|
291
|
4.8 |
MEDIUM
Network
|
openssl
|
openssl
|
Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV
(RFC 8452) mishandle the authentication of AAD (Additional Authenticated
Data) with an empty ciphertext allowing a forgery of …
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-45446
|
2026-06-16 11:57 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
8.8 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#7 signature verification.
Impact summary: A use-after-free may result in process crashes…
|
CWE-416
Use After Free
|
CVE-2026-45447
|
2026-06-16 11:56 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacke…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53827
|
2026-06-16 11:55 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. …
|
CWE-863
Incorrect Authorization
|
CVE-2026-53828
|
2026-06-16 11:55 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
8.0 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-53829
|
2026-06-16 11:55 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can explo…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-53830
|
2026-06-16 11:55 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic t…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-53838
|
2026-06-16 11:54 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by craftin…
|
CWE-1023
Incomplete Comparison with Missing Factors
|
CVE-2026-53839
|
2026-06-16 11:54 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
6.6 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attac…
|
CWE-862
Missing Authorization
|
CVE-2026-53820
|
2026-06-16 11:53 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Con…
|
CWE-862
Missing Authorization
|
CVE-2026-53821
|
2026-06-16 11:53 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
