Lucene search
K

4 matches found

OSV
OSV
added 2026/07/02 12:0 a.m.5 views

MAL-2026-6768 Malicious code in @marketfront/blenderdevtool (npm)

The @marketfront/blenderdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/16 8:40 p.m.10 views

OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion

Summary openclaw versions = 2026.3.12 read and buffered Telegram webhook request bodies before validating x-telegram-bot-api-secret-token. This let unauthenticated callers force up to the configured webhook body limit of pre-auth body I/O and JSON parse work per request. Affected Packages /...

8.7CVSS5.8AI score0.00531EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:45 p.m.38 views

OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access

Summary In affected versions, the Browser Relay /cdp WebSocket endpoint did not require an authentication token. As a result, a website running in the browser could potentially connect to the local relay via loopback WebSocket and use CDP to access cookies from other open tabs and run JavaScript ...

8.1CVSS5.8AI score0.00295EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-20324

Name of the Vulnerable Software and Affected Versions openclaw versions prior to 2026.2.1 Description In Telegram webhook mode, if channels.telegram.webhookSecret is not set, the software may accept webhook HTTP requests without verifying Telegram’s secret token header. This can allow forged...

7.5CVSS5.5AI score0.002EPSS
Exploits1References14
Rows per page
Query Builder