CVE-2026-42435

OpenClaw 2026.2.22 through before 2026.4.12 contains an insufficient shell-wrapper detection vulnerability that lets an attacker inject environment variable assignments at the argv level. By bypassing exec preflight handling, an attacker can manipulate high-risk shell variables such as SHELLOPTS ...

Duplicate Advisory: OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-37v6-fxx8-xjmx. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats...

CVE-2026-41351

OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...

AWS VDP: SQL Injection Detection Bypass in AWS WAF Managed Rules (AWSManagedRulesSQLiRuleSet)

Researchers This vulnerability was discovered through collaborative security research. Researchers: - █████ - █████████ - █████████ --- Summary AWS WAF fails to detect certain SQL injection payload variants. These payloads bypass the AWS WAF SQL injection detection rules and reach the backend...

ReasoningBomb: A Stealthy Denial-Of-Service Attack by Inducing Pathologically Long Reasoning in Large Reasoning Models

Large reasoning models LRMs extend large language models with explicit multi-step reasoning traces, but this capability introduces a new class of prompt-induced inference-time denial-of-service PI-DoS attacks that exploit the high computational cost of reasoning. We first formalize inference cost...

CVE-2025-13335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that...

CVE-2025-13335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that...

CVE-2025-13335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that...

CVE-2025-13335

Removed by vendor...

CVE-2025-13335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that...

CVE-2025-13335 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that...

Detection Bypass

fickling is vulnerable to detection bypass. The vulnerability is due to improper handling and analysis of Python builtins during pickle decompilation, which allows an attacker to bypass detection mechanisms and evade static analysis of malicious pickle payloads...

CVE-2026-22612

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7...

CVE-2026-22612

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7...

CVE-2026-22612 Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7...

CVE-2026-22612 Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7...

CVE-2026-22612 Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7...

CVE-2026-22612

Summary of CVE-2026-22612 : Fickling (Python pickling decompiler/static analyzer) before version 0.1.7 is vulnerable to a detection bypass caused by “builtins” blindness. This allows crafted pickle payloads to bypass security analysis, as shown by example payloads that construct and execute code ...

CVE-2026-22608

CVE-2026-22608 (Fickling) affects the Python tool Fickling (pickling decompiler/static analyzer). Before version 0.1.7, ctypes and pydoc were not explicitly blocked, allowing chaining (via pydoc.locate to get ctypes.windll.kernel32.WinExec) to achieve remote code execution while the file is repor...

PT-2026-2232

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling, a Python pickling decompiler and static analyzer, is susceptible to a detection bypass due to a "builtins" blindness issue. This allows for potential circumvention of security measures...