•44 minutes ago•GHSA-4564-PVR2-QQ4H
8.8OpenClaw Keychain Injection: When Secure Storage Becomes a Shell
A critical OS Command Injection vulnerability in the OpenClaw AI assistant allows remote code execution via malicious OAuth tokens. By failing to sanitize inputs before passing them to the macOS 'security' utility, the application permits attackers to execute arbitrary shell commands with the privileges of the host user. This transforms the keychain credential management feature—designed for security—into a high-impact entry point for compromise.
1 views•5 min read
•about 1 hour ago•GHSA-7RCP-MXPQ-72PJ
4.3OpenClaw Chutes: The 'Trust Me Bro' OAuth State Bypass
A logic flaw in OpenClaw's manual OAuth input parsing allowed attackers to bypass state validation by simply providing a bare authorization code. The application helpfully, but insecurely, assumed that any non-URL input was a valid code and automatically attached the expected session state to it, enabling credential substitution attacks.
0 views•5 min read
•about 2 hours ago•GHSA-JFV4-H8MC-JCP8
4.3OpenClaw: The Cleanup Crew That Killed Everyone Else's Processes
A process safety vulnerability in the OpenClaw Personal AI Assistant allowed the CLI runner to terminate arbitrary processes on the local system. By relying on loose regex matching of command-line arguments without verifying process lineage (PPID) or ownership, OpenClaw could accidentally execute a Denial of Service (DoS) against other users on shared environments.
0 views•5 min read
•about 2 hours ago•GHSA-RWJ8-P9VQ-25GV
8.6OpenClaw BlueBubbles: When Your iMessage Bridge Becomes a Spy
A critical Path Traversal vulnerability in the OpenClaw BlueBubbles extension allowed attackers to exfiltrate sensitive local files via message attachments. By manipulating the media delivery pipeline, a malicious actor (or a confused AI) could trick the system into reading arbitrary files from the host server—such as SSH keys or password hashes—and sending them directly to an iMessage chat. The flaw stemmed from a lack of directory containment checks in the `sendBlueBubblesMedia` function.
3 views•6 min read
•about 3 hours ago•GHSA-X22M-J5QQ-J49M
8.6OpenClaw: When Your AI Assistant Steals Your /etc/passwd
A critical Server-Side Request Forgery (SSRF) and Local File Disclosure (LFD) vulnerability in the OpenClaw Feishu extension allows attackers to weaponize AI agents to fetch internal network resources or read sensitive local files.
5 views•6 min read
•about 3 hours ago•GHSA-H9G4-589H-68XV
7.1OpenClaw: The Sandbox That Wasn't
OpenClaw's sandbox browser bridge server failed to enforce authentication during initialization, allowing local attackers to bypass security controls. This failure to wire credentials turned the secure browser environment into an open proxy, permitting arbitrary Chrome DevTools Protocol (CDP) execution and session hijacking.
3 views•6 min read
•about 4 hours ago•GHSA-97F8-7CMV-76J2
7.5The Magician's Trick: Bypassing Picklescan with Dynamic Eval
A logic flaw in the Picklescan security tool allows attackers to bypass malware detection in PyTorch models. By dynamically generating the file header (magic number) using pickle opcodes, an attacker can cause the scanner to abort analysis early, effectively hiding malicious payloads located later in the file stream.
0 views•6 min read
•about 6 hours ago•CVE-2023-38545
9.8SOCKS5, Lies, and Heap Overflows: Dissecting CVE-2023-38545 in curl
CVE-2023-38545 is a high-severity heap-based buffer overflow in curl's SOCKS5 proxy handshake implementation. It affects libcurl versions 7.69.0 through 8.3.0. The vulnerability is triggered when curl is configured to use a SOCKS5 proxy with remote hostname resolution (`socks5h://`) and encounters a slow handshake delay. This race-like condition in the non-blocking state machine allows a hostname up to 65,535 bytes to be copied into a much smaller heap buffer (default 16kB in libcurl), leading to heap corruption, Denial of Service (DoS), or potential Remote Code Execution (RCE).
5 views•7 min read
•about 7 hours ago•CVE-2014-6492
7.6Java's Toxic Relationship: Inside CVE-2014-6492
Back in 2014, the browser landscape was a wild west of plugins, and Oracle's Java SE was the sheriff with a rusty badge. CVE-2014-6492 represents a critical, albeit cryptic, vulnerability in the Java Deployment component that specifically targeted Firefox users. Unlike generic Java exploits that sprayed attacks across all browsers, this one exploited the unique way Firefox's NPAPI (Netscape Plugin API) implementation talked to the Java Virtual Machine (JVM). It allowed a remote attacker to bypass the Java Sandbox entirely, escalating from a simple drive-by web visit to full remote code execution (RCE) with the privileges of the victim.
13 views•7 min read
•about 8 hours ago•CVE-2026-21514
7.8Trust Issues: The Art of lying to Microsoft Word (CVE-2026-21514)
In the world of binary exploitation, legacy code is the gift that keeps on giving. CVE-2026-21514 is a prime example of 'tech debt' meeting 'logical fallacy.' This high-severity zero-day vulnerability in Microsoft Word allows attackers to bypass critical Object Linking and Embedding (OLE) security mitigations—essentially the digital equivalent of a 'Beware of Dog' sign that gets taken down by the burglar. By manipulating the internal XML structure of a document, an attacker can convince Word that a malicious OLE object is trustworthy, bypassing Mark-of-the-Web (MotW) protections and executing code without the user ever seeing a confirmation prompt.
5 views•7 min read
•about 8 hours ago•CVE-2026-26221
10.0Grim Remoting: The Ghost of .NET Past Haunts Hyland OnBase
In the world of enterprise software, nothing ever truly dies; it just becomes a legacy service running with SYSTEM privileges. CVE-2026-26221 is a catastrophic, unauthenticated Remote Code Execution vulnerability in Hyland OnBase's Workflow Timer Service. By leveraging the ancient and insecure .NET Remoting protocol, attackers can turn a helper service into a full-blown command center, executing arbitrary code via insecure deserialization. It’s a classic case of 2005-era architecture meeting modern exploitation tools, resulting in a CVSS 10.0 nightmare.
7 views•6 min read
•about 13 hours ago•GHSA-XVHF-X56F-2HPP
6.1OpenClaw: When 'Safe' Binaries Bite Back
A deep dive into an Argument Injection vulnerability in OpenClaw's `safeBins` mechanism. By failing to account for shell expansion, the validator allowed attackers to bypass allowlists using wildcards and variables, turning 'harmless' tools like `head` into arbitrary file readers.
7 views•6 min read