9 matches found
GHSA-5HFF-46VH-RXMW OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill
Summary Before OpenClaw 2026.4.2, POST /sessions/:sessionKey/kill did not enforce write scopes in identity-bearing HTTP modes. A caller limited to read-only operator scopes could still terminate a running subagent session. Impact A read-scoped caller could perform a write-class control-plane...
SUSE CVE-2025-68812
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-38540
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...
CVE-2022-38542
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...
Sql injection
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...
PT-2022-24446 · Archery · Archery
Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the ThreadIDs parameter in the create kill session interface. Recommendations: For Archery versions 1.4.0 through...
Archery SQL注入漏洞
Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.0 through v1.8.5, which stems from the ThreadIDs parameter in the createkillsession interface containing a SQL injection vulnerability...
PT-2022-24448 · Archery · Archery
Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It occurs via the ThreadIDs parameter in the "kill session" interface. Recommendations: For versions 1.4.0 through 1.8.5, upgrade to...
Archery SQL注入漏洞
Archery is a set of open source vulnerability assessment and management tools. Archery v1.4.0 version to v1.8.5 version has a SQL injection vulnerability, the vulnerability stems from the ThreadIDs parameter in the killsession interface contains SQL injection vulnerability...