|
2381
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit sta…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-53824
|
2026-06-16 11:51 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2382
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outs…
|
CWE-22
Path Traversal
|
CVE-2026-53825
|
2026-06-16 11:49 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2383
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-53826
|
2026-06-16 11:48 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2384
|
8.1 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: A signed integer overflow when sizing the destination
buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap
buffer overflow.
Impact summary: A heap buffer overflow may…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7383
|
2026-06-16 11:46 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2385
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)
processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK
cipher can trigger a heap out-of-bounds read in…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9076
|
2026-06-16 11:45 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2386
|
8.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenti…
|
CWE-367
NVD-CWE-noinfo
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-53831
|
2026-06-16 09:45 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2387
|
7.1 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gate…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-53832
|
2026-06-16 09:37 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2388
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictio…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-53833
|
2026-06-16 09:34 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2389
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke s…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53834
|
2026-06-16 09:28 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2390
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring con…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53835
|
2026-06-16 09:25 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
