2322 matches found
CVE-2026-41386 OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...
CVE-2026-41386 OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...
EUVD-2026-26095
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...
CVE-2026-3219 vulnerabilities
Vulnerabilities for packages: pypy-3.10, pypy-3.11, kubeflow-katib, py3-hashin, ansible-operator-fips, py3-pip-wheel-bootstrap, tensorflow-gpu-jupyter, datadog-agent-fips, tensorflow-cpu-jupyter, localstack, ansible-operator, azureml-inference-server-http, nemo, py3-pip, datadog-agent,...
GHSA-58QW-9MGM-455V vulnerabilities
Vulnerabilities for packages: pypy-3.10, pypy-3.11, kubeflow-katib, py3-hashin, ansible-operator-fips, py3-pip-wheel-bootstrap, tensorflow-gpu-jupyter, datadog-agent-fips, tensorflow-cpu-jupyter, localstack, ansible-operator, azureml-inference-server-http, nemo, py3-pip, datadog-agent,...
CVE-2026-3219 vulnerabilities
Vulnerabilities for packages: py3-pip-wheel-bootstrap, kubeflow-katib, pypy-3.10, datadog-agent, py3-pip, pypy-3.11, tensorflow-cpu-jupyter...
GHSA-58QW-9MGM-455V vulnerabilities
Vulnerabilities for packages: py3-pip-wheel-bootstrap, kubeflow-katib, pypy-3.10, datadog-agent, py3-pip, pypy-3.11, tensorflow-cpu-jupyter...
PT-2026-36922
Name of the Vulnerable Software and Affected Versions Nginx UI version 2.3.5 Description Nginx UI, a web user interface for the Nginx web server, contains a flaw allowing an unauthenticated bootstrap takeover. This occurs during the initial installation window via the 'POST /api/install' endpoint...
Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hr8g-2q7x-3f4w. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON th...
GHSA-FJM8-MGC9-MF65 Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hr8g-2q7x-3f4w. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON th...
EUVD-2026-25319
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and...
CVE-2026-41335
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and...
CVE-2026-41335 OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and...
CVE-2026-41335 OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and...
CVE-2026-41335
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and...
CVE-2026-41335
OpenClaw
PT-2026-34766
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the bootstrap JSON data used as a control interface, which allowed information leakage. This...
EUVD-2026-24646
The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attribute...
CVE-2026-4076 Slider Bootstrap Carousel <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attribute...