12 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.4 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass vulnerabilities in the bundled device-pair plugin, allowing unauthorized chatters t...
MAL-2026-4818 Malicious code in saturn-bail (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a29ae44bbeeb4d31d176d78d669615e7a508bd236620cc3724478100f9b6997 saturn-bail is a Baileys-derivative WhatsApp library that, on every makeWASocket call, schedules a 90-second timer which executes...
EUVD-2026-17029
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outsi...
CVE-2026-33575
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outsi...
CVE-2026-33575
OpenClaw prior to 2026.3.12 embeds long‑lived shared gateway credentials directly in pairing setup codes generated by /pair and in the OpenClaw QR command. If attackers access leaked setup codes from chat history, logs, or screenshots, they can recover and reuse the shared credential outside the ...
CVE-2026-33575 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outsi...
CVE-2026-33575
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outsi...
CVE-2026-33575 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outsi...
PT-2026-28499
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description The software embeds long-lived shared gateway credentials directly within pairing setup codes. These codes are generated by the /pair API endpoint and the OpenClaw qr command. If setup codes are...
OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
GHSA-7H7G-X2PX-94HJ OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
eGeeTouch 3rd Generation Travel Padlock application 安全漏洞
The eGeeTouch 3rd Generation Travel Padlock application is a smart luggage lock from eGeeTouch, Inc. that provides simple and enhanced security for travel luggage to meet the travel experience of a growing number of travelers across the globe. A security vulnerability exists in the eGeeTouch 3rd...