Lucene search
K

17 matches found

CNNVD
CNNVD
added 2026/06/08 12:0 a.m.5 views

OpenMetadata 安全漏洞

OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage repository, deep lineage, and seamless team collaboration. Prior to OpenMetadata 1.12.4, there were security vulnerabilities. These vulnerabilities stemmed from a workflow...

8.3CVSS5.3AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 10:6 p.m.11 views

MAL-2026-4757 Malicious code in morin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c27d25a4c203cbb89156281fbacc7feb424a09eaa296f7c3dedff860891f1f morin/common.py hardcodes an HTTP proxy at 191.102.147.15:8000 with embedded credentials proxies = 'https': 'http://5TUMV6:[email protected]:8000...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/03/31 12:31 p.m.6 views

EUVD-2026-17385

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

8.7CVSS5.9AI score0.00418EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.2 views

CVE-2026-32982 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

8.7CVSS5.9AI score0.00418EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/16 8:40 p.m.6 views

OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs

Summary openclaw versions /..., so the resulting error strings could leak bot tokens into logs, console output, or any downstream error surface that rendered the exception text. This issue is in scope under OpenClaw's trust model because the leaked secret is an OpenClaw-operated integration...

5.9AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/20 12:16 a.m.6 views

CVE-2026-27003

OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...

6.9CVSS0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 11:14 p.m.24 views

CVE-2026-27003 OpenClaw: Telegram bot token exposure via logs

OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token into logs,...

6.9CVSS0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 10:43 p.m.4 views

GHSA-CHF7-JQ6G-QRWV OpenClaw: Telegram bot token exposure via logs

Vulnerability Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... OpenClaw previously logged these strings without redaction, which could leak the bot token into logs, crash reports, CI output, or support...

6.9CVSS5.7AI score0.00142EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 7:1 a.m.5 views

CVE-2024-32881

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

9.8CVSS6.8AI score0.00799EPSS
Exploits0References1
NVD
NVD
added 2024/04/26 9:15 p.m.11 views

CVE-2024-32881

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

9.8CVSS9.4AI score0.00799EPSS
Exploits0References3
CVE
CVE
added 2024/04/26 8:46 p.m.52 views

CVE-2024-32881

CVE-2024-32881 affects Danswer (AI Assistant). The vulnerability allows unauthorized GET/SET access to Slack Bot Tokens, enabling token theft and full compromise of the customer’s Slack bot and internal Slack access. The issue is tied to Danswer versions prior to 3.63. Remediation from the connec...

9.8CVSS9.1AI score0.00799EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/26 8:46 p.m.18 views

CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

9.8CVSS9.5AI score0.00799EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/26 8:46 p.m.22 views

CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer

Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal...

9.8CVSS9.3AI score0.00799EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.4 views

PT-2024-24937 · Answer +1 · Answer +1

Name of the Vulnerable Software and Affected Versions: Danswer versions prior to 3.63 Description: Danswer, the AI Assistant connected to a company's documents, applications, and people, is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. This vulnerability allows anyone with...

9.8CVSS7.1AI score0.00799EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.4 views

Danswer 安全漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. Danswer has a security vulnerability that stems from Vulnerability to GET/SET unauthorized access to Slack Bot tokens...

9.8CVSS6.7AI score0.00799EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/04/22 8:39 p.m.30 views

Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp

Impact Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to a web server not affiliated with Discord...

6.5CVSS1.2AI score0.00822EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/14 9:25 p.m.3 views

CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

6.5CVSS6.9AI score0.00822EPSS
Exploits0References3
Rows per page
Query Builder