Browse 480+ CVEs from NVD & CNNVD with AI-powered analysis, AI-generated PoCs, KEV/EPSS tracking, and daily security intelligence. Filter by vendor, product, severity, or CWE.
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35674 | OpenClaw < 2026.5.18 - Scope Bypass via Inherited chat.send Route | OpenClaw | OpenClaw | High | 8.8 | 2026-05-29 15:11:30 | Deep Dive |
| CVE-2026-35673 | OpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/Export Routes | OpenClaw | OpenClaw | Medium | 6.5 | 2026-05-29 15:11:04 | Deep Dive |
| CVE-2026-35630 | OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons | OpenClaw | OpenClaw | High | 8.0 | 2026-05-29 15:10:31 | Deep Dive |
| CVE-2026-34507 | OpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Commands via DM-only and allowFrom Checks | OpenClaw | OpenClaw | Medium | 5.4 | 2026-05-29 15:09:57 | Deep Dive |
| CVE-2026-32906 | OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate | OpenClaw | OpenClaw | Medium | 4.3 | 2026-05-29 15:09:31 | Deep Dive |
| CVE-2026-32905 | OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command | OpenClaw | OpenClaw | High | 8.3 | 2026-05-29 15:09:03 | Deep Dive |
| CVE-2026-8634🧪 | Crabbox < v0.12.0 Environment Variable Information Disclosure | openclaw | crabbox | Critical | 9.1 | 2026-05-14 19:18:31 | Deep Dive |
| CVE-2026-8629🧪 | Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endpoints | openclaw | crabbox | High | 8.1 | 2026-05-14 19:12:00 | Deep Dive |
| CVE-2026-8621🧪 | Crabbox < v0.12.0 Authentication Bypass via Header Spoofing | openclaw | crabbox | High | 8.8 | 2026-05-14 18:46:43 | Deep Dive |
| CVE-2026-45224 | Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution | openclaw | crabbox | High | 7.1 | 2026-05-11 18:12:51 | Deep Dive |
| CVE-2026-45223 | Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection | openclaw | crabbox | High | 8.8 | 2026-05-11 18:12:46 | Deep Dive |
| CVE-2026-45006 | OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass | OpenClaw | OpenClaw | High | 8.8 | 2026-05-11 16:46:44 | Deep Dive |
| CVE-2026-45005 | OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation | OpenClaw | OpenClaw | Medium | 6.0 | 2026-05-11 16:46:43 | Deep Dive |
| CVE-2026-45004 | OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Directory | OpenClaw | OpenClaw | High | 7.8 | 2026-05-11 16:46:42 | Deep Dive |
| CVE-2026-45002 | OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping | OpenClaw | OpenClaw | Medium | 5.3 | 2026-05-11 16:46:41 | Deep Dive |
| CVE-2026-45003 | OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files | OpenClaw | OpenClaw | Medium | 5.0 | 2026-05-11 16:46:41 | Deep Dive |
| CVE-2026-45001 | OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access | OpenClaw | OpenClaw | High | 7.1 | 2026-05-11 16:46:40 | Deep Dive |
| CVE-2026-45000 | OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation | OpenClaw | OpenClaw | Medium | 5.0 | 2026-05-11 16:46:39 | Deep Dive |
| CVE-2026-44999 | OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events | OpenClaw | OpenClaw | Medium | 5.3 | 2026-05-11 16:46:38 | Deep Dive |
| CVE-2026-44998 | OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools | OpenClaw | OpenClaw | Medium | 5.4 | 2026-05-11 16:46:37 | Deep Dive |