Lucene search
K

11 matches found

EUVD
EUVD
added 2026/05/11 6:31 p.m.8 views

EUVD-2026-29150

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...

6CVSS5.8AI score0.00288EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 6:31 p.m.7 views

GHSA-V8J2-5F9P-FMH4 Duplicate Advisory: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q8ff-7ffm-m3r9. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to...

6CVSS5.7AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.6 views

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

9.8CVSS7.1AI score0.03132EPSS
Exploits1References1
OSV
OSV
added 2026/04/25 6:32 p.m.6 views

GHSA-6R3X-H84W-FHXX PicoClaw has an Injection issue in its Web Launcher Management Plane component

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

7.3CVSS5.6AI score0.03132EPSS
Exploits1References6
NVD
NVD
added 2026/04/25 5:16 p.m.4 views

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

9.8CVSS0.03132EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/25 4:45 p.m.39 views

CVE-2026-6987 PicoClaw Web Launcher Management Plane restart command injection

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

7.5CVSS0.03132EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/25 4:45 p.m.5 views

EUVD-2026-25663

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

7.5CVSS5.2AI score0.03132EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/25 4:45 p.m.5 views

CVE-2026-6987 PicoClaw Web Launcher Management Plane restart command injection

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

7.5CVSS7.2AI score0.03132EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/25 4:45 p.m.8 views

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

7.5CVSS7.1AI score0.03132EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/25 12:0 a.m.14 views

PicoClaw 注入漏洞

PicoClaw is a super-lightweight personal AI assistant tool developed by Sipeed. Versions of PicoClaw 0.2.4 and earlier had a injection vulnerability. This vulnerability stemmed from an unknown function in the component Web Launcher Management Plane, specifically the file/api/gateway/restart, whic...

9.8CVSS7AI score0.03132EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.9 views

PT-2026-35158

Name of the Vulnerable Software and Affected Versions PicoClaw versions prior to 0.2.5 Description A command injection flaw exists in the Web Launcher Management Plane component. A remote attacker can perform a manipulation via the '/api/gateway/restart' endpoint to execute arbitrary commands...

9.8CVSS7.4AI score0.03132EPSS
Exploits1References11
Rows per page
Query Builder