17 a.m.3 views

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS5.9AI score0.00495EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 3:17 a.m.20 views

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS0.00495EPSS
Exploits0References1
Rows per page
Query Builder