Search Vulnerabilities

OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection

CVE-2026-41915

OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment

CVE-2026-41392

OpenClaw < 2026.3.31 - Exec Allowlist Bypass via Shell Init-File Options

CVE-2026-41391

OpenClaw < 2026.3.31 - Environment Variable Bypass in Package Index URL Handling

CVE-2026-31952

Xibo CMS API has SQL Injection via DataSet Filter Parameter

Apr 24, 2026

CVE-2026-41361

OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

CVE-2026-41332

OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist

CVE-2026-41264

Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

CVE-2026-41206

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

CVE-2026-34415

Xerte Online Toolkits File Upload RCE via elfinder Connector

Apr 22, 2026

CVE-2026-26274

October: Safe Mode Bypass via Twig Database Write Operations

CVE-2026-26067

October: Safe Mode Bypass via CSS Preprocessor Compilers

CVE-2026-25525

OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Apr 20, 2026

CVE-2026-40077

LOW

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

CVE-2026-39315

Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()

CVE-2026-34177

VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

CVE-2026-35410

Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow

Apr 6, 2026

CVE-2026-34426

OpenClaw - Approval Bypass via Environment Variable Normalization

CVE-2026-34425

OpenClaw - Shell-Bleed Protection Preflight Validation Bypass

CVE-2026-35000

ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read

Apr 1, 2026

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-42427

OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection

CVE-2026-41915

OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment

CVE-2026-41392

OpenClaw < 2026.3.31 - Exec Allowlist Bypass via Shell Init-File Options

CVE-2026-41391

OpenClaw < 2026.3.31 - Environment Variable Bypass in Package Index URL Handling

CVE-2026-31952

Xibo CMS API has SQL Injection via DataSet Filter Parameter

Apr 24, 2026

CVE-2026-41361

OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

CVE-2026-41332

OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist

CVE-2026-41264

Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

CVE-2026-41206

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

CVE-2026-34415

Xerte Online Toolkits File Upload RCE via elfinder Connector

Apr 22, 2026

CVE-2026-26274

October: Safe Mode Bypass via Twig Database Write Operations

CVE-2026-26067

October: Safe Mode Bypass via CSS Preprocessor Compilers

CVE-2026-25525

OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Apr 20, 2026

CVE-2026-40077

LOW

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

CVE-2026-39315

Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()

CVE-2026-34177

VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

CVE-2026-35410

Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow

Apr 6, 2026

CVE-2026-34426

OpenClaw - Approval Bypass via Environment Variable Normalization

CVE-2026-34425

OpenClaw - Shell-Bleed Protection Preflight Validation Bypass

CVE-2026-35000