3 matches found
GHSA-WFP2-V9C7-FH79 OpenClaw affected by SSRF via attachment/media URL hydration
Summary Versions of the openclaw npm package prior to 2026.2.2 could be coerced into fetching arbitrary https URLs during attachment/media hydration. An attacker who can influence the media URL for example via model-controlled sendAttachment or auto-reply media URLs could trigger SSRF to internal...
EUVD-2023-24691
Malicious code in bioql PyPI...
CVE-2023-20512
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...