|
1261
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restr…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44998
|
2026-05-13 23:12 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1262
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, contro…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-44997
|
2026-05-13 23:12 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1263
|
3.7 |
LOW
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag…
New
|
CWE-22
Path Traversal
|
CVE-2026-44996
|
2026-05-13 23:12 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1264
|
7.3 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace con…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-44995
|
2026-05-13 23:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1265
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Att…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44994
|
2026-05-13 23:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1266
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enfo…
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-44993
|
2026-05-13 23:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1267
|
5.0 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax…
New
|
CWE-441
Confused Deputy
|
CVE-2026-44992
|
2026-05-13 23:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1268
|
4.2 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are co…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44991
|
2026-05-13 23:10 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1269
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
visionos
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5.…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-28940
|
2026-05-13 23:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1270
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
|
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able …
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-28952
|
2026-05-13 23:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
