CVE Reports - DEV Community

CVE Reports

Mar 5

GHSA-W75W-9QV4-J5XJ: GHSA-W75W-9QV4-J5XJ: Path Traversal in dbt-common Archive Extraction

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 5

GHSA-V2X6-WWFW-R2RQ: GHSA-v2x6-wwfw-r2rq: Path Traversal and Parameter Injection in Agentgateway

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 5

CVE-2026-3520: CVE-2026-3520: Denial of Service via Uncontrolled Recursion in Multer

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 5

GHSA-WF45-3GPW-VRQV: Malicious Rust Crate 'time_calibrators' Exfiltrates Environment Variables

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-WCCX-J62J-R448: Fickling Security Bypass: Incomplete Monkey-Patching in Safety Hooks

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-5HWF-RC88-82XM: CVE-2026-22609: Incomplete Blocklist in Fickling Pickle Analyzer Leads to Arbitrary Code Execution

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 4

CVE-2026-29069: CVE-2026-29069: Unauthenticated Activation Email Trigger in Craft CMS

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 4

CVE-2026-3351: CVE-2026-3351: Authorization Bypass in Canonical LXD Certificates API

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 4

GHSA-JWF4-8WF4-JF2M: GHSA-JWF4-8WF4-JF2M: Critical Authorization Bypass in OpenClaw BlueBubbles Plugin

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-F6H3-846H-2R8W: GHSA-f6h3-846h-2r8w: Authorization Bypass in OpenClaw via Improper Recipient Validation

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-W7J5-J98M-W679: GHSA-W7J5-J98M-W679: Excessive Privileges (Root Execution) in OpenClaw Containers

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-25PW-4H6W-QWVM: OpenClaw BlueBubbles Group Allowlist Bypass via DM Pairing Fallback

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-4GC7-QCVF-38WG: CVE-2026-28363: Remote Code Execution in OpenClaw via Argument Injection

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 4

GHSA-659F-22XC-98F2: GHSA-659F-22XC-98F2: Path Traversal via Symbolic Links in OpenClaw Webhook Transforms

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-V6X2-2QVM-6GV8: GHSA-V6X2-2QVM-6GV8: Critical Token Leak via Insecure Hashing Fallback in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-GW85-XP4Q-5GP9: GHSA-GW85-XP4Q-5GP9: Authorization Bypass in OpenClaw Synology Chat Extension

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-8MF7-VV8W-HJR2: GHSA-8MF7-VV8W-HJR2: Remote Code Execution via Insecure SafeBins Fallback in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-R9Q5-C7QC-P26W: GHSA-R9Q5-C7QC-P26W: Webhook Replay Vulnerability in OpenClaw Nextcloud Talk Integration

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-JXRQ-8FM4-9P58: OpenClaw Archive Extraction Path Traversal via Symlinks

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-M8V2-6WWH-R4GC: GHSA-M8V2-6WWH-R4GC: Sandbox Escape via Symlink Manipulation in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-792Q-QW95-F446: GHSA-792Q-QW95-F446: Authorization Bypass in OpenClaw Signal Reaction Handling

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-WPPH-CJGR-7C39: GHSA-WPPH-CJGR-7C39: Identity Collision in OpenClaw Group Policy Resolver

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-JJ82-76V6-933R: GHSA-JJ82-76V6-933R: Execution Allowlist Bypass via Wrapper Injection in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-CJV3-M589-V3RX: GHSA-CJV3-M589-V3RX: Authorization Bypass in OpenClaw Gateway via Shared-IP Fallback

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-534W-2VM4-89XR: GHSA-534w-2vm4-89xr: Authorization Bypass in OpenClaw Zalo Plugin

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-FG3M-VHRR-8GJ6: GHSA-FG3M-VHRR-8GJ6: Critical Command Injection in OpenClaw Lobster Extension via Windows Shell Fallback

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-RV2Q-F2H5-6XMG: GHSA-rv2q-f2h5-6xmg: Node Role Device Identity Bypass in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 4

GHSA-GQ83-8Q7Q-9HFX: GHSA-GQ83-8Q7Q-9HFX: Race Condition in OpenClaw Sandbox Registry Leads to Data Corruption

#security #cve #cybersecurity #ghsa

1

2 min read

CVE Reports

Mar 3

GHSA-2CH6-X3G4-7759: GHSA-2CH6-X3G4-7759: Authorization Bypass in OpenClaw via Identity Confusion

#security #cve #cybersecurity #ghsa

1

2 min read

CVE Reports

Mar 3

GHSA-GCJ7-R3HG-M7W6: GHSA-GCJ7-R3HG-M7W6: Webhook Replay Vulnerability via Unsigned Idempotency Headers in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-VFFC-F7R7-RX2W: GHSA-VFFC-F7R7-RX2W: Systemd Unit Injection in OpenClaw Enables Local Command Execution

