Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1246 matches found

Vulnrichment
Vulnrichmentadded 3 days ago6 views

CVE-2026-0097

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00012EPSS
Exploits0References1
Cvelist
Cvelistadded 3 days ago25 views

CVE-2026-0097

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00012EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 3 days ago5 views

CVE-2026-0097

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.9AI score0.00012EPSS
Exploits0References2Affected Software1
NVD
NVDadded 3 days ago5 views

CVE-2026-10216

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS0.00056EPSS
Exploits0References7
EUVD
EUVDadded 3 days ago4 views

EUVD-2026-33537

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS5.2AI score0.00056EPSS
Exploits0References7
Cvelist
Cvelistadded 3 days ago32 views

CVE-2026-10216 unitedbyai droidclaw claim Endpoint pairing.ts excessive authentication

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS0.00056EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 3 days ago5 views

CVE-2026-10216

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS5.2AI score0.00056EPSS
Exploits0References7Affected Software1
CNNVD
CNNVDadded 3 days ago4 views

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from logical errors in multiple locations. These vulnerabilities may bypass user interaction when pairing LE devices. This can lead to an...

8CVSS5.8AI score0.00012EPSS
Exploits0References1
CNNVD
CNNVDadded 3 days ago2 views

droidclaw security vulnerabilities

Droidclaw is an open-source AI tool developed by Unitedby AI U/AI, which allows for control of Android phones through natural language commands. Droidclaw versions 0.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from an improper limit on the number of authentication...

6.3CVSS5.9AI score0.00056EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 3 days ago6 views

PT-2026-45248

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS5.2AI score0.00056EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 3 days ago7 views

PT-2026-45601

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in multiple locations allows for the bypass of user interaction during the pairing of an LE Low Energy device. This flaw enables remote escalation of privilege for an adjacent...

8CVSS6AI score0.00012EPSS
Exploits0References3
OSV
OSVadded 3 days ago2 views

ASB-A-446114623

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.9AI score0.00012EPSS
Exploits0References1
Snyk
Snykadded 6 days ago3 views

Missing Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization through the registerPairCommand and resolvePairingCommandAuthState paths in the device-pair command handler. An attacker can generate pairing setup codes,...

8.7CVSS5.8AI score0.00042EPSS
Exploits0References2
Snyk
Snykadded 6 days ago5 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through the registerPairCommand and resolvePairingCommandAuthState paths in the device-pair command handler. An attacker can generate pairing setup codes, inspect...

8.7CVSS5.8AI score0.00042EPSS
Exploits0References2
NVD
NVDadded 6 days ago10 views

CVE-2026-32905

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS0.00042EPSS
Exploits0References2
CVE
CVEadded 6 days ago12 views

CVE-2026-32905

OpenClaw versions before 2026.5.4 contain an authorization bypass in the bundled device-pair plugin that lets non-owner users with chat command access issue device‑pairing bootstrap codes without proper scope validation. Attackers can enroll devices with operator/node capabilities by creating set...

8.7CVSS5.8AI score0.00042EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 6 days ago8 views

CVE-2026-32905 OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS5.8AI score0.00042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 6 days ago3 views

CVE-2026-32905

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS5.8AI score0.00042EPSS
Exploits0References3
Cvelist
Cvelistadded 6 days ago23 views

CVE-2026-32905 OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS0.00042EPSS
Exploits0References2
EUVD
EUVDadded 6 days ago5 views

EUVD-2026-33332

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

8.7CVSS5.8AI score0.00042EPSS
Exploits0References2
Rows per page
Query Builder