Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Vulnerability List - Page 22

Clear Filters
Found 480 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-28470 OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes OpenClawOpenClaw Critical 9.8 2026-03-05 21:59:47 Deep Dive
CVE-2026-28471 OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin OpenClawOpenClaw Medium 5.3 2026-03-05 21:59:47 Deep Dive
CVE-2026-28469 OpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity OpenClawOpenClaw High 7.5 2026-03-05 21:59:46 Deep Dive
CVE-2026-28468 OpenClaw 2026.1.29-beta.1 < 2026.2.14 - Authentication Bypass in Sandbox Browser Bridge Server OpenClawOpenClaw High 7.7 2026-03-05 21:59:44 Deep Dive
CVE-2026-28466 OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass OpenClawOpenClaw Critical 9.9 2026-03-05 21:59:43 Deep Dive
CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration OpenClawOpenClaw Medium 6.5 2026-03-05 21:59:43 Deep Dive
CVE-2026-28465 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers OpenClawvoice-call Medium 5.9 2026-03-05 21:59:42 Deep Dive
CVE-2026-28464 OpenClaw < 2026.2.12 - Timing Attack in Hooks Token Authentication OpenClawOpenClaw Medium 5.9 2026-03-05 21:59:41 Deep Dive
CVE-2026-28463 OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins Allowlist OpenClawOpenClaw High 8.4 2026-03-05 21:59:40 Deep Dive
CVE-2026-28462 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths OpenClawOpenClaw High 7.5 2026-03-05 21:59:39 Deep Dive
CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path OpenClawOpenClaw High 7.1 2026-03-05 21:59:37 Deep Dive
CVE-2026-28458 OpenClaw 2026.1.20 < 2026.2.1 - Missing Authentication in Browser Relay /cdp WebSocket Endpoint OpenClawOpenClaw High 8.1 2026-03-05 21:59:36 Deep Dive
CVE-2026-28457 OpenClaw < 2026.2.14 - Path Traversal in Sandbox Skill Mirroring via Name Parameter OpenClawOpenClaw Medium 6.1 2026-03-05 21:59:35 Deep Dive
CVE-2026-28456 OpenClaw 2026.1.5 < 2026.2.14 - Arbitrary Code Execution via Unsafe Hook Module Path Handling OpenClawOpenClaw High 7.2 2026-03-05 21:59:33 Deep Dive
CVE-2026-28454 OpenClaw < 2026.2.2 - Authorization Bypass via Unauthenticated Telegram Webhook OpenClawOpenClaw High 7.5 2026-03-05 21:59:32 Deep Dive
CVE-2026-28453 OpenClaw < 2026.2.14 - Zip Slip Path Traversal in TAR Archive Extraction OpenClawOpenClaw High 7.5 2026-03-05 21:59:31 Deep Dive
CVE-2026-28452 OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction in extractArchive OpenClawOpenClaw Medium 5.5 2026-03-05 21:59:30 Deep Dive
CVE-2026-28451 OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching OpenClawOpenClaw High 8.3 2026-03-05 21:59:29 Deep Dive
CVE-2026-28450 OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints OpenClawOpenClaw Medium 6.8 2026-03-05 21:59:28 Deep Dive
CVE-2026-28448 OpenClaw 2026.1.29 < 2026.2.1 - Authorization Bypass in Twitch Plugin allowFrom Access Control OpenClawOpenClaw High 7.3 2026-03-05 21:59:27 Deep Dive