CVE-2026-43571 OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

EUVD-2026-27289

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing for the automatic activation of untrusted workspace plugins during...

rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...

CVE-2026-41396

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

CVE-2026-41396

OpenClaw is affected prior to version 2026.3.31. Affected: openclaw (npm). Vulnerability: workspace .env files can override OPENCLAW_BUNDLED_PLUGINS_DIR, allowing manipulation of the bundled plugin trust root and undermining plugin trust verification. Impact: attackers with control over workspace...

SUSE CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

EUVD-2025-208275

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows...

GHSA-P436-GJF2-799P Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows

This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe,...

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

PT-2026-22939

Name of the Vulnerable Software and Affected Versions Docker CLI versions through 29.1.5 Docker Compose versions 2.31.0 through 5.0.0 Description The Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. An attacker with...

EUVD-2020-15014

Malware in sbrugna...

CVE-2025-8616 Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication

A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0...

Grav CMS 安全漏洞

Grav CMS is Grav open source a flat file-based content management system . Grav CMS suffers from a remote code execution vulnerability that originates from allowing authenticated administrators to upload malicious plugins via the admin/tools/direct-install interface, which can be exploited by an...

FreeBSD : age -- age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution (d9b0fea0-d564-11ef-b9bc-d05099c0ae8c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d9b0fea0-d564-11ef-b9bc-d05099c0ae8c advisory. Filippo Valsorda reports: A plugin name containing a path separator may allow an attacker to execute an...

GO-2024-3344 Malicious plugin names, recipients, or identities causing arbitrary binary execution in filippo.io/age

Malicious plugin names, recipients, or identities causing arbitrary binary execution in filippo.io/age...

GHSA-47H8-JMP3-9F28 pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of pyrage before 1.2.0 lack plugin...

CVE-2024-5980 Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

PT-2021-23944 · Unknown +1 · Express-Session +1

Name of the Vulnerable Software and Affected Versions: Etherpad versions prior to 1.8.16 Description: Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the...