willJ

@80vul 应该不在这里吧，在一处原型链污染。

CVE-2026-34621 Root cause: ANFancyAlertImpl() buttons parameter injection for(var i in buttons) { ... desc[bid] = eval("(function(dialog) { dialog.end('" + bid + "'); })");} ... app.beginPriv(); var result = app.execDialog(desc); app.endPriv(); return result;

I reported a file disclosure vuln in @openclaw. Any group chat member can steal API keys and conversation history. Silently fixed the next day. Never notified. Then denied as "not a vulnerability." A one-day fix shows urgency. Denying it shows disrespect. #infosec

@ohhara_shiojiri CVE-2026-23760

Critical SmarterMail Vulnerability Under Attack, No CVE Yet securityaffairs.com/187201/hacking…