Lucene search
K

4 matches found

OSV
OSV
added 2026/03/18 2:16 a.m.7 views

CVE-2026-27524

OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject proto, constructor, or prototype keys to manipulate object prototypes and bypass command gate restrictio...

4.3CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.2 views

CVE-2026-27524

OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject proto, constructor, or prototype keys to manipulate object prototypes and bypass command gate restrictio...

3.1CVSS5.8AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-23538

Name of the Vulnerable Software and Affected Versions openclaw versions prior to 2026.2.14 Description The OpenClaw exec-approvals allowlist validation checks tokens before expansion, but execution uses shell expansion. This allows safe binaries like head, tail, or grep to read arbitrary local...

8.6CVSS5.9AI score0.00167EPSS
Exploits0References12
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.12 views

Permit authorized callers can burn any amount of BYTES 2.0 tokens from an arbitrary address

Lines of code Vulnerability details Impact Using the burn function of BYTES 2.0, an authorized caller can burn an arbitrary amount of tokens from any address. I'm aware that it was mentioned in README.md of the project that this type of finding is out of the scope. but I believe it is still...

6.9AI score
Exploits0
Rows per page
Query Builder