CVE-2026-53811

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

CVE-2026-53811 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

PT-2026-48741

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...

CVE-2026-42865

Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated account to another authenticated account using the cleaner feature at the same time. This...

Inbox Zero 信息泄露漏洞

Inbox Zero is an AI email assistant developed by Elie Steinbock. It automatically organizes the inbox, drafts responses, and manages schedules. Versions of Inbox Zero prior to 2.29.3 had a vulnerability related to information leakage. This vulnerability stemmed from the use of shared Redis...

cPanel 输入验证错误漏洞

cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to input validation errors, which stem from insufficient input validation in the plugin parameter...

PT-2023-7484 · Axis · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The issue is related to the VAPIX API in the AXIS OS, specifically with the manageoverlayimage.cgi endpoint. It allows for path traversal attacks, enabling an attacker to delete...

MileSight camera multiple built-in default account vulnerabilities

MileSight camera is a network camera produced by Xiamen PulseVision Digital Technology Co. MileSight camera has multiple built-in default account vulnerabilities. The default configuration of the MileSight camera device has three authenticated accounts and seven unauthenticated accounts. If the...