CVE-2026-27001

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...

CVE-2026-27001

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...

OpenClaw: Unsanitized CWD path injection into LLM prompts

Overview OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example newlines or Unicode bidi/zero-width markers, those...

EUVD-2022-46541

Malicious code in bioql PyPI...

CVE-2022-43543

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...

CVE-2022-43543

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...

CVE-2022-43543

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...

Design/Logic Flaw

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...

+Message App improper handling of Unicode control characters

Overview +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC...

JVN#43561812: +Message App improper handling of Unicode control characters

+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Impact A spoofed URL may be displayed and phishing attacks may be...

CVE-2022-43543

Affected products/versions: KDDI +Message App for Android <3.9.2 and iOS <3.9.4; NTT DOCOMO +Message App for Android <54.49.0500 and iOS <3.9.4; SoftBank +Message App for Android <12.9.5 and iOS

CVE-2022-43543

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...

KDDI +Message 安全漏洞

KDDI +Message is a communication software from KDDI Japan. A security vulnerability exists in KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App, which stems from improper handling of Unicode control characters...

CVE-2022-43543

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...

PT-2022-26959 · Kddi +2 · Kddi +Message App +2

Name of the Vulnerable Software and Affected Versions: KDDI +Message App for Android versions prior to 3.9.2 KDDI +Message App for iOS versions prior to 3.9.4 NTT DOCOMO +Message App for Android versions prior to 54.49.0500 NTT DOCOMO +Message App for iOS versions prior to 3.9.4 SoftBank +Message...

OESA-2022-1877 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained,high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

PT-2022-9171 · Sqlite +2 · Sqlite +2

Name of the Vulnerable Software and Affected Versions: Sqlite versions prior to 3.34.0 Description: An issue was found in the fts5UnicodeTokenize function in ext/fts5/fts5 tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" class Cc, was treating embedded...

编号撤回

SQLite is a lightweight database that is an ACID-compliant relational database management system. SQLite has a security vulnerability that stems from the fts5UnicodeTokenize function of its ext/fts5/fts5tokenize.c component that handles unicode " control-characters" class Cc of the unicode61...

Vulnerabilities related to Unicode fixed

Researchers from the universities of Cambridge and Edinburgh have developed developed attack methods for compromising open-source software. This involves the abuse of Unicode control characters. By placing control characters in the source code at tactical places in tactical places, source code is...