CVE-2026-10283 Bottelet DaybydayCRM Setting missing authentication

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

Malicious code in clearml-truen-patch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 868fbff2db730a4a67f808b6c9bd35aa78392be592adb2d66d6be659772610f6 This package is published as clearml-truen-patch but its PKG-INFO/setup.py declare Author=ClearML, [email protected], and...

Linux Distros Unpatched Vulnerability : CVE-2026-7210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015477 advisory. A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the...

CVE-2026-41338

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

CVE-2026-41338

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

PT-2026-34769

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply patch, remove, and mkdir operations to manipulate files between validation and executio...

CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

CVE-2026-32007

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...

CVE-2026-32007

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...

CVE-2026-32007

OpenClaw up to version 2026.2.23 is affected by a path traversal vulnerability in the experimental apply_patch tool. The issue arises from inconsistent enforcement of workspace-only checks on mounted paths, allowing sandbox-embedded attackers to use apply_patch operations on writable mounts outsi...

CVE-2026-32007

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.23 had a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the experimental applypatch tool, which could allow attackers with sandbox acces...

CVE-2026-32060

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

CVE-2026-32060

OpenClaw is affected: versions before 2026.2.14 contain a path traversal flaw in apply_patch when filesystem sandboxing is disabled. An attacker can craft paths (including absolute paths) to escape the configured workspace and modify or delete arbitrary files. Impact includes high risk to confide...

EUVD-2026-11150

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

CVE-2026-32060

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

CVE-2026-32060 OpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted Paths

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations

Summary In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary. By default, tools.fs.workspaceOnly is off. This primarily affects deployments that intentionally enable workspace-only filesyste...