Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Vulnerability List - Page 5

Clear Filters
Found 480 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-42427 OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection OpenClawOpenClaw Medium 5.3 2026-04-28 18:10:17 Deep Dive
CVE-2026-42426 OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope OpenClawOpenClaw High 8.8 2026-04-28 18:10:16 Deep Dive
CVE-2026-42424 OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths OpenClawOpenClaw Medium 5.7 2026-04-28 18:10:15 Deep Dive
CVE-2026-42423 OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback OpenClawOpenClaw High 7.5 2026-04-28 18:10:14 Deep Dive
CVE-2026-42422 OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function OpenClawOpenClaw High 8.8 2026-04-28 18:10:13 Deep Dive
CVE-2026-42421 OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rotation OpenClawOpenClaw Medium 5.4 2026-04-28 18:10:13 Deep Dive
CVE-2026-42420 OpenClaw < 2026.4.8 - Improper Base64 Decoding Size Validation OpenClawOpenClaw Medium 4.3 2026-04-28 18:10:12 Deep Dive
CVE-2026-41916 OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload OpenClawOpenClaw Medium 5.4 2026-04-28 18:10:11 Deep Dive
CVE-2026-41915 OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment OpenClawOpenClaw Medium 5.3 2026-04-28 18:10:10 Deep Dive
CVE-2026-41914 OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths OpenClawOpenClaw High 8.5 2026-04-28 18:10:09 Deep Dive
CVE-2026-41913 OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts OpenClawOpenClaw Low 3.7 2026-04-28 18:10:09 Deep Dive
CVE-2026-41912 OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered Navigation OpenClawOpenClaw High 7.6 2026-04-28 18:10:08 Deep Dive
CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image OpenClawOpenClaw Medium 6.5 2026-04-28 18:10:07 Deep Dive
CVE-2026-41910 OpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel Writes OpenClawOpenClaw Medium 4.3 2026-04-28 18:10:06 Deep Dive
CVE-2026-41408 OpenClaw < 2026.3.31 - Disk Exhaustion via Media Download Bypass OpenClawOpenClaw Medium 4.3 2026-04-28 18:10:06 Deep Dive
CVE-2026-41407 OpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret Comparison OpenClawOpenClaw Low 3.7 2026-04-28 18:10:05 Deep Dive
CVE-2026-41406 OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Thread History and Quoted Messages OpenClawOpenClaw Medium 5.4 2026-04-28 18:10:04 Deep Dive
CVE-2026-41405 OpenClaw < 2026.3.31 - Resource Exhaustion via Unauthenticated MS Teams Webhook Body Parsing OpenClawOpenClaw High 7.5 2026-04-28 18:10:03 Deep Dive
CVE-2026-41404 OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authentication OpenClawOpenClaw High 8.8 2026-04-28 18:10:02 Deep Dive
CVE-2026-41403 OpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request Misclassification OpenClawOpenClaw Low 2.9 2026-04-28 18:10:00 Deep Dive