16 matches found
CVE-2026-32063
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...
CVE-2026-32063
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...
CVE-2026-32063
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...
EUVD-2026-11156
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...
CVE-2026-32063 OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...
PT-2026-6419
Summary An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. Impact A local process on the same machine could execute arbitrary...
PT-2026-6548
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.20 Description An unauthenticated local client could leverage the Gateway WebSocket API to modify configuration settings through the config.apply function. Specifically, the ability to set unsafe cliPath value...
EUVD-2022-32011
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2022-27510
Unauthorized access to Gateway user capabilities...
CVE-2022-27510
Unauthorized access to Gateway user capabilities...
CVE-2022-27510
Unauthorized access to Gateway user capabilities...
Code injection
Unauthorized access to Gateway user capabilities...
CVE-2022-27510 Unauthorized access to Gateway user capabilities
Unauthorized access to Gateway user capabilities...
CVE-2022-27510
CVE-2022-27510 affects Citrix ADC and Citrix Gateway (Gateway) with unauthorized access to Gateway user capabilities. According to CTX463706, affected versions are Citrix ADC/Gateway 12.1.x before 12.1-65.21 (12.1-FIPS before 12.1-55.289), 13.0.x before 13.0-88.12, and 13.1.x before 13.1-33.47. T...
Citrix Gateway和Citrix ADC 授权问题漏洞
Citrix Systems Citrix Gateway Citrix Systems NetScaler Gateway and Citrix ADC are both products of Citrix Systems, Inc.Citrix Gateway is a secure remote access solution. The product provides administrators with application-level and data-level controls to enable users to remotely access...
Open5Gs Input Validation Error Vulnerability
pen5Gs is a C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by an attacker to cause SGW-U/UPF to crash...