32960 matches found
OpenClaw 2026.2.6 < 2026.2.14 Deep Link Message Truncation (macOS) (GHSA-7q2j-c4q5-rm27)
The version of the OpenClaw AI assistant installed on the remote macOS host is 2026.2.6 or later but prior to 2026.2.14. It is, therefore, affected by a remote code execution vulnerability: - The OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links...
CVE-2026-27487
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
CVE-2026-27487
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
CVE-2026-27487 OpenClaw: Prevent shell injection in macOS keychain credential write
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...
CVE-2026-27487
OpenClaw vulnerability CVE-2026-27487: macOS keychain refresh path builds a shell command to write the updated payload, enabling OS command injection when OAuth tokens are user-controlled. Affected: openclaw versions ≤ 2026.2.13. Impact: arbitrary commands could run on the host; CVSS details show...
OpenClaw 操作系统命令注入漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from a keychain credential refresh shell command constructed on macOS failing to properly filter constructed command special...
CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message
OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...
CVE-2026-26320
Summary: CVE-2026-26320 affects OpenClaw macOS desktop client versions 2026.2.6–2026.2.13. The app registers the openclaw:// URL scheme and, for openclaw://agent deep links without an unattended key, shows a truncated confirmation dialog (first 240 characters) but executes the full message after ...
CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message
OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...
CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...
CVE-2025-4960
CVE-2025-4960 affects macOS via the EPSON printer driver installer’s com.epson.InstallNavi.helper, which exposes privileged functionality due to improper authorization handling and weak client authentication over XPC. The API flow uses overly permissive custom rights registered in /var/db/auth.db...
CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...
CVE-2026-2629
A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...
EPSON Printer Controller Installer 安全漏洞
EPSON Printer Controller Installer is a printer driver installation software developed by EPSON, a Japanese company. The EPSON Printer Controller Installer has a security vulnerability, which stems from improper client authentication using the XPC protocol and incorrect execution of the macOS...
SUSE SLES16 Security Update : go1.25 (SUSE-SU-2026:20428-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20428-1 advisory. Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows...
SUSE SLES16 Security Update : go1.24 (SUSE-SU-2026:20429-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20429-1 advisory. Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allow...
OpenClaw: Prevent shell injection in macOS keychain credential write
Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...
CVE-2026-2629
A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...
CVE-2026-2629 jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection
A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...
Mozilla Firefox < 147.0.4
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 147.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-10 advisory. - Heap buffer overflow in libvpx. This vulnerability affects Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR...