Search Vulnerabilities

PraisonAI - Information Disclosure via Shared MultiAgentLedger State

Steeltoe's static JWKS cache shared across schemes and never invalidated

OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

vm2: NodeVM observability builtins leak host process and HTTP request data

OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning

Apache HTTP Server: mod_dav_fs protected directory access

Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

Information Disclosure in extension "Faceted Search" (ke_search)

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

vm2: Sandbox Breakout Using Async Generator

vm2: Sandbox Breakout Through Null Proto Exception

vm2: Snabox breakout via `neutralizeArraySpeciesBatch`

External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore

PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution

OpenClaw < 2026.3.28 - Environment Variable Disclosure via jq $ENV Filter Bypass

OpenClaw 2026.2.19 through 2026.3.30 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1