CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

AZL-10919 CVE-2022-36069 affecting package poetry 1.0.10-2

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

DEBIAN-CVE-2022-36069

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

UBUNTU-CVE-2022-36069

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

PYSEC-2022-266

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...