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-V865-P3GQ-HW6M: GHSA-V865-P3GQ-HW6M: Path Canonicalization Bypass in OpenClaw Gateway

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

CVE-2026-28401: CVE-2026-28401: Stored Cross-Site Scripting (XSS) in NocoDB Rich Text Components

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 3

GHSA-X9CF-3W63-RPQ9: GHSA-x9cf-3w63-rpq9: Path Traversal in OpenClaw stageSandboxMedia Leading to Arbitrary File Read

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-VMQR-RC7X-3446: CVE-2026-28363: Remote Code Execution in OpenClaw via safeBins Validation Bypass

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 3

GHSA-2WW6-868G-2C56: CVE-2026-27009: Stored XSS via HTML Injection in OpenClaw Image Generation

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-48WF-G7CP-GR3M: GHSA-48WF-G7CP-GR3M: OpenClaw Allowlist Bypass via 'env -S'

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

CVE-2021-25320: CVE-2021-25320: Privilege Escalation via Improper Access Control in Rancher Proxy

#security #cve #cybersecurity

2 min read

CVE Reports

Mar 3

GHSA-RXXP-482V-7MRH: GHSA-RXXP-482V-7MRH: Memory Exhaustion via Unbounded Media Buffering in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-MFG5-7Q5G-F37J: GHSA-MFG5-7Q5G-F37J: Denial of Service via Uncontrolled WebSocket Resource Allocation in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-HJVP-QHM6-WRH2: OpenClaw Node system.run Approval Context Bypass

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-FGVX-58P6-GJWC: GHSA-FGVX-58P6-GJWC: Critical Symlink Traversal in OpenClaw Gateway

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-P25H-9Q54-FFVW: OpenClaw Zip Slip Path Traversal in Archive Extraction

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-47Q7-97XP-M272: GHSA-47Q7-97XP-M272: Cleartext Credential Exposure via Configuration Persistence in OpenClaw

#security #cve #cybersecurity #ghsa

1

2 min read

CVE Reports

Mar 3

GHSA-JMM5-FVH5-GF4P: GHSA-JMM5-FVH5-GF4P: Timing Side-Channel in OpenClaw Authentication

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-V892-HWPG-JWQP: GHSA-V892-HWPG-JWQP: Zip Slip Path Traversal in OpenClaw Archive Extraction

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-943Q-MWMV-HHVH: GHSA-943Q-MWMV-HHVH: Privilege Escalation and RCE in OpenClaw Gateway

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-HWPQ-RRPF-PGCQ: GHSA-HWPQ-RRPF-PGCQ: Execution Approval Bypass in OpenClaw system.run

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-FQCM-97M6-W7RM: GHSA-FQCM-97M6-W7RM: Arbitrary File Read via Path Traversal in OpenClaw Message Actions

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-F7WW-2725-QVW2: GHSA-F7WW-2725-QVW2: TOCTOU Approval Bypass in OpenClaw via Symlink Rebinding

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-5847-RM3G-23MW: GHSA-5847-RM3G-23MW: Authentication Rate Limit Bypass via IPv6-Mapped Address

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-6G25-PC82-VFWP: GHSA-6G25-PC82-VFWP: PKCE Verifier Exposure in OpenClaw OAuth Implementation

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-R65X-2HQR-J5HF: OpenClaw: Node Reconnect Metadata Spoofing Policy Bypass

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-2FGQ-7J6H-9RM4: GHSA-2FGQ-7J6H-9RM4: Remote Code Execution via Environment Injection in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-7F4Q-9RQH-X36P: GHSA-7f4q-9rqh-x36p: Execution Allowlist Bypass in OpenClaw macOS via Basename Matching

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-RX3G-MVC3-QFJF: GHSA-rx3g-mvc3-qfjf: Arbitrary File Read via Avatar Symlink Traversal in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 3

GHSA-WW6V-V748-X7G9: GHSA-WW6V-V748-X7G9: Sandbox Network Isolation Bypass in OpenClaw via Docker Container Mode

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 2

GHSA-GV46-4XFQ-JV58: GHSA-GV46-4XFQ-JV58: Remote Code Execution in OpenClaw via Approval Workflow Bypass

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 2

GHSA-XW4P-PW82-HQR7: GHSA-xw4p-pw82-hqr7: Path Traversal in OpenClaw Skill Mirroring

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Mar 2

GHSA-GWQP-86Q6-W47G: GHSA-GWQP-86Q6-W47G: Execution Approval Bypass via Shell Multiplexers in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

One Year Club