11 matches found
CVE-2026-32907
Rejected reason: This CVE ID has been rejected...
PT-2026-27221
OpenClaw versions prior to 2026.2.18 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written unquoted to gateway.cmd, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands...
Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pj5x-38rw-6fph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script...
CVE-2026-31994
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...
CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...
CVE-2026-31994
CVE-2026-31994 affects OpenClaw prior to 2026.2.19, where local command injection occurs in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. A local attacker who controls service script generation argume...
CVE-2026-22176
OpenClaw vulnerable versions prior to 2026.2.19 expose a command-injection in Windows Scheduled Task script generation. The flaw arises when environment variables are written to gateway.cmd with unquoted set KEY=VALUE assignments, allowing metacharacters (e.g., &, |, ^, %, !) to break out of the ...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the gateway.cmd script generation. An attacker can execute arbitrary commands by supplying specially crafted environment variable values containing Windows shell...
PowerStick Wave Dual-Band Wifi Extender 安全漏洞
PowerStick Wave Dual-Band Wifi Extender is a portable WiFi extender from PowerStick USA. A security vulnerability exists in version V1.0 of the PowerStick Wave Dual-Band Wifi Extender that originates from insufficient user input cleanup in the file /cgi-bin/cgivista.cgi, which could lead to remot...
IBM DataPower Gateways GatewayScript Module Information Disclosure Vulnerability
IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads, which protects, integrates, and optimizes access across channels...
DEBIAN-CVE-2008-1111
modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...