Lucene search
K

32959 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2026/03/20 12:0 a.m.15 views

Apple Multiple Products Improper Locking Vulnerability

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes...

7.8CVSS5.8AI score0.00348EPSS
In wildExploits2
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/20 12:0 a.m.17 views

Apple Multiple Products Classic Buffer Overflow Vulnerability

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory...

5.5CVSS7AI score0.00401EPSS
In wildExploits2
NVD
NVD
added 2026/03/19 10:16 p.m.6 views

CVE-2026-32016

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

7.8CVSS0.00122EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 10:16 p.m.6 views

CVE-2026-32016

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

7CVSS6AI score
Exploits0References3
CVE
CVE
added 2026/03/19 10:6 p.m.6 views

CVE-2026-32016

OpenClaw on macOS versions prior to 2026.2.22 contains a path validation bypass in the exec-approval allowlist mode. This allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries, enabling same-name local binaries (e.g., ./echo) to run without approval...

7.8CVSS5.9AI score0.00122EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.21 views

CVE-2026-32016 OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

7.8CVSS0.00122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.3 views

CVE-2026-32016 OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

7.8CVSS5.9AI score0.00122EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 10:6 p.m.6 views

EUVD-2026-13281

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

7.3CVSS5.9AI score0.00122EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.7 views

Duplicate Advisory: OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5f9p-f3w2-fwch. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app...

6.4CVSS6AI score0.00291EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/19 2:16 a.m.3 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS0.00291EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.22 views

CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS0.00291EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS6.1AI score0.00291EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/19 1:0 a.m.6 views

EUVD-2026-13025

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS6.1AI score0.00291EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability caused by a path validation bypass flaw in the exec approval distribution list pattern on macOS. An attacker can exploit the vulnerability to execute arbitrary commands on th...

7.8CVSS6.2AI score0.00122EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 contained security vulnerabilities. These vulnerabilities were caused by mismatches in allowlist parsing within the macOS-compatible applications, which could allow...

6.4CVSS5.8AI score0.00291EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/03/19 12:0 a.m.95 views

📄 Arturia Software Center MacOS 2.12.0.3157 Privilege Escalation

Arturia Software Center MacOS version 2.12.0.3157 suffers from privilege escalation vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Privilege Escalation Vulnerabilities product: Arturia Softwa...

8.2CVSS5.8AI score0.00127EPSS
Exploits1
EUVD
EUVD
added 2026/03/18 6:31 p.m.7 views

EUVD-2026-12829

The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...

7.8CVSS5.8AI score0.00122EPSS
Exploits1References2
NVD
NVD
added 2026/03/18 4:16 p.m.6 views

CVE-2026-24062

The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...

7.8CVSS0.00122EPSS
Exploits1References1
NVD
NVD
added 2026/03/18 4:16 p.m.7 views

CVE-2026-24063

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

8.2CVSS0.00127EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/18 3:33 p.m.17 views

CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

0.00127EPSS
Exploits1References1
Rows per page
Query Builder