52 matches found
OpenClaw < 2026.2.3 Prompt Injection (GHSA-782p-5fr5-7fj8)
The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.2.3. It is, therefore, affected by a prompt injection vulnerability: - When the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt, allowing...
CVE-2026-24764
OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...
CVE-2026-24764 OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...
CVE-2026-24764 OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...
CVE-2026-24764 OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...
GHSA-782P-5FR5-7FJ8 OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
Summary When the Slack integration is enabled, Slack channel metadata topic/description could be incorporated into the model's system prompt. Impact Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadat...
OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
Summary When the Slack integration is enabled, Slack channel metadata topic/description could be incorporated into the model's system prompt. Impact Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadat...
PT-2026-20318
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.3 Description OpenClaw is a personal AI assistant. When the Slack integration is enabled, Slack channel metadata topic/description can be incorporated into the model's system prompt. This increases the injecti...
The Librarian does not secure its interface, allowing for access to internal system data
Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io. The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google...
Securing AI Agents against Prompt Injection Attacks
Retrieval-augmented generation RAG systems have become widely used for enhancing large language model capabilities, but they introduce significant security vulnerabilities through prompt injection attacks. We present a comprehensive benchmark for evaluating prompt injection risks in RAG-enabled A...
Mindgard Finds Sora 2 Vulnerability Leaking Hidden System Prompt via Audio
AI security firm Mindgard discovered a flaw in OpenAI's Sora 2 model, forcing the video generator to leak…...
EUVD-2025-34183
A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File MSI repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This...
EUVD-2025-25780
Malicious code in bioql PyPI...
SecInfer: Preventing Prompt Injection Via Inference-Time Scaling
Prompt injection attacks pose a pervasive threat to the security of Large Language Models LLMs. State-of-the-art prevention-based defenses typically rely on fine-tuning an LLM to enhance its security, but they achieve limited effectiveness against strong attacks. In this work, we propose...
CVE-2025-10015
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...
CVE-2025-10015 TCC Bypass via Downloader XPC Service in Sparkle
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...
Large Reasoning Models Are Autonomous Jailbreak Agents
Jailbreaking -- bypassing built-in safety mechanisms in AI models -- has traditionally required complex technical procedures or specialized human expertise. In this study, we show that the persuasive capabilities of large reasoning models LRMs simplify and scale jailbreaking, converting it into a...
TelegAI Cross Site Scripting
TelegAI, a web application for constructing and chatting with AI Characters, is vulnerable to persistent cross site scripting vulnerabilities in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SV...
Exploit for CVE-2025-51860
CVE-2025-51860 Vulnerability description TelegAI, a web...
Exploit for CVE-2025-51859
CVE-2025-51859 Vulnerability description Chaindesk, a w...