Lucene search
K

13 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation flaw in Slack plugin approval processes, allowing authorized users with exec...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/22 3:29 p.m.13 views

CVE-2026-9251

Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...

0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42796

Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...

5.8AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 7:37 p.m.4 views

CVE-2026-42423

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval,...

7.7CVSS0.00316EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:16 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the exec approval binding. An attacker can bypass intended approval mechanisms and execute unauthorized applets or scripts by leveraging opaque multi-call...

8.8CVSS5.8AI score0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.1 views

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

6AI score0.00678EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/27 12:0 a.m.21 views

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28397

Name of the Vulnerable Software and Affected Versions AI Code affected versions not specified Description The software’s design, which includes options for executing safe and all commands, is susceptible to prompt injection attacks. The system is intended to automatically execute commands deemed...

9.6CVSS6.1AI score0.00435EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause bypassing of interactive approval prompts...

5.4CVSS5.8AI score0.00257EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 7:33 p.m.3 views

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

8.8CVSS6AI score0.00562EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/07/30 4:34 p.m.8 views

GitProxy Approval Bypass When Pushing Multiple Branches

Summary This vulnerability allows a user to push to the remote repository while bypassing policies and explicit approval. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. Because it can allow policy violations to go undetected, w...

8.3CVSS7.4AI score0.00436EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.2 views

PT-2025-30452 · Alertenterprise · Alertenterprise Guardian

Name of the Vulnerable Software and Affected Versions: AlertEnterprise Guardian version 4.1.14.2.2.1 Description: An issue allows bypassing manager approval via the isAddedByApprover parameter in a Request Building Access requestSubmit API call. Recommendations: Apply a fix to address the bypass ...

7.3CVSS6.4AI score0.0036EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/10/07 12:0 a.m.21 views

CVE-2024-45919

A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information ...

0.00322EPSS
Exploits1References1
Rows per page
Query Builder