43 matches found
GHSA-5R8F-96GM-5J6G OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`
Summary The chat.send path reused command authorization to trigger /reset session rotation even though direct session reset is an admin-only control-plane operation. Impact A write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the handleSendPolicyCommand function. An attacker can persistently alter the session's delivery policy by issuing /send on|off|inherit commands as a...
EUVD-2026-16995
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted ...
CVE-2026-32914
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted ...
CVE-2026-32914
CVE-2026-32914 concerns OpenClaw prior to 2026.3.12, with an insufficient access control weakness in the /config and /debug command handlers. The issue allows command-authorized non-owners to read or modify privileged, owner-only configuration settings due to missing owner-level permission checks...
PT-2026-28446
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description OpenClaw before version 2026.3.12 has an insufficient access control issue in the /config and /debug command handlers. Command-authorized non-owners can access owner-only surfaces, allowing them...
EUVD-2026-9594
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...
CVE-2026-23767
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...
PT-2026-23215
Name of the Vulnerable Software and Affected Versions ESC/POS affected versions not specified Description ESC/POS, a printer control language developed by Seiko Epson Corporation, does not include user authentication or command authorization features. It also lacks controls to limit network...
EUVD-2006-0492
Malware in sbrugna...
EUVD-2021-6848
Malicious code in bioql PyPI...
EUVD-2023-24365
Malicious code in bioql PyPI...
Permissive Regular Expression in tacquito
Impact The CVE is for a software vulnerability. Network admins who have deployed tacquito or versions of tacquito in their production environments and use tacquito to perform command authorization for network devices should be impacted. Tacquito code prior to commit...
GHSA-P5WF-CMR4-XRWR Permissive Regular Expression in tacquito
Impact The CVE is for a software vulnerability. Network admins who have deployed tacquito or versions of tacquito in their production environments and use tacquito to perform command authorization for network devices should be impacted. Tacquito code prior to commit...
PT-2024-33511 · Tacquito · Tacquito
Name of the Vulnerable Software and Affected Versions: Tacquito versions prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 Description: The issue concerns the improper performance of regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to...
Cisco IOS XE Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command...
CVE-2023-20186
A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...
Authorization
A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...
CVE-2023-20186
A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...
CVE-2023-20186
A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...