Lucene search
+L

4 matches found

EUVD
EUVD
added 13 hours ago4 views

EUVD-2026-45093

OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger...

7.1CVSS6.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/02 11:34 p.m.13 views

OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset

Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was...

7.1CVSS6AI score0.00372EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/02 11:34 p.m.7 views

GHSA-FQCM-97M6-W7RM OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset

Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was...

8.7CVSS6AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/03/05 12:0 a.m.14 views

CVE-2024-51144

Cross Site Request Forgery CSRF vulnerability exists in the 'pvmsg.php?action=addmessage', pvmsg.php?action=confirmdelete , and ajax.server.php?page=user&action=flipfollow endpoints in Ampache = 6.6.0...

0.00436EPSS
Exploits0References3
Rows per page
Query Builder