Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 341 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-32058 OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node OpenClawOpenClaw Low 2.6 2026-03-21 00:42:29 Deep Dive
CVE-2026-32064 OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer OpenClawOpenClaw High 7.7 2026-03-21 00:42:29 Deep Dive
CVE-2026-32057 OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter OpenClawOpenClaw High 7.1 2026-03-21 00:42:28 Deep Dive
CVE-2026-32056 OpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.run OpenClawOpenClaw High 7.5 2026-03-21 00:42:27 Deep Dive
CVE-2026-32054 OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling OpenClawOpenClaw Medium 6.5 2026-03-21 00:42:26 Deep Dive
CVE-2026-32055 OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink OpenClawOpenClaw High 7.6 2026-03-21 00:42:26 Deep Dive
CVE-2026-32053 OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization OpenClawOpenClaw Medium 6.5 2026-03-21 00:42:25 Deep Dive
CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers OpenClawOpenClaw Medium 6.4 2026-03-21 00:42:24 Deep Dive
CVE-2026-32050 OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass OpenClawOpenClaw Low 3.7 2026-03-21 00:42:23 Deep Dive
CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access OpenClawOpenClaw High 8.8 2026-03-21 00:42:23 Deep Dive
CVE-2026-32049 OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass OpenClawOpenClaw High 7.5 2026-03-21 00:42:22 Deep Dive
CVE-2026-32048 OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn OpenClawOpenClaw High 7.5 2026-03-21 00:42:21 Deep Dive
CVE-2026-32045 OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth OpenClawOpenClaw Medium 5.9 2026-03-21 00:42:20 Deep Dive
CVE-2026-32046 OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag OpenClawOpenClaw Medium 5.3 2026-03-21 00:42:20 Deep Dive
CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation OpenClawOpenClaw Medium 5.5 2026-03-21 00:42:19 Deep Dive
CVE-2026-32042 OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication OpenClawOpenClaw High 8.8 2026-03-21 00:42:18 Deep Dive
CVE-2026-32043 OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter OpenClawOpenClaw Medium 6.5 2026-03-21 00:42:18 Deep Dive
CVE-2026-22172 OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections OpenClawOpenClaw Critical 9.9 2026-03-20 14:48:29 Deep Dive
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap OpenClawOpenClaw Medium 6.9 2026-03-19 22:07:15 Deep Dive
CVE-2026-32040 OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation OpenClawOpenClaw Medium 4.6 2026-03-19 22:07:14 Deep Dive