OpenClaw 2026.2.6 < 2026.2.14 Deep Link Message Truncation (macOS) (GHSA-7q2j-c4q5-rm27)

The version of the OpenClaw AI assistant installed on the remote macOS host is 2026.2.6 or later but prior to 2026.2.14. It is, therefore, affected by a remote code execution vulnerability: - The OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links...

CVE-2025-26320

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping...

CVE-2025-26320

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping...

CVE-2025-26320

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping...

CVE-2025-26320

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping...

CVE-2025-26320

CVE-2025-26320 affects BroadlinkManager v5.9.1. The vulnerability is an OS command injection via the IP Address parameter in /device/ping. Reported scores show CVSS 3.1: Network vector, low attack complexity, no privileges required, no user interaction, confidentiality/integrity impact Low, avail...

CVE-2025-26320

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping...

CVE-2023-26320

creationtimestamp| type| source ---|---|--- 2023-10-11 12:17:15+00:00| seen| https://t.me/cibsecurity/72061...

CVE-2023-26320

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Xiaomi Xiaomi Router allows Command Injection...

CVE-2023-26320

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Xiaomi Xiaomi Router allows Command Injection...

CVE-2023-26320 Xiaomi Router external request interface vulnerability leads to stack overflow

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Xiaomi Xiaomi Router allows Command Injection...

CVE-2022-26351

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26320. Reason: This candidate is a reservation duplicate of CVE-2022-26320. Notes: All CVE users should reference CVE-2022-26320 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2022-26320

The issue affects Rambus SafeZone Basic Crypto Module versions prior to 10.4.0, incorporated in certain Fujifilm (formerly Fuji Xerox) devices and Canon imagePROGRAF/imageRUNNER devices. The root cause is insecure RSA key generation in the CLS PK KeyGenMT() routine, due to insufficient randomness...

CVE-2022-26351

CVE-2022-26351 is a rejected/duplicate candidate and does not represent an active vulnerability entry; refer to CVE-2022-26320.

CVE-2021-26320

Technical details about CVE-2021-26320 are not publicly available in the provided connected documents; monitor for updates.

CVE-2020-26320

CVE-2020-26320 is a rejected/not-used entry and does not represent an active vulnerability.