Lucene search
K

6 matches found

CNVD
CNVD
added 2026/03/02 12:0 a.m.1 views

OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-13430)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from unauthenticated TXT records in discovery beacons, where certain clients treat the TXT values as authoritative routing/fixed inputs. An attacker...

7.1CVSS5.8AI score0.001EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/18 12:33 a.m.5 views

Improper Certificate Validation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Certificate Validation via unauthenticated TXT records in the discovery routing. An attacker can redirect client connections to attacker-controlled endpoints and potentially...

7.1CVSS5.7AI score0.001EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 12:33 a.m.3 views

GHSA-PV58-549P-QH99 OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning

Summary Discovery beacons Bonjour/mDNS and DNS-SD include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. TXT records are unauthenticated. Prior to the fix, some clients treated TXT values as authoritative routing/pinning inputs: - iOS and macOS: used TXT-provided host...

7.1CVSS5.6AI score0.001EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20370

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is a personal AI assistant that utilizes discovery beacons Bonjour/mDNS and DNS-SD which include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. These TXT...

7.1CVSS5.6AI score0.001EPSS
Exploits0References6
OSV
OSV
added 2019/05/21 8:29 p.m.4 views

UBUNTU-CVE-2019-12269

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text...

7.5CVSS7.1AI score0.0118EPSS
Exploits1References4
CNVD
CNVD
added 2018/01/12 12:0 a.m.3 views

Punchbowl App Has Logic Design Flaws

Punching Assembly APP is a puzzle national quiz game app. A logic design vulnerability exists in Top Punch APP. The vulnerability is caused by the lack of authentication of the SMS interface at the registration account, which allows an attacker to consume server resources by sending unlimited...

7.1AI score
Exploits0
Rows per page
Query Builder