openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools

Affected openclaw-claude-bridge v1.1.0 Issue v1.1.0 spawns the Claude Code CLI subprocess with --allowed-tools "" and the release notes + README claim this "disables all CLI tools" for sandboxing. This claim is incorrect. Per the Claude Code CLI documentation, --allowed-tools alias --allowedTools...

CVE-2023-4127

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

EUVD-2024-53433

Malicious code in bioql PyPI...

CVE-2024-56800 Firecrawl has SSRF Vulnerability via malicious scrape target

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...

CVE-2023-37635

CVE-2023-37635 affects UVDesk Community Skeleton v1.1.1, described as an unauthenticated brute-force login vulnerability that could allow access to the application. Concrete detail: login-page brute-force on UVDesk Community Skeleton 1.1.1. Root cause and exact exploit path are not detailed in th...

CVE-2023-43980

Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disablejson.php...

CVE-2023-43980

Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disablejson.php...

CVE-2023-43980

Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disablejson.php...

lol-html panics on certain HTML inputs

Impact lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. Patches The problem has been patched and released as v1.1.1 Workarounds No workarounds exist...

GHSA-52H8-C876-989C Answer has Race Condition within a Thread

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4127 Race Condition within a Thread in answerdev/answer

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4127 Race Condition within a Thread in answerdev/answer

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4124 Missing Authorization in answerdev/answer

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-23088

Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the jsonvalueparse function...

CVE-2023-23088

Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the jsonvalueparse function...

Code injection

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa...

TOTOLINK A3002R 安全漏洞

The TOTOLINK A3002R is a wireless dual-band Gigabit router from China's Gion Electronics TOTOLINK that complies with the latest IEEE802.11ac Wave 2 standard. A security vulnerability exists in the TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 version, which stems from vulnerability to...

CVE-2022-28445

KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module...

CVE-2022-28445

KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module...

Design/Logic Flaw

KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module...