6 matches found
EUVD-2026-29151
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...
CVE-2026-45006
CVE-2026-45006 affects OpenClaw prior to 2026.4.23, due to improper access control in the gateway tool’s config.apply and config.patch. The vulnerability bypasses an incomplete denylist, allowing compromised models to persist unsafe configuration changes that can alter command execution, network ...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the gateway tools config.apply and config.patch, allowing compromised models...
CVE-2026-42176
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address...
CVE-2026-42176
CVE-2026-42176 affects Scoold prior to version 1.67.0. A forged Bearer token can modify the admins setting via /api/config/set/admins, allowing an attacker to persist admin access after a restart by writing their email to scoold.admins. The change is loaded at startup, enabling administrator priv...
PT-2026-39187
Name of the Vulnerable Software and Affected Versions Scoold versions prior to 1.67.0 Description Scoold allows the modification of the admins configuration value via the "/api/config/set/admins" endpoint using a forged Bearer token that is accepted as an admin API token. This action writes a...