Lucene search
K

181 matches found

EUVD
EUVD
added 3 hours ago2 views

EUVD-2026-43566

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43565

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/02 5:8 p.m.6 views

GHSA-3WQP-PRF6-2M72 OpenClaw: Feishu dynamic-agent bindings could miss configWrites enforcement

Summary Feishu dynamic-agent bindings could miss configWrites enforcement. In affected versions, a Feishu sender using dynamic-agent binding behavior could create or update bindings without honoring the configured config-write control. This advisory is scoped to the named feature and configuratio...

3.1CVSS6AI score0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36623

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS5.3AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.13 views

CVE-2026-53835

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.11 views

CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS5.3AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.28 views

CVE-2026-53835

OpenClaw (pre-2026.5.6) contains a configuration enforcement bypass in Feishu dynamic-agent bindings. The flaw allows authenticated senders to create or update bindings without honoring configured config-write controls, enabling changes to sender-agent binding state beyond policy. Affected compon...

4.3CVSS5.3AI score0.00166EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.36 views

CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.26 views

PT-2026-49039

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description A configuration enforcement bypass exists in Feishu dynamic-agent bindings. This issue allows authenticated senders to create or update bindings without adhering to the configured config-write...

4.3CVSS5.2AI score0.00166EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:45 a.m.15 views

Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 4:45 a.m.11 views

MAL-2026-5562 Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.4AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 6:16 a.m.23 views

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 4:30 a.m.67 views

CVE-2026-10224 NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS0.00372EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:30 a.m.18 views

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/01 4:30 a.m.38 views

CVE-2026-10224

Technical details about CVE-2026-10224 are not publicly available in the provided documents. Monitor for updates.

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 4:30 a.m.29 views

EUVD-2026-33557

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.4AI score0.00372EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 4:30 a.m.12 views

CVE-2026-10224 NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.37 views

PT-2026-45268

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handle webhook request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability. This vulnerability stemmed from issues with the handlewebhookrequest function in the gateway/platforms/feishu.py file,...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5
Rows per page
Query Builder