54 matches found
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
OpenClaw: Paired-device pairing actions were not limited to the caller device
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact A paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope...
GHSA-XRQ9-JM7V-G9H7 OpenClaw: Paired-device pairing actions were not limited to the caller device
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact A paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the paired-device pairing management process. An attacker can gain unauthorized access to approve or operate on unrelated pending device requests by leveraging...
EUVD-2026-25275
OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device requests within the sa...
CVE-2026-41909
OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device requests within the sa...
CVE-2026-41909
OpenClaw vulnerable to an improper authorization in paired-device pairing management up to version just before 2026.4.20. The issue allows limited-scope sessions to enumerate and act on pairing requests, enabling attackers with paired-device access to approve or operate on unrelated pending devic...
CVE-2026-41909
OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device requests within the sa...
CVE-2026-41909 OpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing Actions
OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device requests within the sa...
PT-2026-31761
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...
EUVD-2025-26592
Malicious code in bioql PyPI...
EUVD-2021-6504
Malicious code in bioql PyPI...
Google Android elevation of privilege vulnerability (CNVD-2025-28665)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an elevation of privilege on a paired device...
CVE-2025-22435
In avdtmsgind of avdtmsg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-49714
In avrcvendormsg of avrcopt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-49714
In avrcvendormsg of avrcopt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22435
In avdtmsgind of avdtmsg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22435
In avdtmsgind of avdtmsg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22435
The CVE-2025-22435 issue affects the Android Bluetooth stack (avdt_msg_ind in avdt_msg.cc) where a type confusion leads to memory corruption. This can enable escalation of privilege on a paired device with no additional execution privileges and no user interaction required. CVSSv3.1 metrics indic...
CVE-2025-22435
In avdtmsgind of avdtmsg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...