398 matches found
CVE-2026-28864
CVE-2026-28864 concerns a permissions-checking issue in Apple OS components that could allow a local attacker to access a user’s Keychain items. The CVE is addressed in iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, an...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a dedicated operating system designed specifically for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s product...
PT-2026-27587
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.7 iPadOS versions prior to 18.7.7 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 visionOS versions prior to 26.4 watchOS versions prior to 26.4...
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan RAT and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai...
CVE-2026-27487
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
CVE-2026-27487
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
CVE-2026-27487
OpenClaw vulnerability CVE-2026-27487: macOS keychain refresh path builds a shell command to write the updated payload, enabling OS command injection when OAuth tokens are user-controlled. Affected: openclaw versions ≤ 2026.2.13. Impact: arbitrary commands could run on the host; CVSS details show...
CVE-2026-27487 OpenClaw: Prevent shell injection in macOS keychain credential write
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
CVE-2026-27487
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
CVE-2026-27487 OpenClaw: Prevent shell injection in macOS keychain credential write
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
CVE-2026-27487 OpenClaw: Prevent shell injection in macOS keychain credential write
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
OpenClaw 操作系统命令注入漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from a keychain credential refresh shell command constructed on macOS failing to properly filter constructed command special...
OpenClaw: Prevent shell injection in macOS keychain credential write
Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the keychain credential refresh path. An attacker can execute arbitrary OS commands by supplying crafted OAuth tokens that are incorporated into shell command...
GHSA-4564-PVR2-QQ4H OpenClaw: Prevent shell injection in macOS keychain credential write
Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...
PT-2026-21338
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.13 and below Description The OpenClaw application, a personal AI assistant, is susceptible to an OS command injection issue on macOS. The Claude CLI keychain credential refresh process constructs a shell command using...
EUVD-2015-6977
Malware in sbrugna...
EUVD-2015-5800
Malware in sbrugna...
EUVD-2015-6990
Malware in sbrugna...
EUVD-2005-2740
Malware in sbrugna...