8 matches found
CVE-2026-53854
OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or webchat paths to...
CVE-2026-53854
OpenClaw is affected by a privilege escalation in versions before 2026.4.25. The issue arises from wildcard inheritance of ownerAllowFrom state across channel boundaries in internal and webchat command authentication, allowing a sender to execute owner-like commands outside the intended channel s...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from a bypass of the allowed list in the system.run approval process, allowing attackers to reuse the approv...
LibreOffice 7.5 < 7.5.9 / 7.6 < 7.6.4 Arbitrary Script Execution (Windows)
LibreOffice supports hyperlinks. In addition to the typical common protocols such as http/https hyperlinks can also have target URLs that can launch built-in macros or dispatch built-in internal commands. In affected version of LibreOffice there are scenarios where these can be executed without...
Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing
NOTE : Never upload payloads to online checkers Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on...
CVE-2018-7756
RunExeFile.exe in the installer for DEWESoft X3 SP1 64-bit devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary...
CVE-2018-7756
RunExeFile.exe in the installer for DEWESoft X3 SP1 64-bit devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary...
CVE-2017-9294
CVE-2017-9294 targets Hitachi Device Manager where versions before 8.5.2-01 are vulnerable to remote arbitrary command execution via the RMI port without authentication. The issue stems from an RMI exposure that allows remote attackers to run internal commands on the affected system. Public refer...