|
3531
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The
iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain adminis…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-11849
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3532
|
- |
|
-
|
-
|
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified b…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-11879
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3533
|
- |
|
-
|
-
|
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because t…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-11967
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3534
|
- |
|
-
|
-
|
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login cred…
|
CWE-257
Storing Passwords in a Recoverable Format
|
CVE-2026-1836
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3535
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell o…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-53806
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3536
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke a…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53807
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3537
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuratio…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53808
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3538
|
3.8 |
LOW
Local
|
-
|
-
|
OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identit…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53809
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3539
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator …
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-53810
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3540
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-53811
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
