Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Vulnerability List - Page 9

Clear Filters
Found 480 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-41340 OpenClaw < 2026.3.31 - Authentication Boundary Bypass via Telegram Legacy allowFrom Migration OpenClawOpenClaw Medium 6.5 2026-04-23 21:57:59 Deep Dive
CVE-2026-41339 OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot OpenClawOpenClaw Medium 4.3 2026-04-23 21:57:59 Deep Dive
CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations OpenClawOpenClaw Medium 5.0 2026-04-23 21:57:58 Deep Dive
CVE-2026-41337 OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay OpenClawOpenClaw Medium 5.3 2026-04-23 21:57:57 Deep Dive
CVE-2026-41336 OpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable Override OpenClawOpenClaw High 7.8 2026-04-23 21:57:56 Deep Dive
CVE-2026-41335 OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON OpenClawOpenClaw Medium 5.3 2026-04-23 21:57:55 Deep Dive
CVE-2026-41334 OpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard Bypass OpenClawOpenClaw Medium 6.5 2026-04-23 21:57:55 Deep Dive
CVE-2026-41333 OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken OpenClawOpenClaw Low 3.7 2026-04-23 21:57:54 Deep Dive
CVE-2026-41332 OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist OpenClawOpenClaw Medium 5.3 2026-04-23 21:57:53 Deep Dive
CVE-2026-41909 OpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing Actions OpenClawOpenClaw Medium 5.4 2026-04-23 17:52:42 Deep Dive
CVE-2026-41908 OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route OpenClawOpenClaw Medium 4.3 2026-04-23 17:52:33 Deep Dive
CVE-2026-41331 OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Transcription OpenClawOpenClaw Medium 5.3 2026-04-20 23:08:18 Deep Dive
CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy OpenClawOpenClaw Medium 4.4 2026-04-20 23:08:17 Deep Dive
CVE-2026-41303 OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands OpenClawOpenClaw High 8.8 2026-04-20 23:08:16 Deep Dive
CVE-2026-41329 OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation OpenClawOpenClaw Critical 9.9 2026-04-20 23:08:16 Deep Dive
CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download OpenClawOpenClaw High 7.6 2026-04-20 23:08:15 Deep Dive
CVE-2026-41301 OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass OpenClawOpenClaw Medium 5.3 2026-04-20 23:08:14 Deep Dive
CVE-2026-41299 OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard OpenClawOpenClaw High 7.1 2026-04-20 23:08:13 Deep Dive
CVE-2026-41300 OpenClaw < 2026.3.31 - Preservation of Attacker-Discovered Endpoints in Remote Onboarding OpenClawOpenClaw Medium 6.5 2026-04-20 23:08:13 Deep Dive
CVE-2026-41298 OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint OpenClawOpenClaw Medium 5.4 2026-04-20 23:08:12 Deep Dive