OpenClaw's device removal and token revocation do not terminate active WebSocket sessions

Summary Removing a device or revoking its token updated stored credentials but did not disconnect already-authenticated WebSocket sessions. Impact A revoked device could continue using its existing live session until reconnect, extending access beyond credential removal. Affected Component...

Path traversal

Unquoted executable path vulnerability in Client Management and Gateway components in McAfee now Intel Security ePO Deep Command eDC 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path...