GHSA-5HFF-46VH-RXMW OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill

Summary Before OpenClaw 2026.4.2, POST /sessions/:sessionKey/kill did not enforce write scopes in identity-bearing HTTP modes. A caller limited to read-only operator scopes could still terminate a running subagent session. Impact A read-scoped caller could perform a write-class control-plane...

SUSE CVE-2025-68812

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2022-38542

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...

CVE-2022-38540

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

Sql injection

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...

PT-2022-24446 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the ThreadIDs parameter in the create kill session interface. Recommendations: For Archery versions 1.4.0 through...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. Archery v1.4.0 version to v1.8.5 version has a SQL injection vulnerability, the vulnerability stems from the ThreadIDs parameter in the killsession interface contains SQL injection vulnerability...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.0 through v1.8.5, which stems from the ThreadIDs parameter in the createkillsession interface containing a SQL injection vulnerability...

PT-2022-24448 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It occurs via the ThreadIDs parameter in the "kill session" interface. Recommendations: For versions 1.4.0 through 1.8.5, upgrade to...