3 matches found
PT-2026-36880
Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 7.0.0 Description The Command Sender UI uses an unsafe eval function on array-like command parameters. This allows a user-supplied payload to execute in the browser when sending a command, creating a self-XSS...
Exploit for Incorrect Resource Transfer Between Spheres in Openclaw
CVE-2026-25253: One-Click RCE in OpenClaw via Auth Token Theft...
PT-2026-4544
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...