Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 93

CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-45002 OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping OpenClawOpenClaw Medium 5.3 2026-05-11 16:46:41 Deep Dive
CVE-2026-45003 OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files OpenClawOpenClaw Medium 5.0 2026-05-11 16:46:41 Deep Dive
CVE-2026-45001 OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access OpenClawOpenClaw High 7.1 2026-05-11 16:46:40 Deep Dive
CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation OpenClawOpenClaw Medium 5.0 2026-05-11 16:46:39 Deep Dive
CVE-2026-44999 OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events OpenClawOpenClaw Medium 5.3 2026-05-11 16:46:38 Deep Dive
CVE-2026-44997 OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions OpenClawOpenClaw Medium 4.3 2026-05-11 16:46:37 Deep Dive
CVE-2026-44998 OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools OpenClawOpenClaw Medium 5.4 2026-05-11 16:46:37 Deep Dive
CVE-2026-44996 OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding OpenClawOpenClaw Low 3.7 2026-05-11 16:46:36 Deep Dive
CVE-2026-44995 OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables OpenClawOpenClaw High 7.3 2026-05-11 16:46:35 Deep Dive
CVE-2026-44994 OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint OpenClawOpenClaw Medium 5.3 2026-05-11 16:46:34 Deep Dive
CVE-2026-44992 OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv OpenClawOpenClaw Medium 5.0 2026-05-11 16:46:33 Deep Dive
CVE-2026-44993 OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions OpenClawOpenClaw Medium 5.4 2026-05-11 16:46:33 Deep Dive
CVE-2026-44991 OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders OpenClawOpenClaw Medium 4.2 2026-05-11 16:46:32 Deep Dive
CVE-2026-42316 KQL injection via kusto.tables.topics.mapping in kafka-sink-azure-kusto Azurekafka-sink-azure-kusto Medium 6.5 2026-05-11 16:41:07 Deep Dive
CVE-2026-44226 pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI pyloadpyload Medium 5.3 2026-05-11 16:36:35 Deep Dive
CVE-2026-42315 pyLoad: Path Traversal via Package Folder Name in set_package_data pyloadpyload High 8.1 2026-05-11 16:35:32 Deep Dive
CVE-2026-42314 pyLoad: Path Traversal via Package Folder Name pyloadpyload Medium 6.5 2026-05-11 16:34:06 Deep Dive
CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification pyloadpyload Medium 6.8 2026-05-11 16:32:00 Deep Dive
CVE-2026-42313 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy pyloadpyload High 8.3 2026-05-11 16:30:40 Deep Dive
CVE-2026-8305 OpenClaw bluebubbles Webhook monitor.ts handleBlueBubblesWebhookRequest improper authentication -OpenClaw High 7.3 2026-05-11 16:30:15 Deep Dive