4 matches found
CVE-2026-35661
CVE-2026-35661 affects OpenClaw prior to 2026.3.25. Affected component: Telegram callback query handling allows an authorization bypass that enables remote attackers to mutate session state without satisfying normal DM pairing. Attack requires no user interaction and network access (low complexit...
GHSA-J4C9-W69R-CW33 OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State
Summary Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Telegram callba...
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State
Summary Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Telegram callba...
CVE-2024-3648
The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...