Lucene search
K

5 matches found

OSV
OSV
added 2026/07/02 5:22 p.m.12 views

GHSA-J472-GF56-X589 OpenClaw: PowerShell encoded-command aliases could miss exec allowlist checks

Summary PowerShell encoded-command aliases could miss exec allowlist checks. In affected versions, a command request using abbreviated encoded-command flags could use an alias form not recognized by the allowlist parser. This advisory is scoped to the named feature and configuration. It does not...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 9:31 p.m.4 views

GHSA-27PQ-2PH8-8X25 Duplicate Advisory: Shell positional parameters could weaken strict inline-eval checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5cj2-3jr2-5h77. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken stri...

8.1CVSS5.5AI score0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 10:29 a.m.45 views

CVE-2026-6322 fast-uri vulnerable to host confusion via percent-encoded authority delimiters

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS0.00475EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 10:8 p.m.4 views

GHSA-G75X-8QQM-2VXP OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks

Summary tools.exec.safeBins allowlist checks could be bypassed by PATH-hijacked binaries, allowing execution of attacker-controlled trojan binaries under an allowlisted executable name. Affected Packages / Versions - Package: openclaw npm - Latest published version at triage time: 2026.2.17 -...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References5
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.8 views

Missing allowlist checks on tokens in CrossAnchorBridge could cause loss of funds

Lines of code Vulnerability details Impact The CrossAnchorBridge contract accepts any ERC20 token and transfers them to the wormhole bridge. There were allowlist checks on the tokens before, but they were commented out in this version for the audit. If a user transfers, for example, non-supported...

6.7AI score
Exploits0
Rows per page
Query Builder