Export limit exceeded: 339337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32057 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 5.9 Medium |
| OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui client identifier to skip pairing requirements and gain unauthorized access to node event execution flows. | ||||
| CVE-2026-32056 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 7.5 High |
| OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed. | ||||
| CVE-2026-32055 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 7.6 High |
| OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check improperly resolves aliases, permitting the first write operation to escape the workspace boundary and create files in arbitrary locations. | ||||
| CVE-2026-32053 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 6.5 Medium |
| OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption. | ||||
| CVE-2026-32052 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 6.4 Medium |
| OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation. | ||||
| CVE-2026-32051 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 8.8 High |
| OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perform control-plane actions beyond their intended authorization level by exploiting inconsistent owner-only gating during agent execution. | ||||
| CVE-2026-32050 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 3.7 Low |
| OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue signal reaction status lines for sessions without proper DM or group access validation. | ||||
| CVE-2026-32049 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 7.5 High |
| OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability. | ||||
| CVE-2026-32048 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 7.5 High |
| OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set to off, bypassing runtime confinement restrictions. | ||||
| CVE-2026-32046 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 5.3 Medium |
| OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system. | ||||
| CVE-2026-32045 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 5.9 Medium |
| OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication credentials. | ||||
| CVE-2026-32044 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 5.5 Medium |
| OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation. | ||||
| CVE-2026-32043 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 6.5 Medium |
| OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts. | ||||
| CVE-2026-32042 | 1 Openclaw | 1 Openclaw | 2026-03-21 | 8.8 High |
| OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted. | ||||
| CVE-2026-30922 | 1 Pyasn1 | 1 Pyasn1 | 2026-03-21 | 7.5 High |
| pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue. | ||||
| CVE-2023-53573 | 1 Linux | 1 Linux Kernel | 2026-03-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix suspend/resume Disabling the cache in commit 2ff4ba9e3702 ("clk: rs9: Fix I2C accessors") without removing cache synchronization in resume path results in a kernel panic as map->cache_ops is unset, due to REGCACHE_NONE. Enable flat cache again to support resume again. num_reg_defaults_raw is necessary to read the cache defaults from hardware. Some registers are strapped in hardware and cannot be provided in software. | ||||
| CVE-2023-53574 | 1 Linux | 1 Linux Kernel | 2026-03-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: delete timer and free skb queue when unloading Fix possible crash and memory leak on driver unload by deleting TX purge timer and freeing C2H queue in 'rtw_core_deinit()', shrink critical section in the latter by freeing COEX queue out of TX report lock scope. | ||||
| CVE-2023-53575 | 1 Linux | 1 Linux Kernel | 2026-03-21 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWL_SEC_WEP_KEY_OFFSET when needed while verifying key_len size in iwl_mvm_sec_key_add(). | ||||
| CVE-2023-53571 | 1 Linux | 1 Linux Kernel | 2026-03-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/i915: Make intel_get_crtc_new_encoder() less oopsy The point of the WARN was to print something, not oops straight up. Currently that is precisely what happens if we can't find the connector for the crtc in the atomic state. Get the dev pointer from the atomic state instead of the potentially NULL encoder to avoid that. (cherry picked from commit 3b6692357f70498f617ea1b31a0378070a0acf1c) | ||||
| CVE-2023-53572 | 1 Linux | 1 Linux Kernel | 2026-03-21 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use _safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use list_for_each_entry_safe(). Otherwise it dereferences a freed variable to get the next item on the loop. | ||||