Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges
OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence
OpenShell < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion
OpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime Selection
OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass
OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch
OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints
OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding
OpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable Override
OpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard Bypass
Microsoft Power Apps Remote Code Execution Vulnerability
Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
SWUpdate Integer Underflow in Multipart Upload Parser
radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion
Missing authentication for critical function in SpiceJet Online Booking System
Authorization bypass through User-Controlled key in SpiceJet Online Booking System
Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
Flowise: AccountService resetPassword Authentication Bypass Vulnerability
Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
Showing 1 - 20 of 1,000+ results