OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.14 had code-related vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the Feishu extension, which could allow attackers to obtain control of remote...

GHSA-X22M-J5QQ-J49M OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension

Summary The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections: - sendMediaFeishumediaUrl - Feishu DocX markdown image URLs write/append - image processing Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or vi...

EUVD-2022-36217

Malicious code in bioql PyPI...

CVE-2022-33173

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead...

CVE-2022-33173

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead...

CVE-2022-33173

CVE-2022-33173 affects Couchbase Server before 7.0.4. The vulnerability is an algorithm-downgrade issue in Analytics Remote Links that may temporarily downgrade to a non-TLS connection to determine the TLS port number, using SCRAM-SHA. The connected documents confirm the product/version scope and...

Mozilla: Encrypted mail leaks plaintext through src attribute

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...