9157 matches found
CVE-2026-24763
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
CVE-2026-24763
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
CVE-2026-24763 Authenticated Command Injection in OpenClaw Docker Execution via PATH Environment Variable
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
CVE-2026-24763
OpenClaw/Docker sandbox: A command injection due to unsafe PATH handling when constructing shell commands. An authenticated user who can influence environment variables could execute commands inside the container context. This was fixed in version 2026.1.29 (prior to that, OpenClaw was vulnerable).
CVE-2026-24763 Authenticated Command Injection in OpenClaw Docker Execution via PATH Environment Variable
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
CVE-2026-24763 Authenticated Command Injection in OpenClaw Docker Execution via PATH Environment Variable
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
GHSA-GRH9-37G7-53MJ WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow
Summary An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint...
WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow
Summary An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint...
GHSA-6JR7-99PF-8VGF @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...
Updated docker-containerd packages fix security vulnerabilities
It was discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of container attach...
MGASA-2026-0030 Updated docker-containerd packages fix security vulnerabilities
It was discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of container attach...
GHSA-W669-JJ7H-88M9 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Impact A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with techdocs.generator.runIn: local. When processing documentation from untrusted sources, symlinks within the docs directory are...
@backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Impact A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with techdocs.generator.runIn: local. When processing documentation from untrusted sources, symlinks within the docs directory are...
OpenClaw 操作系统命令注入漏洞
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw there is an operating system command injection vulnerability , the vulnerability stems from the Docker sandbox execution mechanism when constructing shell commands on the PATH environment variable handling insecurity ,...
PT-2026-6421
Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...
PT-2026-5722
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.29 Description A command injection issue exists in the Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user with th...
EulerOS 2.0 SP13 : docker-runc (EulerOS-SA-2026-1208)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...
EulerOS 2.0 SP13 : docker-runc (EulerOS-SA-2026-1220)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...
Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz
wpDiscuz-7.0.4-PoC-RCE - wpDiscuz 7.0.4 - Unauthenticated RCE...
GHSA-XVQR-69V8-F3GV vulnerabilities
Vulnerabilities for packages: opentofu, crossplane-provider-aws-rds, croc, nerdctl, crossplane-provider-azure-sql, undock, git-sync, kube-logging-operator, wazero, net-kourier, http-echo, ingress-nginx-controller, keda, wave, crossplane-provider-aws-dynamodb, clickhouse-operator, nats-top, fixuid...