CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

EUVD•added 2026/06/13 12:34 a.m.•6 views

EUVD-2026-36621

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...

7.7CVSS5.2AI score0.00163EPSS

Exploits0References3

EUVD•added 2026/06/13 12:34 a.m.•7 views

EUVD-2026-36622

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS5.3AI score0.00192EPSS

Exploits0References3

NVD•added 2026/06/12 10:16 p.m.•11 views

CVE-2026-53834

8.2CVSS0.00192EPSS

Exploits0References2

NVD•added 2026/06/12 10:16 p.m.•9 views

CVE-2026-53833

7.7CVSS0.00163EPSS

Exploits0References2

Cvelist•added 2026/06/12 9:56 p.m.•27 views

CVE-2026-53834 OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

8.2CVSS0.00192EPSS

Exploits0References2

Vulnrichment•added 2026/06/12 9:56 p.m.•6 views

CVE-2026-53834 OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

8.2CVSS5.3AI score0.00192EPSS

Exploits0References2

CVE•added 2026/06/12 9:56 p.m.•23 views

CVE-2026-53834

OpenClaw (OpenClaw before 2026.4.27) contains an authorization bypass in QQBot pre-dispatch slash commands that allows authenticated senders to bypass allowFrom policy checks. Attackers can invoke slash commands before access control policies are applied, potentially triggering command handling f...

8.2CVSS5.4AI score0.00192EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/12 9:56 p.m.•26 views

CVE-2026-53833 QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

7.7CVSS0.00163EPSS

Exploits0References2

Vulnrichment•added 2026/06/12 9:56 p.m.•7 views

CVE-2026-53833 QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

7.7CVSS5.2AI score0.00163EPSS

Exploits0References2

CVE•added 2026/06/12 9:56 p.m.•15 views

CVE-2026-53833

OpenClaw before 2026.4.29 contains an authorization bypass in the QQBot streaming command that lets authenticated senders mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside the intended admin policy by accessing the affected co...

7.7CVSS5.3AI score0.00163EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/12 12:0 a.m.•7 views

PT-2026-49037

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.29 Description An authorization bypass exists in the QQBot streaming command. This issue allows authenticated senders to modify configuration settings without explicit allowFrom restrictions. Attackers can...

7.7CVSS5.2AI score0.00163EPSS

Exploits0References8

Positive Technologies•added 2026/06/12 12:0 a.m.•8 views

PT-2026-49038

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.27 Description An authorization bypass exists in QQBot pre-dispatch slash commands. This issue allows authenticated senders to skip allowFrom policy checks, enabling them to invoke slash commands before...

8.2CVSS5.3AI score0.00192EPSS

Exploits0References5

RedhatCVE•added 2026/06/05 7:50 p.m.•6 views

CVE-2026-34507

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS5.7AI score0.00148EPSS

Exploits0References1

RedhatCVE•added 2026/06/01 4:3 p.m.•12 views

CVE-2026-35630

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

8CVSS5.8AI score0.00195EPSS

Exploits0References1

Snyk•added 2026/05/29 5:22 p.m.•5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via improper enforcement of policy checks in the QQBot admin command. An attacker can gain unauthorized access to restricted admin commands by bypassing DM-only an...

5.4CVSS5.5AI score0.00148EPSS

Exploits0References2

Snyk•added 2026/05/29 5:21 p.m.•8 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the QQBot native approval buttons process. An attacker can gain unauthorized access to resolve pending exec or plugin approval requests by interacting with approv...

8.6CVSS5.8AI score0.00195EPSS

Exploits0References2

NVD•added 2026/05/29 4:16 p.m.•16 views

CVE-2026-35630

8CVSS0.00195EPSS

Exploits0References2

NVD•added 2026/05/29 4:16 p.m.•14 views

CVE-2026-34507

5.4CVSS0.00148EPSS

Exploits0References2

ATTACKERKB•added 2026/05/29 3:10 p.m.•9 views

CVE-2026-35630

8CVSS5.8AI score0.00195EPSS

Exploits0References3

CVE•added 2026/05/29 3:10 p.m.•16 views

CVE-2026-35630

OpenClaw OpenClaw before 2026.5.18 has an authorization bypass in QQBot native approval buttons that does not enforce the configured approver identity. Non-approvers can click approval buttons to resolve pending exec or plugin approval requests without proper authorization. Affected product: Open...

8CVSS5.8AI score0.00195EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by