CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-26326 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-26326 Source advisory: OSV:GHSA-8MH7-PHF8-XGFM...

MAL-2025-26326 Malicious code in mike-e6a-project (npm)

The package mike-e6a-project was found to contain malicious code...

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

CVE-2025-26326

creationtimestamp| type| source ---|---|--- 2025-02-26 04:00:07+00:00| published-proof-of-concept| Telegram/kh4tpIJE3G1VDWw4P0GDOp7p10EZ4KOR9ZpNtd1C2-cicY 2025-02-28 15:26:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5908 2025-02-28 17:51:53+00:00| seen|...

Exploit for Deserialization of Untrusted Data in Themekraft Buddyforms

usage: python exploit.py "/wp-admin/admin-ajax.php" 'bash -c "ba...

CVE-2024-26326

OwnCloud

ownCloud < 10.14.0 Multiple Improper Input Validation Vulnerabilities

ownCloud is prone to multiple improper input validation vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-26326

creationtimestamp| type| source ---|---|--- 2023-02-23 22:18:47+00:00| seen| https://t.me/cibsecurity/58821 2024-05-31 08:48:29+00:00| published-proof-of-concept| https://t.me/YAHChannel/806 2025-02-02 10:00:06+00:00| published-proof-of-concept|...

CVE-2023-26326

CVE-2023-26326 affects the BuddyForms WordPress plugin, versions before 2.7.8. The vulnerability is an unauthenticated insecure deserialization due to how buddyforms_upload_image_from_url handles input, permitting a PHAR wrapper to deserialize data and invoke arbitrary PHP objects. This can enabl...

SUSE CVE-2021-26326

Failure to validate VMHSAVEPA during SNPINIT may result in a loss of memory integrity...

CVE-2020-26326

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

CVE-2022-26326

creationtimestamp| type| source ---|---|--- 2022-05-02 22:28:16+00:00| seen| https://t.me/cibsecurity/41763...

CVE-2022-26326

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2...

CVE-2022-26326

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2...

CVE-2022-26326

Summary: CVE-2022-26326 is a potential open redirect vulnerability in Micro Focus NetIQ Access Manager prior to 5.0.2. The issue arises when a URL is crafted in a specific format, enabling redirection to an attacker-controlled or unintended location. Affected product/scope (as per provided docume...

CVE-2021-26326

Failure to validate VMHSAVEPA during SNPINIT may result in a loss of memory integrity...

CVE-2021-26326

CVE-2021-26326 describes a failure to validate VM_HSAVE_PA during SNP_INIT that can compromise memory integrity on AMD platforms. Public details in connected sources indicate the vulnerability affects AMD 3rd Gen EPYC processors (Milan) per the AMD Server Vulnerabilities bulletin AMD-SB-1021, wit...

CVE-2021-26326

Failure to validate VMHSAVEPA during SNPINIT may result in a loss of memory integrity...