Lucene search
+L

4 matches found

EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-45102

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...

6.5CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 7:50 p.m.10 views

CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS5.8AI score0.00382EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/01 7:50 p.m.36 views

CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS0.00382EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

nanobot 代码问题漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in the Microsoft Teams channel processing program. This could allow...

7CVSS5.5AI score0.00382EPSS
Exploits0References4
Rows per page
Query Builder