52 matches found
CVE-2026-32059
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long optio...
CVE-2026-32059
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long optio...
CVE-2026-32059 OpenClaw 2026.2.22-2 < 2026.2.23 - Allowlist Bypass via sort Long-Option Abbreviation in tools.exec.safeBins
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long optio...
MINI-3FR4-RR96-GXM8
Bulletin has no description...
CVE-2026-28363
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
EUVD-2026-8987
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
GHSA-7977-C43C-XPWJ OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
Incomplete List of Disallowed Inputs
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the tools.exec.safeBins validation when validating options for sort. An attacker can execute unauthorized commands by supplying GNU long-option...
CVE-2026-28363
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...
PT-2026-22291
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.23 Description The software contains a validation bypass in the tools.exec.safeBins logic for the sort command. This bypass occurs when using GNU long-option abbreviations such as --compress-prog in allowlist...
NVIDIA cuobjdump DWARF debug abbreviations parsing arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2025-2155 NVIDIA cuobjdump DWARF debug abbreviations parsing arbitrary code execution vulnerability September 24, 2025 CVE Number CVE-2025-23339 SUMMARY An arbitrary code execution vulnerability exists in the DWARF parsing functionality of NVIDIA cuobjdump 12.8.55...
Linux Distros Unpatched Vulnerability : CVE-2024-45044
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command i...
CLSA-2025-1752088235 emacs: Fix of CVE-2024-39331
CVE-2024-39331: fix org-link-expand-abbrev to not expand unsafe link abbreviations...
CLSA-2024-1728934930 emacs: Fix of CVE-2024-39331
CVE-2024-39331: do not expand link abbrevs that contain unsafe function...
CVE-2024-45044
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation i.e. "w" for "whoami" the ACL check did not apply to the full form i.e. "whoami" but to the abbreviated...
owlwisemarketing.com.xx3.kz Cross Site Scripting vulnerability OBB-3947284
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-37764
MachForm up to version 19 is affected by an authenticated stored cross-site scripting...
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure
Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...
beststreamingproviders.com Cross Site Scripting vulnerability OBB-3123263
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...