Lucene search
K

32960 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/23 12:0 a.m.9 views

OpenClaw 2026.2.6 < 2026.2.14 Deep Link Message Truncation (macOS) (GHSA-7q2j-c4q5-rm27)

The version of the OpenClaw AI assistant installed on the remote macOS host is 2026.2.6 or later but prior to 2026.2.14. It is, therefore, affected by a remote code execution vulnerability: - The OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links...

7.1CVSS6.6AI score0.00426EPSS
Exploits0References3
NVD
NVD
added 2026/02/21 10:16 a.m.7 views

CVE-2026-27487

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...

8CVSS0.012EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/21 9:35 a.m.5 views

CVE-2026-27487

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...

7.6CVSS5.5AI score0.012EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/02/21 9:35 a.m.21 views

CVE-2026-27487 OpenClaw: Prevent shell injection in macOS keychain credential write

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...

7.6CVSS0.012EPSS
Exploits0References6
CVE
CVE
added 2026/02/21 9:35 a.m.29 views

CVE-2026-27487

OpenClaw vulnerability CVE-2026-27487: macOS keychain refresh path builds a shell command to write the updated payload, enabling OS command injection when OAuth tokens are user-controlled. Affected: openclaw versions ≤ 2026.2.13. Impact: arbitrary commands could run on the host; CVSS details show...

8CVSS5.5AI score0.012EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.6 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from a keychain credential refresh shell command constructed on macOS failing to properly filter constructed command special...

8CVSS6.1AI score0.012EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/19 10:24 p.m.4 views

CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS6AI score0.00426EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 10:24 p.m.11 views

CVE-2026-26320

Summary: CVE-2026-26320 affects OpenClaw macOS desktop client versions 2026.2.6–2026.2.13. The app registers the openclaw:// URL scheme and, for openclaw://agent deep links without an unattended key, shows a truncated confirmation dialog (first 240 characters) but executes the full message after ...

7.1CVSS6AI score0.00426EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/19 10:24 p.m.20 views

CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS0.00426EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 1:37 a.m.29 views

CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...

7.8CVSS0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 1:37 a.m.12 views

CVE-2025-4960

CVE-2025-4960 affects macOS via the EPSON printer driver installer’s com.epson.InstallNavi.helper, which exposes privileged functionality due to improper authorization handling and weak client authentication over XPC. The API flow uses overly permissive custom rights registered in /var/db/auth.db...

7.8CVSS7.7AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 1:37 a.m.4 views

CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...

7.8CVSS7.8AI score0.00126EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.9 views

CVE-2026-2629

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

7.5CVSS5.4AI score0.01693EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

EPSON Printer Controller Installer 安全漏洞

EPSON Printer Controller Installer is a printer driver installation software developed by EPSON, a Japanese company. The EPSON Printer Controller Installer has a security vulnerability, which stems from improper client authentication using the XPC protocol and incorrect execution of the macOS...

7.8CVSS7.3AI score0.00126EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.5 views

SUSE SLES16 Security Update : go1.25 (SUSE-SU-2026:20428-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20428-1 advisory. Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows...

10CVSS5.8AI score0.00765EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.10 views

SUSE SLES16 Security Update : go1.24 (SUSE-SU-2026:20429-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20429-1 advisory. Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allow...

10CVSS6.3AI score0.00765EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2026/02/18 5:39 p.m.17 views

OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

8CVSS5.6AI score0.012EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/02/17 10:18 p.m.5 views

CVE-2026-2629

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

7.5CVSS0.01693EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/17 10:2 p.m.31 views

CVE-2026-2629 jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

7.5CVSS0.01693EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.5 views

Mozilla Firefox < 147.0.4

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 147.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-10 advisory. - Heap buffer overflow in libvpx. This vulnerability affects Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR...

8.8CVSS6.1AI score0.006EPSS
Exploits0References2
Rows per page
Query Builder