Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58554 matches found

NVD
NVDadded 2026/04/09 10:16 p.m.2 views

CVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS0.00309EPSS
Exploits0References4
NVD
NVDadded 2026/04/09 10:16 p.m.4 views

CVE-2026-35644

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00036EPSS
Exploits0References4
NVD
NVDadded 2026/04/09 10:16 p.m.2 views

CVE-2026-35625

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS0.00051EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/09 9:27 p.m.0 views

CVE-2026-35645 OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...

8.1CVSS5.9AI score0.0005EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/09 9:27 p.m.3 views

CVE-2026-35645

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...

8.1CVSS6AI score0.0005EPSS
Exploits0References4
CVE
CVEadded 2026/04/09 9:27 p.m.6 views

CVE-2026-35645

OpenClaw is affected by a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function, which uses a synthetic operator.admin runtime scope. OpenClaw versions before 2026.3.25 are vulnerable to triggering session deletion to execute privileged operations with ...

8.8CVSS6AI score0.0005EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/09 9:27 p.m.2 views

CVE-2026-35644

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.9AI score0.00036EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/09 9:27 p.m.15 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00036EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/09 9:27 p.m.16 views

CVE-2026-35645 OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...

8.1CVSS0.0005EPSS
Exploits0References3
CVE
CVEadded 2026/04/09 9:27 p.m.8 views

CVE-2026-35639

CVE-2026-35639 affects OpenClaw prior to 2026.3.22. The vulnerability is in the device.pair.approve method, where an operator.pairing approver can approve pending device requests with broader operator scopes than the approver holds. This insufficient scope validation can escalate privileges to op...

8.8CVSS6.5AI score0.00309EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/04/09 9:27 p.m.14 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS0.00309EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/09 9:27 p.m.0 views

CVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS6.5AI score0.00309EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/09 9:27 p.m.0 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS6.4AI score0.00309EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/09 9:27 p.m.14 views

CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

7.1CVSS0.00036EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/09 9:27 p.m.3 views

CVE-2026-35631

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

7.1CVSS6AI score0.00036EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/09 9:26 p.m.1 views

CVE-2026-35625

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.5AI score0.00051EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/09 9:26 p.m.3 views

CVE-2026-35625 OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.4AI score0.00051EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/09 9:26 p.m.1 views

CVE-2026-34512

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticat...

8.1CVSS6.1AI score0.00047EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/09 7:43 p.m.0 views

CVE-2026-40089

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

9.9CVSS6AI score0.00055EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/09 7:43 p.m.1 views

CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

9.9CVSS5.9AI score0.00055EPSS
Exploits0References1
Rows per page
Query Builder