Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Vulnerability List - Page 2

Clear Filters
Found 480 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-44998 OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools OpenClawOpenClaw Medium 5.4 2026-05-11 16:46:37 Deep Dive
CVE-2026-44996 OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding OpenClawOpenClaw Low 3.7 2026-05-11 16:46:36 Deep Dive
CVE-2026-44995 OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables OpenClawOpenClaw High 7.3 2026-05-11 16:46:35 Deep Dive
CVE-2026-44994 OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint OpenClawOpenClaw Medium 5.3 2026-05-11 16:46:34 Deep Dive
CVE-2026-44993 OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions OpenClawOpenClaw Medium 5.4 2026-05-11 16:46:33 Deep Dive
CVE-2026-44992 OpenClaw 2026.4.5 through 2026.4.19 - MiniMax API Host Override via Workspace dotenv OpenClawOpenClaw Medium 5.0 2026-05-11 16:46:33 Deep Dive
CVE-2026-44991 OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders OpenClawOpenClaw Medium 4.2 2026-05-11 16:46:32 Deep Dive
CVE-2026-8305 OpenClaw bluebubbles Webhook monitor.ts handleBlueBubblesWebhookRequest improper authentication -OpenClaw High 7.3 2026-05-11 16:30:15 Deep Dive
CVE-2026-44118 OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header OpenClawOpenClaw High 7.8 2026-05-06 19:49:37 Deep Dive
CVE-2026-44117 OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload OpenClawOpenClaw Medium 5.8 2026-05-06 19:49:36 Deep Dive
CVE-2026-44116 OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation OpenClawOpenClaw High 8.6 2026-05-06 19:49:36 Deep Dive
CVE-2026-44115 OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist OpenClawOpenClaw High 8.8 2026-05-06 19:49:35 Deep Dive
CVE-2026-44114 OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv OpenClawOpenClaw High 7.8 2026-05-06 19:49:33 Deep Dive
CVE-2026-44113 OpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge OpenClawOpenClaw High 7.7 2026-05-06 19:49:30 Deep Dive
CVE-2026-44112 OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes OpenClawOpenClaw Critical 9.6 2026-05-06 19:49:30 Deep Dive
CVE-2026-44111 OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get OpenClawOpenClaw Medium 4.3 2026-05-06 19:49:29 Deep Dive
CVE-2026-44109 OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation OpenClawOpenClaw Critical 9.8 2026-05-06 19:49:28 Deep Dive
CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store OpenClawOpenClaw High 8.8 2026-05-06 19:49:28 Deep Dive
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution OpenClawOpenClaw High 8.1 2026-05-06 19:49:27 Deep Dive
CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy OpenClawOpenClaw High 8.8 2026-05-06 19:49:26 Deep Dive