Lucene search
K

6 matches found

NVD
NVD
added yesterday7 views

CVE-2026-59261

OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...

8.4CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-59261

OpenClaw vulnerable before version 2026.5.28 due to a credential exposure where workspace dotenv files can override provider credentials. The issue allows attackers with lower-trust access to configured input paths to exfiltrate sensitive data and credentials meant for trusted boundaries. There i...

8.4CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/18 1:2 p.m.6 views

GHSA-CCWH-WWPP-6WG5 OpenClaw: Host environment sanitizer missed two Node.js control variables

Summary Host environment sanitizer missed two Node.js control variables. In affected versions, a lower-trust env source such as a workspace .env, tool env override, or skill env block could pass Node.js control variables through the shared sanitizer. This advisory is scoped to the named feature a...

8.1CVSS5.5AI score0.00246EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/18 1:2 p.m.17 views

OpenClaw: Host environment sanitizer missed two Node.js control variables

Summary Host environment sanitizer missed two Node.js control variables. In affected versions, a lower-trust env source such as a workspace .env, tool env override, or skill env block could pass Node.js control variables through the shared sanitizer. This advisory is scoped to the named feature a...

8.1CVSS5.5AI score0.00246EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 8:8 p.m.11 views

CVE-2026-53815 OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS5.2AI score0.00215EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2017/11/21 8:20 p.m.54 views

How the EU intends to battle fake news

Last week the European Union issued a press release to announce their next steps against fake news. These steps will be the launch of a public consultation and the setup of a high-level expert group representing academics, online platforms, news media, and civil society organizations. The first...

7AI score
Exploits0
Rows per page
Query Builder