Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/31 11:17 a.m.20 views

CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...

9.8CVSS0.01973EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:17 a.m.2 views

CVE-2026-32917

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...

9.8CVSS6.4AI score0.01973EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.6 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from an uncleared remote attachment path in the iMessage attachment staging process that contains shell metacharacters and i...

9.8CVSS5.8AI score0.01973EPSS
Exploits0References3
Securelist
Securelist
added 2023/10/23 11:0 a.m.37 views

The outstanding stealth of Operation Triangulation

Introduction In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this...

7.4AI score
Exploits0
Rows per page
Query Builder