Search Vulnerabilities

OpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment Sanitization

Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0

DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

DataEase has an Arbitrary File Read Vulnerability

OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist

JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

PbootCMS File Upload file.php incomplete blacklist

ewe has an Overly Permissive List of Allowed Inputs

Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak

In JetBrains TeamCity before 2025

Microsoft Purview Elevation of Privilege Vulnerability

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker...

A vulnerability has been identified in SINEC Security Monitor (All versions < V4

CSP bypass in Hush Line

Iperf3: possible denial of service

Unauthorized write operations in PaperCut NG/MF

Grafana is an open-source platform for monitoring and observability

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7