Lucene search
+L

1297 matches found

Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.7 views

CVE-2026-43528 OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.7 views

CVE-2026-43528

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 11:24 a.m.9 views

EUVD-2026-27267

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 11:24 a.m.4 views

CVE-2026-43528 OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.9AI score0.00333EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 11:24 a.m.23 views

CVE-2026-43528

OpenClaw, prior to version 2026.4.14, is affected by a redaction bypass vulnerability that lets authenticated gateway clients read unredacted secrets via the sourceConfig and runtimeConfig aliases. Attackers with config read access can obtain sensitive material such as provider API keys, gateway ...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.10 views

Apple Security Advisory 04-22-2026-2

Apple Security Advisory 04-22-2026-2 - iOS 18.7.8 and iPadOS 18.7.8 address a logging issue with improved data redaction...

6.2CVSS5.4AI score0.0288EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.11 views

Apple Security Advisory 04-22-2026-1

Apple Security Advisory 04-22-2026-1 - iOS 26.4.2 and iPadOS 26.4.2 address a logging issue with improved data redaction...

6.2CVSS5.4AI score0.0288EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.10 views

CVE-2026-41385

OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol operations...

7.1CVSS5.2AI score0.00207EPSS
Exploits0References4
CVE
CVE
added 2026/04/28 6:9 p.m.14 views

CVE-2026-41385

OpenClaw vulnerability CVE-2026-41385 affects the OpenClaw npm package. The issue is that prior to version 2026.3.31, the Nostr privateKey is stored as plaintext in configuration and can be exposed via config.get calls that bypass redaction. This allows retrieval of unredacted configuration data ...

7.1CVSS5.2AI score0.00207EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.32 views

CVE-2026-41385 OpenClaw < 2026.3.31 - Nostr Private Key Exposure via config.get Redaction Bypass

OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol operations...

7.1CVSS0.00207EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41385 OpenClaw < 2026.3.31 - Nostr Private Key Exposure via config.get Redaction Bypass

OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol operations...

7.1CVSS6AI score0.00207EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.19 views

PT-2026-35770

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description The software stores the Nostr privateKey as plaintext within the configuration. This allows the exposure of plaintext signing keys used for Nostr protocol operations through calls to the...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/24 1:28 a.m.15 views

SUSE CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/24 1:22 a.m.5 views

CVE-2026-28950

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the devi...

6.2CVSS6AI score0.0288EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/04/23 10:27 a.m.15 views

Apple fixes iOS bug that kept deleted notifications, including chat previews

Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by law enforcement during forensic analysis. Apple fixed the issue in iOS and iPadOS versions 18.7.8 and 26.4.2 check...

6.2CVSS5.8AI score0.0288EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/04/23 8:6 a.m.9 views

Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages

Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 CVSS score: N/A, has been described as a logging issue that has been addressed with improved dat...

5.7AI score0.0288EPSS
Exploits0
NVD
NVD
added 2026/04/23 2:16 a.m.4 views

CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 12:14 a.m.5 views

CVE-2026-41182 LangSmith SDK: Streaming token events bypass output redaction

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:14 a.m.5 views

CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/23 12:14 a.m.4 views

EUVD-2026-25152

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Rows per page
Query Builder