Lucene search
K

28 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43538

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score0.00198EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-43568

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS6.2AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-62195

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS0.00242EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-62198

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.4CVSS0.00198EPSS
Exploits0References2
NVD
NVD
added 2 days ago4 views

CVE-2026-62190

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-62198 OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS0.00198EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-62192

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester authorizat...

8.1CVSS6.2AI score0.00248EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago8 views

CVE-2026-62190

OpenClaw is affected by an authorization bypass in the flock wrapper for versions before 2026.6.9. The vulnerability allows lower-trust callers to execute or persist actions beyond their authorization by exploiting configured input paths to bypass the durable exec approval binding when the affect...

8.8CVSS6.2AI score0.00266EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago14 views

CVE-2026-62186

OpenClaw is affected in versions before 2026.6.8 by an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. The issue allows lower-trust callers to bypass admin authorization policies and execute restricted operations via misconfigured input paths. Exploitation details ar...

7.6CVSS6.2AI score0.00202EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago3 views

PT-2026-57897

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.5.20 through 2026.6.5 Description An authorization bypass exists in the MCP loopback feature. This issue allows lower-trust callers to execute tools reserved for the owner by utilizing configured input paths, enabling th...

8.7CVSS6.3AI score0.00242EPSS
Exploits0References4
EUVD
EUVD
added last week5 views

EUVD-2026-42322

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...

8.4CVSS6AI score0.00192EPSS
Exploits0References2
OSV
OSV
added last week3 views

CVE-2026-59261 OpenClaw < 2026.5.28 - Credential Override via Workspace Dotenv Files

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...

8.4CVSS6.1AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56484

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.28 Description A credential exposure issue exists where workspace dotenv files can override provider credentials. This allows attackers with lower-trust access to configured input paths to expose sensitive dat...

8.4CVSS6.1AI score0.00192EPSS
Exploits0References8
NVD
NVD
added 2026/05/13 4:16 p.m.17 views

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS0.00132EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:49 p.m.5 views

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 2:49 p.m.22 views

CVE-2026-42290

Summary: The vulnerability affects protobufjs-cli’s pbts command. In versions before 1.2.1 and 2.0.2, pbts builds a shell command string from input file paths and runs it via child_process.exec, allowing file paths containing shell metacharacters to be interpreted by the shell. This can enable OS...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.20 views

Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞

Schneider Electric Saitel DR RTU and Schneider Electric Saitel DP RTU are both remote terminal devices from Schneider Electric, a French company. Both devices have a path traversal vulnerability. This vulnerability stems from improper path name restrictions, which may lead to unauthorized access ...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References1
OSV
OSV
added 2026/04/28 8:16 a.m.3 views

DEBIAN-CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

7.8CVSS5.4AI score0.0017EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:7 a.m.8 views

seg6: separate dst_cache for input and output paths in seg6 lwtunnel

...

9.8CVSS5.8AI score0.00443EPSS
Exploits0
OSV
OSV
added 2026/03/09 8:16 p.m.6 views

DEBIAN-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

7.5CVSS8.1AI score0.00428EPSS
Exploits1References1
Rows per page
Query Builder